Windows Analysis Report
TreeSize-Setup.exe

Overview

General Information

Sample name:	TreeSize-Setup.exe
Analysis ID:	1426779
MD5:	b2b00fa27fde68996228cf16b68c682c
SHA1:	d142ff8b539dd5eb151928ceaff4dea35cfa78ce
SHA256:	cc46c28b28db55db42341502db22529d16d8f38f167a5588d07dbb799b330bad
Infos:

Detection

Score:	28
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

.NET source code contains potential unpacker

Found direct / indirect Syscall (likely to bypass EDR)

Reads the Security eventlog

Reads the System eventlog

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for available system drives (often done to infect USB drives)

Contains long sleeps (>= 3 min)

Creates a window with clipboard capturing capabilities

Creates or modifies windows services

Detected potential crypto function

Drops PE files

Drops certificate files (DER)

Enables debug privileges

Found dropped PE file which has not been started or loaded

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Stores large binary data to the registry

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A1D10 CryptQueryObject,	3_2_00007FFD346A1D10
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A3109 CryptQueryObject,	3_2_00007FFD346A3109
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A1C6D CryptQueryObject,	3_2_00007FFD346A1C6D
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A6D6D CryptQueryObject,	3_2_00007FFD346A6D6D
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A314D CryptQueryObject,	3_2_00007FFD346A314D
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD3468AE45 CryptQueryObject,CryptQueryObject,	8_2_00007FFD3468AE45
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD3468BA4E CryptQueryObject,	8_2_00007FFD3468BA4E
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD3468BABD CryptQueryObject,	8_2_00007FFD3468BABD
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD3468F2FD CryptQueryObject,	8_2_00007FFD3468F2FD
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3466C038 CryptQueryObject,	10_2_00007FFD3466C038
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3467015A CryptQueryObject,	10_2_00007FFD3467015A
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3466C78D CryptQueryObject,	10_2_00007FFD3466C78D
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3466C7FD CryptQueryObject,	10_2_00007FFD3466C7FD

Uses 32bit PE files

Source: TreeSize-Setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Copyright (c) by Joachim Marder e.K.All Rights Reserved L I C E N S E A G R E E M E N TPlease read the following terms and conditions carefully before installing and using the software. By using our software you accept this license agreement and warranty.Registered VersionTerms of UseThis License Agreement is a legal agreement between you ("Licensee") the end-user and JAM Software GmbH for the use of this software product ("Software") for both commercial and non-commercial purposes.In general you need at least as many licenses as there are computers or clients on which our software is available for execution. Each instance (installation) provided to more than one user must be licensed based on the number of users and each license may only be assigned to a new user or computer system every 30 days. A user is identified by the windows account name. For some of our products online activation is required to verify correct license usage.A licensed copy of the Software may be used by one user on up to three dedicated computers (but not simultaneously and not more than one virtual or physical server).For products that have a portable installation option the above restrictions apply. "Portable Installation" in this context means that the user is entitled to install the software on a removable medium (e.g. USB stick or external hard drive) in order to use it on another computer without further installation. The portable installation is equivalent to a full installation on an independent system in terms of licensing law. It is exclusively for use on removable media and does not include network sharing. The portable use on an external medium (if possible) remains unaffected by the 30-day transfer restriction since the user of the medium is usually also the license holder.If the licensed software is made available for execution over a network the number of licenses purchased for the software must be at least equal to the number of physical PCs servers and terminal clients on which it can be executed. For example if the Software can be executed on 8 different PCs or terminal clients on the network a minimum of 8 licenses is required regardless of whether the Software actually runs simultaneously on all PCs. For some products client licenses are offered which can be used to license additional users.A site license allows you to use the software for all users and on all computers in one location (city). Site or company-wide licenses may not be used by other legal entities in the group but are limited to the respective legal entity of the licensee.In the case of processing data on behalf of or for a customer our licenses only cover the installation of the commissioned party and the data of one customer to be supported. Additional customers mu
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Copyright (c) by Joachim Marder e.K.All Rights Reserved L I C E N S E A G R E E M E N TPlease read the following terms and conditions carefully before installing and using the software. By using our software you accept this license agreement and warranty.Registered VersionTerms of UseThis License Agreement is a legal agreement between you ("Licensee") the end-user and JAM Software GmbH for the use of this software product ("Software") for both commercial and non-commercial purposes.In general you need at least as many licenses as there are computers or clients on which our software is available for execution. Each instance (installation) provided to more than one user must be licensed based on the number of users and each license may only be assigned to a new user or computer system every 30 days. A user is identified by the windows account name. For some of our products online activation is required to verify correct license usage.A licensed copy of the Software may be used by one user on up to three dedicated computers (but not simultaneously and not more than one virtual or physical server).For products that have a portable installation option the above restrictions apply. "Portable Installation" in this context means that the user is entitled to install the software on a removable medium (e.g. USB stick or external hard drive) in order to use it on another computer without further installation. The portable installation is equivalent to a full installation on an independent system in terms of licensing law. It is exclusively for use on removable media and does not include network sharing. The portable use on an external medium (if possible) remains unaffected by the 30-day transfer restriction since the user of the medium is usually also the license holder.If the licensed software is made available for execution over a network the number of licenses purchased for the software must be at least equal to the number of physical PCs servers and terminal clients on which it can be executed. For example if the Software can be executed on 8 different PCs or terminal clients on the network a minimum of 8 licenses is required regardless of whether the Software actually runs simultaneously on all PCs. For some products client licenses are offered which can be used to license additional users.A site license allows you to use the software for all users and on all computers in one location (city). Site or company-wide licenses may not be used by other legal entities in the group but are limited to the respective legal entity of the licensee.In the case of processing data on behalf of or for a customer our licenses only cover the installation of the commissioned party and the data of one customer to be supported. Additional customers mu

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-R4FTK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-72PA3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Inno Setup	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Inno Setup\is-11J8L.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-98K2M.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-6LRB2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\BouncyCastle	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\BouncyCastle\is-CONKA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\WindowsFirewallHelper	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\WindowsFirewallHelper\is-LI4UO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Spring4D	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Spring4D\is-LCF07.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Windows Ribbon Framework for Delphi	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Windows Ribbon Framework for Delphi\is-0DE9P.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Virtual TreeView	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Virtual TreeView\is-6FK4S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Abbrevia	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Abbrevia\is-O084G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Jedi Component Library	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Jedi Component Library\is-2G5RV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\SynPDF	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\SynPDF\is-SH3FG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\PasOpenCL	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\PasOpenCL\is-5IC8G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\GLScene	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\GLScene\is-L77PL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-NK7KL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-NPTM0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-IG5VU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-ABQ1U.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-SBQT2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-TILR0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-OKLVV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-5KU53.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-QPJRT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-77909.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-HL5HB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-5DQET.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-OPABV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-GL6BI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-Q2OGP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\unins000.msg	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreeSize_is1

Jump to behavior

Source: TreeSize-Setup.exe

Static PE information: certificate valid

Source: TreeSize-Setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\a\_work\e\src\out\Release_x64\WebView2Loader.dll.pdb source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D462C1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397538450.0000010D505A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3691F000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D465D6000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB18F9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Encodings.Web/Release/net462/System.Text.Encodings.Web.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2397721211.0000010D505F0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36496000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3647A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D364EF000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3648A000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: .proj;.a;.ahk;.asm;.bml;.bdsgroup;.bpg;.bpi;.bpk;.bpr;.c;.cbl;.cpp;.cs;.cvs;.dbg;.dcp;.dcr;.dcu;.def;.dess;.dfm;.dof;.dpk;.dpr;.drc;.dtd;.elf;.exp;.fmx;.frm;.h;.hpp;.hmx;.hmxp;.??html;.idl;.inc;.inl;.ise;.ism;.iss;.java;.json;.jsl;.lib;.lic;.lpk;.mak;.mk;.map;.mds;.ncp;.nrmap;.o;.obj;.pas;.pch;.pdb;.pfx;.pl;.ps1;.py;.rc;.rc2;.rdl;.res;.resx;.resources;.rgs;.scs;.shfb;.sln;.snippet;.src;.suo;.svn;.swd;.swt;.targets;.tcLLP;.tcScript;.tcl;.trx;.tlb;.tt;.vb;.vbp;.vbs;.vbw;.vcproj;.vsp;.vsprops;.vssettings;.vstemplate;.wsdl;.wxl;.wxs;.xaml;.xdr;.xfm;.xsd;.xsl source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp
Source:	Binary string: Jam.License.Validation.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetComponents_trunk\DotNetLib\Jam.Interop.Merged\bin\Release\Jam.Interop.pdb source: TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowsFirewallHelper.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46721000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380865998.0000010D361C0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D466A9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: WindowsFirewallHelper.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46721000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380865998.0000010D361C0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D466A9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D3653A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3651E000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36532000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\Projekte\Demo Projects\AuthenticodeExaminer-0.3.0\src\AuthenticodeExaminer\obj\Release\net461\AuthenticodeExaminer.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2395123116.0000010D4EEC0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D3653A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3651E000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36532000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2397492193.0000010D50590000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3688B000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D368A7000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3689F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Jam.License.Common.pdb, source: LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: Jam.License.Shared.pdb\| source: LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\a\_work\e\src\out\Release_x64\WebView2Loader.dll.pdbOGP source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetComponents_trunk\DotNetLib\Jam.Interop.Merged\bin\Release\Jam.Interop.pdbSHA256{cZ source: TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Encodings.Web/Release/net462/System.Text.Encodings.Web.pdb source: LicenseManager.exe, 00000003.00000002.2397721211.0000010D505F0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36496000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3647A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D364EF000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3648A000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: c:\ProgrammingProjects\Redemption\binary\Release\Redemption64.pdb source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D365D2000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397921615.0000010D50620000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365BE000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365DA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\Projekte\Demo Projects\AuthenticodeExaminer-0.3.0\src\AuthenticodeExaminer\obj\Release\net461\AuthenticodeExaminer.pdb source: LicenseManager.exe, 00000003.00000002.2395123116.0000010D4EEC0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetLib_trunk\DotNetLib\Jam.Logging\obj\Release\netstandard2.0\Jam.Logging.pdb source: LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2427772223.000001AFBA530000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60AC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60D4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetLib_trunk\DotNetLib\Jam.Logging\obj\Release\netstandard2.0\Jam.Logging.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: LicenseManager.exe, 00000003.00000002.2397860461.0000010D50610000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3656D000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36581000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Jam.License.Common.pdb source: LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: LicenseManager.exe, 00000003.00000002.2397492193.0000010D50590000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3688B000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D368A7000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3689F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Jam.License.Shared.pdb source: LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp

Checks for available system drives (often done to infect USB drives)

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: z:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: x:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: v:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: t:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: r:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: p:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: n:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: l:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: j:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: h:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: f:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: b:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: y:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: w:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: u:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: s:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: q:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: o:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: m:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: k:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: i:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: g:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: e:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: c:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: a:

Source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000005FA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://autodiscover.%s/autodiscover/autodiscover.xml
Source: LicenseManager.exe, 0000000A.00000002.2586344353.0000011FFEB80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/ca
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2396350868.0000010D4F1A0000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989923516.000001BB87176000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA0C7000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2586344353.0000011FFEB80000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF657A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989923516.000001BB87176000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2586344353.0000011FFEB80000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2412619248.000001AF9FC05000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g4http://crl.globalsign.com/ca/gstsacasha384g4.crl
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr45http://crl.globalsign.com/codesigningrootr45.crl
Source: LicenseManager.exe, 00000008.00000002.2412619248.000001AF9FC05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr45http://crl.globalsign.com/codesigningrootr45.crlI
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2412619248.000001AF9FC05000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca2020http://crl.globalsign.com/gsgccr45evcodesignca202
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA0C7000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2586344353.0000011FFEB80000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF657A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989923516.000001BB87176000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA0B8000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr6http://crl.globalsign.com/root-r6.crl
Source: LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EEE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr6http://crl.globalsign.com/root-r6.crl8x
Source: TreeSize-Setup.exe, 00000000.00000002.4668520996.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2205357320.0000000002540000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4693084749.0000000002400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.mic
Source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D362C1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2573689481.0000011FE6081000.00000004.00000800.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D363B4000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2573689481.0000011FE6196000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D362C1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2573689481.0000011FE6081000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globa
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2586344353.0000011FFEB80000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989923516.000001BB87176000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.comX
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types
Source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dimastr.com/redemption
Source: TreeSize-Setup.exe, 00000000.00000002.4695827173.000000000277D000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2205357320.0000000002540000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000003.2211182310.0000000003519000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4747363963.00000000036D2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000005FA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://%s/autodiscover/autodiscover.xml
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/binaryformatter
Source: LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/dotnet-warnings/
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2573689481.0000011FE640D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.jam-software.de/
Source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000005FA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://autodiscover.%s/autodiscover/autodiscover.xml
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000A51000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://bugreport.jam-software.de/bugrepmailer.php
Source: LicenseManager.exe, 00000003.00000002.2380771319.0000010D36170000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://customers.jam-software.com
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://customers.jam-software.de
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000002851000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://customers.jam-software.de/basket.php?formAddProduct=%d&formAddProductCount=1&coupon_code=%s&
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000A51000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://customers.jam-software.de/directDownload.php?directDownloadUsername=%CustomerID%&directDownl
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000002851000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://customers.jam-software.de/directDownload.php?directDownloadUsername=%s&directDownloadKey=%s&
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000002851000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://customers.jam-software.de/inAppRouting/
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000A51000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://customers.jam-software.de/maintenanceReminder/?RemainingDaysOfMaintenance=%d&Product=%d&Mato
Source: TreeSize-Setup.exe, 00000000.00000002.4668520996.000000000226B000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2205357320.0000000002540000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4772868928.00000000038F1000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4740281295.0000000003613000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4693084749.0000000002400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://customers.jam-software.de/redirects?DOTNET48Website
Source: TreeSize-Setup.exe, 00000000.00000002.4668520996.000000000226B000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2205357320.0000000002540000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4772868928.0000000003863000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4740281295.0000000003613000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4693084749.0000000002400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://customers.jam-software.de/survey.php
Source: LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2427772223.000001AFBA530000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60AC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2427772223.000001AFBA530000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60AC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D462C1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397538450.0000010D505A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3691F000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D465D6000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB18F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e3958
Source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D3691F000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D465D6000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB18F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e39588
Source: LicenseManager.exe, 00000003.00000002.2397860461.0000010D50610000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365D2000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397921615.0000010D50620000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3656D000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365BE000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36581000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: LicenseManager.exe, 00000003.00000002.2397860461.0000010D50610000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365D2000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397921615.0000010D50620000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3656D000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365BE000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36581000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/roslyn/issues/46646
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/roslyn/issues/46646~
Source: LicenseManager.exe, 00000003.00000002.2397721211.0000010D505F0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36496000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397492193.0000010D50590000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3688B000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3647A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D364EF000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D368A7000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3648A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3689F000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/runtime
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/runtime/issues/73124.
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/runtime8
Source: TreeSize-Setup.exe, 00000000.00000002.4668520996.000000000226B000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2205357320.0000000002540000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4740281295.0000000003613000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4693084749.0000000002400000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4772868928.00000000038C6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jam-software.upvoty.com/TreeSize
Source: TreeSize-Setup.exe, 00000000.00000000.2204513284.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://knowledgebase.jam-software.com
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://knowledgebase.jam-software.de
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://manuals.jam-software.com/%s/EN/
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://manuals.jam-software.de/%s/DE/
Source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000005FA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.xmlDSkipping
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp, TreeSize.exe, 0000000B.00000000.2840703954.0000000005A0F000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&N
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&Nazwa
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&Nom
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&Nombre
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&Nome
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&Server:Wachtwoord
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comI&me
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comKiszolg
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comN
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comServer
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comServer&name:Geben
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comSunucu
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004359000.00000002.00000001.01000000.00000011.sdmp, TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp, TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comTScanTargetPopup.SharepointHostLabel.Caption
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000A51000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://support.jam-software.de/0
Source: LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://svn/JamLicense/Jam.License.Common/
Source: LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://svn/JamLicense/Jam.License.Shared/
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://svn/JamLicense/Jam.License.Validation/
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000002851000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://update.jam-software.de/functions/getCurrentVersion.php?article=
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004359000.00000002.00000001.01000000.00000011.sdmp, TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp, TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://webdavTScanTargetPopup.WebdavServernameLabel.Caption
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380702676.0000010D349C5000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA0C7000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF657A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2573519371.0000011FE4735000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989923516.000001BB87176000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000000.2209314886.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://www.jam-software.com
Source: TreeSize-Setup.tmp, 00000002.00000003.2211182310.0000000003519000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4740281295.0000000003613000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com/TreeSize/editions.shtml
Source: TreeSize-Setup.tmp, 00000002.00000002.4772868928.000000000392E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com/TreeSize/editions.shtml0
Source: TreeSize-Setup.tmp, 00000002.00000003.2211182310.0000000003519000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com/TreeSize/editions.shtml0ExplorerContextMenuItems
Source: TreeSize-Setup.tmp, 00000002.00000003.2211182310.00000000034D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com/TreeSize/surumler.shtml
Source: TreeSize-Setup.tmp, 00000002.00000002.4772868928.000000000392E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com/TreeSize/surumler.shtml0
Source: TreeSize-Setup.tmp, 00000002.00000002.4693084749.00000000024B4000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000003.2211182310.0000000003519000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4740281295.0000000003613000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com/company/privacy.shtml
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://www.jam-software.com/knowledgebase/7159
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000005A0F000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://www.jam-software.com/treesize/D
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com0
Source: LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com2
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://www.jam-software.de
Source: TreeSize-Setup.tmp, 00000002.00000003.2211182310.0000000003519000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4693084749.0000000002400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.de/TreeSize/editions.shtml
Source: TreeSize-Setup.tmp, 00000002.00000003.2211182310.0000000003519000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4772868928.000000000390E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.de/company/privacy.shtml
Source: TreeSize-Setup.exe, 00000000.00000002.4668520996.000000000226B000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2205357320.0000000002540000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4693084749.000000000249C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.de/customers/index.php?language=
Source: TreeSize-Setup.tmp, 00000002.00000002.4693084749.000000000249C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.de/customers/index.php?language=ennguage
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://www.jam-software.de/knowledgebase/7159
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000000.2209314886.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.remobjects.com/ps

Creates a window with clipboard capturing capabilities

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Window created: window name: CLIPBRDWNDCLASS

Drops certificate files (DER)

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp40F4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp5299.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp4076.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp5EEB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp9D7B.tmp	Jump to dropped file
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp6B1B.tmp	Jump to dropped file
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File created: C:\Users\user\AppData\Local\Temp\TmpA6CD.tmp	Jump to dropped file
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File created: C:\Users\user\AppData\Local\Temp\TmpBBE2.tmp	Jump to dropped file
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp4ACD.tmp	Jump to dropped file
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File created: C:\Users\user\AppData\Local\Temp\TmpCA99.tmp	Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security			Jump to behavior

Reads the System eventlog

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System			Jump to behavior

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD3469FC8C	3_2_00007FFD3469FC8C
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346915F8	3_2_00007FFD346915F8
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A85F3	3_2_00007FFD346A85F3
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD34698739	3_2_00007FFD34698739
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD34693790	3_2_00007FFD34693790
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD34691B05	3_2_00007FFD34691B05
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A1425	3_2_00007FFD346A1425
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346925F5	3_2_00007FFD346925F5
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD346815F8	8_2_00007FFD346815F8
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD34683790	8_2_00007FFD34683790
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD34693313	8_2_00007FFD34693313
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD34681B05	8_2_00007FFD34681B05
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD34698850	8_2_00007FFD34698850
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3469AD08	10_2_00007FFD3469AD08
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD346615F8	10_2_00007FFD346615F8
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD34660DE4	10_2_00007FFD34660DE4
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD34663790	10_2_00007FFD34663790
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3467A848	10_2_00007FFD3467A848
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD34674343	10_2_00007FFD34674343
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD34661B05	10_2_00007FFD34661B05
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3469ABA0	10_2_00007FFD3469ABA0
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3469AC10	10_2_00007FFD3469AC10
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD34699EB8	10_2_00007FFD34699EB8

PE file contains executable resources (Code or Archives)

Source: TreeSize-Setup.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-R4FTK.tmp.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

PE file contains more sections than normal

Source: is-5DQET.tmp.2.dr	Static PE information: Number of sections : 11 > 10
Source: is-HL5HB.tmp.2.dr	Static PE information: Number of sections : 11 > 10
Source: is-NK7KL.tmp.2.dr	Static PE information: Number of sections : 11 > 10

Sample file is different than original file name gathered from version info

Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs TreeSize-Setup.exe
Source: TreeSize-Setup.exe, 00000000.00000000.2204656016.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs TreeSize-Setup.exe
Source: TreeSize-Setup.exe, 00000000.00000002.4668520996.00000000022A8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs TreeSize-Setup.exe
Source: TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs TreeSize-Setup.exe

Uses 32bit PE files

Source: TreeSize-Setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: LicenseManager.exe.2.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: is-QPJRT.tmp.2.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: is-98K2M.tmp.2.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: LicenseManager.exe.2.dr, -.cs	Cryptographic APIs: 'CreateDecryptor'
Source: is-QPJRT.tmp.2.dr, -.cs	Cryptographic APIs: 'CreateDecryptor'
Source: is-98K2M.tmp.2.dr, -.cs	Cryptographic APIs: 'CreateDecryptor'
Source: is-SBQT2.tmp.2.dr, EncryptionExtensions.cs	Cryptographic APIs: 'CreateDecryptor'
Source: is-SBQT2.tmp.2.dr, EncryptionExtensions.cs	Cryptographic APIs: 'CreateDecryptor'
Source: is-SBQT2.tmp.2.dr, EncryptionExtensions.cs	Cryptographic APIs: 'CreateDecryptor'
Source: is-SBQT2.tmp.2.dr, EncryptionExtensions.cs	Cryptographic APIs: 'CreateDecryptor'

Source: is-98K2M.tmp.2.dr, -.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: is-98K2M.tmp.2.dr, -.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: LicenseManager.exe.2.dr, -.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: LicenseManager.exe.2.dr, -.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp

Binary or memory string: *.*proj;*.a;*.ahk;*.asm;*.bml;*.bdsgroup;*.bpg;*.bpi;*.bpk;*.bpr;*.c;*.cbl;*.cpp;*.cs;*.cvs*;*.*dbg;*.dcp*;*.dcr;*.dcu*;*.def;*.dess;*.dfm;*.dof;*.dpk;*.dpr;*.drc;*.dtd;*.elf;*.exp;*.fmx;*.frm;*.h;*.hpp;*.hmx;*.hmxp;*.??html;*.idl;*.inc;*.inl;*.ise;*.ism;*.iss;*.java;*.json;*.jsl;*.lib;*.lic;*.lpk;*.mak;*.mk;*.map;*.mds;*.ncp;*.nrmap;*.o;*.obj;*.pas;*.pch;*.pdb;*.pfx;*.pl;*.ps1*;*.py;*.rc;*.rc2;*.rdl;*.res;*.resx;*.resources;*.rgs;*.scs;*.shfb;*.sln;*.snippet;*.src;*.suo;*.svn*;*.swd;*.swt;*.targets;*.tcLLP;*.tcScript;*.tcl;*.trx;*.tlb;*.tt;*.vb;*.vbp;*.vbs;*.vbw;*.vcproj;*.vsp;*.vsprops;*.vssettings;*.vstemplate;*.wsdl;*.wxl;*.wxs;*.xaml;*.xdr;*.xfm;*.xsd;*.xsl

Source: classification engine

Classification label: sus28.evad.winEXE@15/93@0/0

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

File created: C:\Program Files\JAM Software

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\HookTThread$fb0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$fb0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$19a8
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\HookTThread$14c8
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptDbgHelp
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\HookTThread$19a8
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$14c8

Source: C:\Users\user\Desktop\TreeSize-Setup.exe

File created: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp

Jump to behavior

Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\TreeSize-Setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: C:\Users\user\Desktop\TreeSize-Setup.exe

File read: C:\Users\user\Desktop\TreeSize-Setup.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\TreeSize-Setup.exe "C:\Users\user\Desktop\TreeSize-Setup.exe"
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp "C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp" /SL5="$203D4,36275776,857088,C:\Users\user\Desktop\TreeSize-Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe "C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe" /register /language en /product TreeSize /version 9.1.3 /title ' Setup - TreeSize V9.1.3' /parentHandle 328676
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe "C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe" /GetLicenseType
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe "C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe" /addFirewallRule /product TreeSize /executable 'C:\Program Files\JAM Software\TreeSize\TreeSize.exe'
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "C:\Program Files\JAM Software\TreeSize\TreeSize.exe" /nogui /installcertificate
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "C:\Program Files\JAM Software\TreeSize\TreeSize.exe" /NOGUI /SETADMINFLAG "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize (Administrator).LNK" /SETADMINFLAG "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize File Search (Administrator).LNK" /SETADMINFLAG "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Duplicate File Search (Administrator).LNK" /Language "en"
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "C:\Program Files\JAM Software\TreeSize\TreeSize.exe" /NOGUI /ContextMenuEntries 6 /INSTALL /SAVESETTINGS /REGISTERPACKAGE /Language "en"
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp "C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp" /SL5="$203D4,36275776,857088,C:\Users\user\Desktop\TreeSize-Setup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe "C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe" /register /language en /product TreeSize /version 9.1.3 /title ' Setup - TreeSize V9.1.3' /parentHandle 328676	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe "C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe" /GetLicenseType	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe "C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe" /addFirewallRule /product TreeSize /executable 'C:\Program Files\JAM Software\TreeSize\TreeSize.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "C:\Program Files\JAM Software\TreeSize\TreeSize.exe" /nogui /installcertificate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "C:\Program Files\JAM Software\TreeSize\TreeSize.exe" /NOGUI /SETADMINFLAG "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize (Administrator).LNK" /SETADMINFLAG "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize File Search (Administrator).LNK" /SETADMINFLAG "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Duplicate File Search (Administrator).LNK" /Language "en"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "C:\Program Files\JAM Software\TreeSize\TreeSize.exe" /NOGUI /ContextMenuEntries 6 /INSTALL /SAVESETTINGS /REGISTERPACKAGE /Language "en"	Jump to behavior

Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: esdsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: esdsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: esdsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: virtdisk.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: fltlib.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: faultrep.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: softpub.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wpnapps.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: uiribbon.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msxml6.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: esdsip.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: virtdisk.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: version.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: netapi32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winhttp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: shfolder.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wsock32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: usp10.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mpr.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winmm.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: oleacc.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wininet.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: urlmon.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: fltlib.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: iertutil.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: srvcli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: netutils.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: samcli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msasn1.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: faultrep.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dbgcore.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winsta.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: propsys.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wldp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: profapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: softpub.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mscoree.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wpnapps.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wintypes.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rmclient.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: xmllite.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: usermgrcli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: linkinfo.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: sspicli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: srclient.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: spp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: powrprof.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vssapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vsstrace.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: umpdc.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: uiribbon.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: userenv.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: secur32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: virtdisk.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: version.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: netapi32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winhttp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: shfolder.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wsock32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: usp10.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mpr.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winmm.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: oleacc.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wininet.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: urlmon.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: fltlib.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: iertutil.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: srvcli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: netutils.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: samcli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msasn1.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: faultrep.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dbgcore.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winsta.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: propsys.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wldp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: profapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: softpub.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mscoree.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wpnapps.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wintypes.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rmclient.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: xmllite.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: usermgrcli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: linkinfo.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: sspicli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: srclient.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: spp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: powrprof.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vssapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vsstrace.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: umpdc.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: uiribbon.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: userenv.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: secur32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: gpapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msxml6.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dwrite.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: amsi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cryptnet.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msisip.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wshext.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: appxsip.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: opcservices.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: esdsip.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dpapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: symsrv.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: textshaping.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: edputil.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wkscli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winnsi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rasapi32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rasman.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rtutils.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mswsock.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msisip.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wshext.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: appxsip.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: opcservices.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: esdsip.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: atlthunk.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dwmapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: apphelp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: prnfldr.dll

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: TreeSize.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize (Administrator).lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize File Search.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize File Search (Administrator).lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize Duplicate File Search.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize Duplicate File Search (Administrator).lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize Renamer.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize Manual.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.pdf
Source: TreeSize Help.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.chm

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Copyright (c) by Joachim Marder e.K.All Rights Reserved L I C E N S E A G R E E M E N TPlease read the following terms and conditions carefully before installing and using the software. By using our software you accept this license agreement and warranty.Registered VersionTerms of UseThis License Agreement is a legal agreement between you ("Licensee") the end-user and JAM Software GmbH for the use of this software product ("Software") for both commercial and non-commercial purposes.In general you need at least as many licenses as there are computers or clients on which our software is available for execution. Each instance (installation) provided to more than one user must be licensed based on the number of users and each license may only be assigned to a new user or computer system every 30 days. A user is identified by the windows account name. For some of our products online activation is required to verify correct license usage.A licensed copy of the Software may be used by one user on up to three dedicated computers (but not simultaneously and not more than one virtual or physical server).For products that have a portable installation option the above restrictions apply. "Portable Installation" in this context means that the user is entitled to install the software on a removable medium (e.g. USB stick or external hard drive) in order to use it on another computer without further installation. The portable installation is equivalent to a full installation on an independent system in terms of licensing law. It is exclusively for use on removable media and does not include network sharing. The portable use on an external medium (if possible) remains unaffected by the 30-day transfer restriction since the user of the medium is usually also the license holder.If the licensed software is made available for execution over a network the number of licenses purchased for the software must be at least equal to the number of physical PCs servers and terminal clients on which it can be executed. For example if the Software can be executed on 8 different PCs or terminal clients on the network a minimum of 8 licenses is required regardless of whether the Software actually runs simultaneously on all PCs. For some products client licenses are offered which can be used to license additional users.A site license allows you to use the software for all users and on all computers in one location (city). Site or company-wide licenses may not be used by other legal entities in the group but are limited to the respective legal entity of the licensee.In the case of processing data on behalf of or for a customer our licenses only cover the installation of the commissioned party and the data of one customer to be supported. Additional customers mu
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Copyright (c) by Joachim Marder e.K.All Rights Reserved L I C E N S E A G R E E M E N TPlease read the following terms and conditions carefully before installing and using the software. By using our software you accept this license agreement and warranty.Registered VersionTerms of UseThis License Agreement is a legal agreement between you ("Licensee") the end-user and JAM Software GmbH for the use of this software product ("Software") for both commercial and non-commercial purposes.In general you need at least as many licenses as there are computers or clients on which our software is available for execution. Each instance (installation) provided to more than one user must be licensed based on the number of users and each license may only be assigned to a new user or computer system every 30 days. A user is identified by the windows account name. For some of our products online activation is required to verify correct license usage.A licensed copy of the Software may be used by one user on up to three dedicated computers (but not simultaneously and not more than one virtual or physical server).For products that have a portable installation option the above restrictions apply. "Portable Installation" in this context means that the user is entitled to install the software on a removable medium (e.g. USB stick or external hard drive) in order to use it on another computer without further installation. The portable installation is equivalent to a full installation on an independent system in terms of licensing law. It is exclusively for use on removable media and does not include network sharing. The portable use on an external medium (if possible) remains unaffected by the 30-day transfer restriction since the user of the medium is usually also the license holder.If the licensed software is made available for execution over a network the number of licenses purchased for the software must be at least equal to the number of physical PCs servers and terminal clients on which it can be executed. For example if the Software can be executed on 8 different PCs or terminal clients on the network a minimum of 8 licenses is required regardless of whether the Software actually runs simultaneously on all PCs. For some products client licenses are offered which can be used to license additional users.A site license allows you to use the software for all users and on all computers in one location (city). Site or company-wide licenses may not be used by other legal entities in the group but are limited to the respective legal entity of the licensee.In the case of processing data on behalf of or for a customer our licenses only cover the installation of the commissioned party and the data of one customer to be supported. Additional customers mu

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-R4FTK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-72PA3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Inno Setup	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Inno Setup\is-11J8L.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-98K2M.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-6LRB2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\BouncyCastle	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\BouncyCastle\is-CONKA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\WindowsFirewallHelper	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\WindowsFirewallHelper\is-LI4UO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Spring4D	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Spring4D\is-LCF07.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Windows Ribbon Framework for Delphi	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Windows Ribbon Framework for Delphi\is-0DE9P.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Virtual TreeView	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Virtual TreeView\is-6FK4S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Abbrevia	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Abbrevia\is-O084G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Jedi Component Library	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Jedi Component Library\is-2G5RV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\SynPDF	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\SynPDF\is-SH3FG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\PasOpenCL	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\PasOpenCL\is-5IC8G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\GLScene	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\GLScene\is-L77PL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-NK7KL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-NPTM0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-IG5VU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-ABQ1U.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-SBQT2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-TILR0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-OKLVV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-5KU53.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-QPJRT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-77909.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-HL5HB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-5DQET.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-OPABV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-GL6BI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-Q2OGP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\unins000.msg	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreeSize_is1

Jump to behavior

Source: TreeSize-Setup.exe

Static PE information: certificate valid

Source: TreeSize-Setup.exe

Static file information: File size 37333832 > 1048576

Source: TreeSize-Setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\a\_work\e\src\out\Release_x64\WebView2Loader.dll.pdb source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D462C1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397538450.0000010D505A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3691F000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D465D6000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB18F9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Encodings.Web/Release/net462/System.Text.Encodings.Web.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2397721211.0000010D505F0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36496000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3647A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D364EF000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3648A000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: .proj;.a;.ahk;.asm;.bml;.bdsgroup;.bpg;.bpi;.bpk;.bpr;.c;.cbl;.cpp;.cs;.cvs;.dbg;.dcp;.dcr;.dcu;.def;.dess;.dfm;.dof;.dpk;.dpr;.drc;.dtd;.elf;.exp;.fmx;.frm;.h;.hpp;.hmx;.hmxp;.??html;.idl;.inc;.inl;.ise;.ism;.iss;.java;.json;.jsl;.lib;.lic;.lpk;.mak;.mk;.map;.mds;.ncp;.nrmap;.o;.obj;.pas;.pch;.pdb;.pfx;.pl;.ps1;.py;.rc;.rc2;.rdl;.res;.resx;.resources;.rgs;.scs;.shfb;.sln;.snippet;.src;.suo;.svn;.swd;.swt;.targets;.tcLLP;.tcScript;.tcl;.trx;.tlb;.tt;.vb;.vbp;.vbs;.vbw;.vcproj;.vsp;.vsprops;.vssettings;.vstemplate;.wsdl;.wxl;.wxs;.xaml;.xdr;.xfm;.xsd;.xsl source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp
Source:	Binary string: Jam.License.Validation.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetComponents_trunk\DotNetLib\Jam.Interop.Merged\bin\Release\Jam.Interop.pdb source: TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowsFirewallHelper.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46721000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380865998.0000010D361C0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D466A9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: WindowsFirewallHelper.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46721000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380865998.0000010D361C0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D466A9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D3653A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3651E000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36532000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\Projekte\Demo Projects\AuthenticodeExaminer-0.3.0\src\AuthenticodeExaminer\obj\Release\net461\AuthenticodeExaminer.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2395123116.0000010D4EEC0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D3653A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3651E000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36532000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2397492193.0000010D50590000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3688B000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D368A7000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3689F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Jam.License.Common.pdb, source: LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: Jam.License.Shared.pdb\| source: LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\a\_work\e\src\out\Release_x64\WebView2Loader.dll.pdbOGP source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetComponents_trunk\DotNetLib\Jam.Interop.Merged\bin\Release\Jam.Interop.pdbSHA256{cZ source: TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Encodings.Web/Release/net462/System.Text.Encodings.Web.pdb source: LicenseManager.exe, 00000003.00000002.2397721211.0000010D505F0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36496000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3647A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D364EF000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3648A000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: c:\ProgrammingProjects\Redemption\binary\Release\Redemption64.pdb source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D365D2000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397921615.0000010D50620000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365BE000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365DA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\Projekte\Demo Projects\AuthenticodeExaminer-0.3.0\src\AuthenticodeExaminer\obj\Release\net461\AuthenticodeExaminer.pdb source: LicenseManager.exe, 00000003.00000002.2395123116.0000010D4EEC0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetLib_trunk\DotNetLib\Jam.Logging\obj\Release\netstandard2.0\Jam.Logging.pdb source: LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2427772223.000001AFBA530000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60AC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60D4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetLib_trunk\DotNetLib\Jam.Logging\obj\Release\netstandard2.0\Jam.Logging.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: LicenseManager.exe, 00000003.00000002.2397860461.0000010D50610000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3656D000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36581000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Jam.License.Common.pdb source: LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: LicenseManager.exe, 00000003.00000002.2397492193.0000010D50590000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3688B000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D368A7000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3689F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Jam.License.Shared.pdb source: LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: LicenseManager.exe.2.dr, -.cs	.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
Source: LicenseManager.exe.2.dr, -.cs	.Net Code: _E00D System.Reflection.Assembly.Load(byte[])
Source: is-QPJRT.tmp.2.dr, -.cs	.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
Source: is-QPJRT.tmp.2.dr, -.cs	.Net Code: _E00D System.Reflection.Assembly.Load(byte[])
Source: is-98K2M.tmp.2.dr, -.cs	.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
Source: is-98K2M.tmp.2.dr, -.cs	.Net Code: _E00D System.Reflection.Assembly.Load(byte[])
Source: is-SBQT2.tmp.2.dr, JamCOMObjectFactory.cs	.Net Code: _E004 System.Reflection.Assembly.Load(byte[])

Binary contains a suspicious time stamp

Source: is-OKLVV.tmp.2.dr

Static PE information: 0xBA6201D2 [Fri Feb 1 22:59:30 2069 UTC]

PE file contains an invalid checksum

Source: is-OPABV.tmp.2.dr	Static PE information: real checksum: 0x0 should be: 0x1afc75
Source: is-77909.tmp.2.dr	Static PE information: real checksum: 0x814d should be: 0x9b76

PE file contains sections with non-standard names

Source: TreeSize-Setup.exe	Static PE information: section name: .didata
Source: TreeSize-Setup.tmp.0.dr	Static PE information: section name: .didata
Source: is-HL5HB.tmp.2.dr	Static PE information: section name: .didata
Source: is-HL5HB.tmp.2.dr	Static PE information: section name: .debug
Source: is-5DQET.tmp.2.dr	Static PE information: section name: .00cfg
Source: is-5DQET.tmp.2.dr	Static PE information: section name: .gxfg
Source: is-5DQET.tmp.2.dr	Static PE information: section name: .retplne
Source: is-5DQET.tmp.2.dr	Static PE information: section name: _RDATA
Source: is-OPABV.tmp.2.dr	Static PE information: section name: .didata
Source: is-R4FTK.tmp.2.dr	Static PE information: section name: .didata
Source: is-NK7KL.tmp.2.dr	Static PE information: section name: .didata

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A78C2 push FFFFFFE9h; iretd	3_2_00007FFD346A78CA
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD3469F9D5 push eax; iretd	3_2_00007FFD3469F9D9
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD346920F7 push FFFFFFE9h; iretd	8_2_00007FFD346920FA
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD34673122 push FFFFFFE9h; iretd	10_2_00007FFD3467312A
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3466C2F3 push eax; iretd	10_2_00007FFD3466C309

Source: LicenseManager.exe.2.dr	Static PE information: section name: .text entropy: 7.951493927909206
Source: is-QPJRT.tmp.2.dr	Static PE information: section name: .text entropy: 7.995523930811098
Source: is-98K2M.tmp.2.dr	Static PE information: section name: .text entropy: 7.951493927909206

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\Microsoft.IdentityModel.Abstractions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-5DQET.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\Redemption64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\WebView2Loader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-98K2M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\Jam.Logging.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-QPJRT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-TILR0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\Jam.Net.Mail.Interop.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-NK7KL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-HL5HB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-R4FTK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-SBQT2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\Jam.Interop.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\LicenseManager.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-OPABV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\Microsoft.Identity.Client.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-OKLVV.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-77909.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\ChartAssembly.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-5KU53.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\TreeSizeContextMenu.dll (copy)	Jump to dropped file

Creates or modifies windows services

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize (Administrator).lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize File Search.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize File Search (Administrator).lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Duplicate File Search.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Duplicate File Search (Administrator).lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Renamer.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Manual.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Help.lnk	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TreeSize.lnk	Jump to behavior

Stores large binary data to the registry

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob

Jump to behavior

Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Memory allocated: 10D34970000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Memory allocated: 10D4E2C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Memory allocated: 1AF9FE00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Memory allocated: 1AFB97E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Memory allocated: 11FE45E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Memory allocated: 11FFE080000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Memory allocated: 1BB874F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Memory allocated: 1BB9F640000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Memory allocated: 2038E860000 memory reserve \| memory write watch
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Memory allocated: 203A6920000 memory reserve \| memory write watch

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\Microsoft.IdentityModel.Abstractions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-5DQET.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\Microsoft.Identity.Client.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-OPABV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\WebView2Loader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\Redemption64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\Jam.Logging.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-OKLVV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-77909.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\ChartAssembly.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-QPJRT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-TILR0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\Jam.Net.Mail.Interop.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-5KU53.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-HL5HB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-SBQT2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\Jam.Interop.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\TreeSizeContextMenu.dll (copy)	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe TID: 6980	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe TID: 5956	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe TID: 3496	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe TID: 5708	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe TID: 7116	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe

Last function: Thread delayed

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe

Code function: 15_2_0006DDC0 GetSystemInfo,

15_2_0006DDC0

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: PC, VMware
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Files of Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: rerApplikationProgrammer, biblioteker og andre kompilerede ressourcerKomprimerede arkiver og diskbillederProgramvareudviklingKilde- og projektfiler til softwareudviklingsprojekterVirtualiseringFiler fra Virtual PC, VMware, osv.OfficeDokumenter og filer i Office-programmer og PDF-filerFejl under
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: bory Virtual PC, VMware at
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: hrbare Dateien, Bibliotheken und andere kompilierte RessourcenKomprimierte Archive und Disk ImagesSoftwareentwicklungQuell- und Projektdateien von SoftwareentwicklungsprojektenVirtualisierungDateien von Virtual PC, VMware, etc.OfficeDokumente und Dateien von Office Programmen sowie PDFsFehler beim Lesen der Zertifikat-Datei: (%d) %sDas Zertifikat wurde in der Datei nicht gefunden: (%d) %sIdleNiedrigNiedriger als normalNormalH
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Virtual PC, VMware, stb. f
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Filer fra Virtual PC, VMware, osv.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: o de PCArquivos do Virtual PC, VMware, etc.Documentos e arquivos de programas do office e PDFsErro ao abrir o arquivo de certificado: (%d) %sO certificado n
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Fichiers de Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: File di Virtual PC, VMWare, ecc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: 65535 piksler.SystemSystemfilerDatabase filerFiler som inneholder data fra klient- og serverdatabaserMidlertidigMidlertidige filer og sikkerhetskopier som inneholder tidligere versjoner av gjeldende filerTekstVanlige tekstfiler, loggfilerHjelpFiler i Windows-hjelpesystemetInternett-filerFiler relatert til WWW, som HTML-filerKon&figurasjonFiler som inneholder konfigurasjonsinnstillingerMail TilE-postmeldinger og filer fra e-postklienterLydfilerFiler som inneholder musikk, lyder eller spillelisterVideofilerFiler som inneholder videoer eller animasjonerBilledbaseFiler som inneholder bilder eller musepekereApplikasjonProgramfiler, biblioteker og andre samlede ressurserKomprimerte arkiver og diskavbildningerProgramvareutviklingsfilerKilde- og prosjektfiler for programvareutviklingsprosjekterPC-virtualiseringsfilerFiler av virtuell PC, VMware, etc.Dokumenter og filer fra office-program og PDFFeil ved
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: o de PCFicheiros do Virtual PC, VMware, etc.Documentos e ficheiros de programas do office e PDFsErro ao abrir o ficheiro do certificado: (%d) %sCertificado n
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: unalnikaDatoteke Virtual PC, VMware itd.PisarnaDokumenti in datoteke pisarni
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Sanal PC, VMware Dosyalar
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Datoteke Virtual PC, VMware itd.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: VMware
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004359000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Virtualization!Files of Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: rmaSanal PC, VMware Dosyalar
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: w oprogramowania deweloperaWirtualizacjaPliki z Virtual PC, VMware, itp.BiuroDokumenty i pliki program
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Bestanden van Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Arquivos do Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004359000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: , VMware
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Dateien von Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: nArchivos de PC virtual, VMWare, etc.OfficeArchivos y documentos de programas Office y PDFError al abrir el certificado: (%d) %sNo hay certificado en el archivo: (%d) %sDesocupadoBajaBajo la normalNormalSobre la normalAltaTiempo realArchivos miscel
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Files of Virtual PC, VMware, etc.64766
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Files of Virtual PC, VMware, etc.64767
Source: LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2586574103.0000011FFEDB6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Ficheiros do Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Virtual PC, VMware,
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: ho PC, VMware, atd.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Pliki z Virtual PC, VMware, itp.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: ho PC, VMware, atd.Kancel
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Filer av virtuell PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: , VMware,
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: nSoftware ontwikkelingBron- en projectbestanden van softwareontwikkelingsprojectenVirtualisatieBestanden van Virtual PC, VMware, etc.OfficeDocumenten en bestanden van office-programma's en PDF'sFout bij openen van certificaatbestand: (%d) %sCertificaat is niet gevonden in bestand: (%d) %sInactiefLaagLager dan normaalNormaalHoger dan normaalHoogReal-timeDiverse bestandenOnbekende bestandstypen%s is geen geldige hexadecimale stringvarDispatch type wordt niet ondersteundvarError type niet ondersteundSchema "%s" is niet geregistreerdType past niet in VariantOngeldige datum: %sOngeldige tijd: %sOngeldige minuut: %dOngeldige millisecondes: %dOngeldig deel van seconde: %fOngeldig verschil in uren: %dOngeldige waarde voor periode: %sVerschil in uren is ongeldigOngeldig decimaal getal: "%s"Microsoft MSXML is niet ge
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Archivos de PC virtual, VMWare, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Virtual PC, VMware
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: veloppement logicielVirtualisationFichiers de Virtual PC, VMware, etc.BureauDocuments et fichiers de programmes bureautiques et PDFErreur
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: la larghezza o l'altezza superano la dimensione massima di 65535 pixel.SistemaFile di sistemaFiles di DatabaseFile contenenti dati di database client e serverTemporaneoFile temporanei e copie backup contenenti versioni precedenti dei file attualiTestFile di testo semplice, file di registroAiutoFile del sistema aiuto WindowsFile internetFile relativi al WWW, come file HTMLCon&figurazioneFile contenenti impostazioni di configurazionePosta aMessaggi di posta elettronica e file di client di posta elettronicaFiles audioFile contenenti musica, suoni o playlistFile videoFile contenenti video o animazioniBase immagineFile contenenti immagini, foto o cursori mouseApplicazioneFile di programma, di librerie e altre risorse compilateArchivi compressi e immagini dischiFile di sviluppo softwareFile di origine e progetto di progetti sviluppo softwareFile di virtualizzazione ComputerFile di Virtual PC, VMWare, ecc.UfficioDocumenti e file di programmi d'ufficio e PDFErrore nell'apertura del file del certificato: (%d) %sIl certificato non

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Process information queried: ProcessInformation

Jump to behavior

Enables debug privileges

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	NtQueryDirectoryFile: Indirect: 0x12EEFD9
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	NtQuerySystemInformation: Indirect: 0x10CB31
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	NtQuerySystemInformation: Indirect: 0x10CA67

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "c:\program files\jam software\treesize\treesize.exe" /nogui /setadminflag "c:\programdata\microsoft\windows\start menu\programs\treesize\treesize (administrator).lnk" /setadminflag "c:\programdata\microsoft\windows\start menu\programs\treesize\treesize file search (administrator).lnk" /setadminflag "c:\programdata\microsoft\windows\start menu\programs\treesize\treesize duplicate file search (administrator).lnk" /language "en"
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "c:\program files\jam software\treesize\treesize.exe" /nogui /setadminflag "c:\programdata\microsoft\windows\start menu\programs\treesize\treesize (administrator).lnk" /setadminflag "c:\programdata\microsoft\windows\start menu\programs\treesize\treesize file search (administrator).lnk" /setadminflag "c:\programdata\microsoft\windows\start menu\programs\treesize\treesize duplicate file search (administrator).lnk" /language "en"			Jump to behavior

Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000A51000.00000020.00000001.01000000.00000011.sdmp

Binary or memory string: Shell_TrayWnd

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\Jam.Interop.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\Jam.Interop.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\Jam.Logging.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\LicenseManager.exe VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\LicenseManager.exe VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\Jam.Interop.dll VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\Jam.Interop.dll VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\Jam.Logging.dll VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\LicenseManager.exe VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\LicenseManager.exe VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Adds / modifies Windows certificates

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A1D10 CryptQueryObject,	3_2_00007FFD346A1D10
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A3109 CryptQueryObject,	3_2_00007FFD346A3109
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A1C6D CryptQueryObject,	3_2_00007FFD346A1C6D
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A6D6D CryptQueryObject,	3_2_00007FFD346A6D6D
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A314D CryptQueryObject,	3_2_00007FFD346A314D
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD3468AE45 CryptQueryObject,CryptQueryObject,	8_2_00007FFD3468AE45
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD3468BA4E CryptQueryObject,	8_2_00007FFD3468BA4E
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD3468BABD CryptQueryObject,	8_2_00007FFD3468BABD
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD3468F2FD CryptQueryObject,	8_2_00007FFD3468F2FD
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3466C038 CryptQueryObject,	10_2_00007FFD3466C038
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3467015A CryptQueryObject,	10_2_00007FFD3467015A
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3466C78D CryptQueryObject,	10_2_00007FFD3466C78D
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3466C7FD CryptQueryObject,	10_2_00007FFD3466C7FD

Uses 32bit PE files

Source: TreeSize-Setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Copyright (c) by Joachim Marder e.K.All Rights Reserved L I C E N S E A G R E E M E N TPlease read the following terms and conditions carefully before installing and using the software. By using our software you accept this license agreement and warranty.Registered VersionTerms of UseThis License Agreement is a legal agreement between you ("Licensee") the end-user and JAM Software GmbH for the use of this software product ("Software") for both commercial and non-commercial purposes.In general you need at least as many licenses as there are computers or clients on which our software is available for execution. Each instance (installation) provided to more than one user must be licensed based on the number of users and each license may only be assigned to a new user or computer system every 30 days. A user is identified by the windows account name. For some of our products online activation is required to verify correct license usage.A licensed copy of the Software may be used by one user on up to three dedicated computers (but not simultaneously and not more than one virtual or physical server).For products that have a portable installation option the above restrictions apply. "Portable Installation" in this context means that the user is entitled to install the software on a removable medium (e.g. USB stick or external hard drive) in order to use it on another computer without further installation. The portable installation is equivalent to a full installation on an independent system in terms of licensing law. It is exclusively for use on removable media and does not include network sharing. The portable use on an external medium (if possible) remains unaffected by the 30-day transfer restriction since the user of the medium is usually also the license holder.If the licensed software is made available for execution over a network the number of licenses purchased for the software must be at least equal to the number of physical PCs servers and terminal clients on which it can be executed. For example if the Software can be executed on 8 different PCs or terminal clients on the network a minimum of 8 licenses is required regardless of whether the Software actually runs simultaneously on all PCs. For some products client licenses are offered which can be used to license additional users.A site license allows you to use the software for all users and on all computers in one location (city). Site or company-wide licenses may not be used by other legal entities in the group but are limited to the respective legal entity of the licensee.In the case of processing data on behalf of or for a customer our licenses only cover the installation of the commissioned party and the data of one customer to be supported. Additional customers mu
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Copyright (c) by Joachim Marder e.K.All Rights Reserved L I C E N S E A G R E E M E N TPlease read the following terms and conditions carefully before installing and using the software. By using our software you accept this license agreement and warranty.Registered VersionTerms of UseThis License Agreement is a legal agreement between you ("Licensee") the end-user and JAM Software GmbH for the use of this software product ("Software") for both commercial and non-commercial purposes.In general you need at least as many licenses as there are computers or clients on which our software is available for execution. Each instance (installation) provided to more than one user must be licensed based on the number of users and each license may only be assigned to a new user or computer system every 30 days. A user is identified by the windows account name. For some of our products online activation is required to verify correct license usage.A licensed copy of the Software may be used by one user on up to three dedicated computers (but not simultaneously and not more than one virtual or physical server).For products that have a portable installation option the above restrictions apply. "Portable Installation" in this context means that the user is entitled to install the software on a removable medium (e.g. USB stick or external hard drive) in order to use it on another computer without further installation. The portable installation is equivalent to a full installation on an independent system in terms of licensing law. It is exclusively for use on removable media and does not include network sharing. The portable use on an external medium (if possible) remains unaffected by the 30-day transfer restriction since the user of the medium is usually also the license holder.If the licensed software is made available for execution over a network the number of licenses purchased for the software must be at least equal to the number of physical PCs servers and terminal clients on which it can be executed. For example if the Software can be executed on 8 different PCs or terminal clients on the network a minimum of 8 licenses is required regardless of whether the Software actually runs simultaneously on all PCs. For some products client licenses are offered which can be used to license additional users.A site license allows you to use the software for all users and on all computers in one location (city). Site or company-wide licenses may not be used by other legal entities in the group but are limited to the respective legal entity of the licensee.In the case of processing data on behalf of or for a customer our licenses only cover the installation of the commissioned party and the data of one customer to be supported. Additional customers mu

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-R4FTK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-72PA3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Inno Setup	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Inno Setup\is-11J8L.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-98K2M.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-6LRB2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\BouncyCastle	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\BouncyCastle\is-CONKA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\WindowsFirewallHelper	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\WindowsFirewallHelper\is-LI4UO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Spring4D	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Spring4D\is-LCF07.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Windows Ribbon Framework for Delphi	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Windows Ribbon Framework for Delphi\is-0DE9P.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Virtual TreeView	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Virtual TreeView\is-6FK4S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Abbrevia	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Abbrevia\is-O084G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Jedi Component Library	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Jedi Component Library\is-2G5RV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\SynPDF	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\SynPDF\is-SH3FG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\PasOpenCL	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\PasOpenCL\is-5IC8G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\GLScene	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\GLScene\is-L77PL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-NK7KL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-NPTM0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-IG5VU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-ABQ1U.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-SBQT2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-TILR0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-OKLVV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-5KU53.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-QPJRT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-77909.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-HL5HB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-5DQET.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-OPABV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-GL6BI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-Q2OGP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\unins000.msg	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreeSize_is1

Jump to behavior

Source: TreeSize-Setup.exe

Static PE information: certificate valid

Source: TreeSize-Setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\a\_work\e\src\out\Release_x64\WebView2Loader.dll.pdb source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D462C1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397538450.0000010D505A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3691F000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D465D6000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB18F9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Encodings.Web/Release/net462/System.Text.Encodings.Web.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2397721211.0000010D505F0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36496000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3647A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D364EF000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3648A000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: .proj;.a;.ahk;.asm;.bml;.bdsgroup;.bpg;.bpi;.bpk;.bpr;.c;.cbl;.cpp;.cs;.cvs;.dbg;.dcp;.dcr;.dcu;.def;.dess;.dfm;.dof;.dpk;.dpr;.drc;.dtd;.elf;.exp;.fmx;.frm;.h;.hpp;.hmx;.hmxp;.??html;.idl;.inc;.inl;.ise;.ism;.iss;.java;.json;.jsl;.lib;.lic;.lpk;.mak;.mk;.map;.mds;.ncp;.nrmap;.o;.obj;.pas;.pch;.pdb;.pfx;.pl;.ps1;.py;.rc;.rc2;.rdl;.res;.resx;.resources;.rgs;.scs;.shfb;.sln;.snippet;.src;.suo;.svn;.swd;.swt;.targets;.tcLLP;.tcScript;.tcl;.trx;.tlb;.tt;.vb;.vbp;.vbs;.vbw;.vcproj;.vsp;.vsprops;.vssettings;.vstemplate;.wsdl;.wxl;.wxs;.xaml;.xdr;.xfm;.xsd;.xsl source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp
Source:	Binary string: Jam.License.Validation.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetComponents_trunk\DotNetLib\Jam.Interop.Merged\bin\Release\Jam.Interop.pdb source: TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowsFirewallHelper.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46721000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380865998.0000010D361C0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D466A9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: WindowsFirewallHelper.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46721000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380865998.0000010D361C0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D466A9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D3653A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3651E000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36532000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\Projekte\Demo Projects\AuthenticodeExaminer-0.3.0\src\AuthenticodeExaminer\obj\Release\net461\AuthenticodeExaminer.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2395123116.0000010D4EEC0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D3653A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3651E000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36532000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2397492193.0000010D50590000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3688B000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D368A7000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3689F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Jam.License.Common.pdb, source: LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: Jam.License.Shared.pdb\| source: LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\a\_work\e\src\out\Release_x64\WebView2Loader.dll.pdbOGP source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetComponents_trunk\DotNetLib\Jam.Interop.Merged\bin\Release\Jam.Interop.pdbSHA256{cZ source: TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Encodings.Web/Release/net462/System.Text.Encodings.Web.pdb source: LicenseManager.exe, 00000003.00000002.2397721211.0000010D505F0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36496000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3647A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D364EF000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3648A000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: c:\ProgrammingProjects\Redemption\binary\Release\Redemption64.pdb source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D365D2000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397921615.0000010D50620000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365BE000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365DA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\Projekte\Demo Projects\AuthenticodeExaminer-0.3.0\src\AuthenticodeExaminer\obj\Release\net461\AuthenticodeExaminer.pdb source: LicenseManager.exe, 00000003.00000002.2395123116.0000010D4EEC0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetLib_trunk\DotNetLib\Jam.Logging\obj\Release\netstandard2.0\Jam.Logging.pdb source: LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2427772223.000001AFBA530000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60AC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60D4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetLib_trunk\DotNetLib\Jam.Logging\obj\Release\netstandard2.0\Jam.Logging.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: LicenseManager.exe, 00000003.00000002.2397860461.0000010D50610000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3656D000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36581000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Jam.License.Common.pdb source: LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: LicenseManager.exe, 00000003.00000002.2397492193.0000010D50590000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3688B000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D368A7000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3689F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Jam.License.Shared.pdb source: LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp

Checks for available system drives (often done to infect USB drives)

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: z:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: x:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: v:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: t:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: r:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: p:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: n:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: l:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: j:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: h:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: f:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: b:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: y:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: w:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: u:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: s:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: q:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: o:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: m:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: k:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: i:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: g:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: e:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: c:
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File opened: a:

Source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000005FA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://autodiscover.%s/autodiscover/autodiscover.xml
Source: LicenseManager.exe, 0000000A.00000002.2586344353.0000011FFEB80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/ca
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2396350868.0000010D4F1A0000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989923516.000001BB87176000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA0C7000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2586344353.0000011FFEB80000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF657A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989923516.000001BB87176000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2586344353.0000011FFEB80000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2412619248.000001AF9FC05000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g4http://crl.globalsign.com/ca/gstsacasha384g4.crl
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr45http://crl.globalsign.com/codesigningrootr45.crl
Source: LicenseManager.exe, 00000008.00000002.2412619248.000001AF9FC05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr45http://crl.globalsign.com/codesigningrootr45.crlI
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2412619248.000001AF9FC05000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca2020http://crl.globalsign.com/gsgccr45evcodesignca202
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA0C7000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2586344353.0000011FFEB80000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF657A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989923516.000001BB87176000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA0B8000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr6http://crl.globalsign.com/root-r6.crl
Source: LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EEE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp2.globalsign.com/rootr6http://crl.globalsign.com/root-r6.crl8x
Source: TreeSize-Setup.exe, 00000000.00000002.4668520996.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2205357320.0000000002540000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4693084749.0000000002400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://schemas.mic
Source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D362C1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2573689481.0000011FE6081000.00000004.00000800.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D363B4000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2573689481.0000011FE6196000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D362C1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2573689481.0000011FE6081000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globa
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2586344353.0000011FFEB80000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989923516.000001BB87176000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://secure.globalsign.comX
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: http://www.borland.com/namespaces/Types
Source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dimastr.com/redemption
Source: TreeSize-Setup.exe, 00000000.00000002.4695827173.000000000277D000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2205357320.0000000002540000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000003.2211182310.0000000003519000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4747363963.00000000036D2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.dk-soft.org/
Source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000005FA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://%s/autodiscover/autodiscover.xml
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/binaryformatter
Source: LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/dotnet-warnings/
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2573689481.0000011FE640D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.jam-software.de/
Source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000005FA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://autodiscover.%s/autodiscover/autodiscover.xml
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000A51000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://bugreport.jam-software.de/bugrepmailer.php
Source: LicenseManager.exe, 00000003.00000002.2380771319.0000010D36170000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://customers.jam-software.com
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://customers.jam-software.de
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000002851000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://customers.jam-software.de/basket.php?formAddProduct=%d&formAddProductCount=1&coupon_code=%s&
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000A51000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://customers.jam-software.de/directDownload.php?directDownloadUsername=%CustomerID%&directDownl
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000002851000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://customers.jam-software.de/directDownload.php?directDownloadUsername=%s&directDownloadKey=%s&
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000002851000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://customers.jam-software.de/inAppRouting/
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000A51000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://customers.jam-software.de/maintenanceReminder/?RemainingDaysOfMaintenance=%d&Product=%d&Mato
Source: TreeSize-Setup.exe, 00000000.00000002.4668520996.000000000226B000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2205357320.0000000002540000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4772868928.00000000038F1000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4740281295.0000000003613000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4693084749.0000000002400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://customers.jam-software.de/redirects?DOTNET48Website
Source: TreeSize-Setup.exe, 00000000.00000002.4668520996.000000000226B000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2205357320.0000000002540000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4772868928.0000000003863000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4740281295.0000000003613000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4693084749.0000000002400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://customers.jam-software.de/survey.php
Source: LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2427772223.000001AFBA530000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60AC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2427772223.000001AFBA530000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60AC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D462C1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397538450.0000010D505A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3691F000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D465D6000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB18F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e3958
Source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D3691F000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D465D6000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB18F9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/32b491939fbd125f304031c35038b1e14b4e39588
Source: LicenseManager.exe, 00000003.00000002.2397860461.0000010D50610000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365D2000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397921615.0000010D50620000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3656D000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365BE000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36581000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: LicenseManager.exe, 00000003.00000002.2397860461.0000010D50610000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365D2000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397921615.0000010D50620000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3656D000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365BE000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36581000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/roslyn/issues/46646
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/roslyn/issues/46646~
Source: LicenseManager.exe, 00000003.00000002.2397721211.0000010D505F0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36496000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397492193.0000010D50590000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3688B000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3647A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D364EF000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D368A7000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3648A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3689F000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/runtime
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/runtime/issues/73124.
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/runtime8
Source: TreeSize-Setup.exe, 00000000.00000002.4668520996.000000000226B000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2205357320.0000000002540000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4740281295.0000000003613000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4693084749.0000000002400000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4772868928.00000000038C6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jam-software.upvoty.com/TreeSize
Source: TreeSize-Setup.exe, 00000000.00000000.2204513284.0000000000401000.00000020.00000001.01000000.00000003.sdmp	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://knowledgebase.jam-software.com
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://knowledgebase.jam-software.de
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://manuals.jam-software.com/%s/EN/
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://manuals.jam-software.de/%s/DE/
Source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000005FA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.xmlDSkipping
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp, TreeSize.exe, 0000000B.00000000.2840703954.0000000005A0F000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&N
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&Nazwa
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&Nom
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&Nombre
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&Nome
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.com&Server:Wachtwoord
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comI&me
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comKiszolg
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comN
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comServer
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comServer&name:Geben
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comSunucu
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004359000.00000002.00000001.01000000.00000011.sdmp, TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp, TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://sharepoint.comTScanTargetPopup.SharepointHostLabel.Caption
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000A51000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://support.jam-software.de/0
Source: LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://svn/JamLicense/Jam.License.Common/
Source: LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://svn/JamLicense/Jam.License.Shared/
Source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://svn/JamLicense/Jam.License.Validation/
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000002851000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://update.jam-software.de/functions/getCurrentVersion.php?article=
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004359000.00000002.00000001.01000000.00000011.sdmp, TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp, TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://webdavTScanTargetPopup.WebdavServernameLabel.Caption
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380702676.0000010D349C5000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF02000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA0C7000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2426727420.000001AFBA082000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF657A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2573519371.0000011FE4735000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2585356211.0000011FFEA14000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989923516.000001BB87176000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989796522.000001BBFEAEA000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.globalsign.com/repository/0
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000000.2209314886.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.innosetup.com/
Source: LicenseManager.exe, 00000008.00000002.2413574560.000001AF9FD55000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://www.jam-software.com
Source: TreeSize-Setup.tmp, 00000002.00000003.2211182310.0000000003519000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4740281295.0000000003613000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com/TreeSize/editions.shtml
Source: TreeSize-Setup.tmp, 00000002.00000002.4772868928.000000000392E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com/TreeSize/editions.shtml0
Source: TreeSize-Setup.tmp, 00000002.00000003.2211182310.0000000003519000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com/TreeSize/editions.shtml0ExplorerContextMenuItems
Source: TreeSize-Setup.tmp, 00000002.00000003.2211182310.00000000034D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com/TreeSize/surumler.shtml
Source: TreeSize-Setup.tmp, 00000002.00000002.4772868928.000000000392E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com/TreeSize/surumler.shtml0
Source: TreeSize-Setup.tmp, 00000002.00000002.4693084749.00000000024B4000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000003.2211182310.0000000003519000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4740281295.0000000003613000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com/company/privacy.shtml
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://www.jam-software.com/knowledgebase/7159
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000005A0F000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://www.jam-software.com/treesize/D
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp, TreeSize.exe, 0000000B.00000003.2989303313.000001BBFEADD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com0
Source: LicenseManager.exe, 00000003.00000002.2395186168.0000010D4EF53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.com2
Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp	String found in binary or memory: https://www.jam-software.de
Source: TreeSize-Setup.tmp, 00000002.00000003.2211182310.0000000003519000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4693084749.0000000002400000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.de/TreeSize/editions.shtml
Source: TreeSize-Setup.tmp, 00000002.00000003.2211182310.0000000003519000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4772868928.000000000390E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.de/company/privacy.shtml
Source: TreeSize-Setup.exe, 00000000.00000002.4668520996.000000000226B000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2205357320.0000000002540000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000002.4693084749.000000000249C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.de/customers/index.php?language=
Source: TreeSize-Setup.tmp, 00000002.00000002.4693084749.000000000249C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.jam-software.de/customers/index.php?language=ennguage
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	String found in binary or memory: https://www.jam-software.de/knowledgebase/7159
Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, TreeSize-Setup.tmp, 00000002.00000000.2209314886.0000000000401000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.remobjects.com/ps

Creates a window with clipboard capturing capabilities

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Window created: window name: CLIPBRDWNDCLASS

Drops certificate files (DER)

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp40F4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp5299.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp4076.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp5EEB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp9D7B.tmp	Jump to dropped file
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp6B1B.tmp	Jump to dropped file
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File created: C:\Users\user\AppData\Local\Temp\TmpA6CD.tmp	Jump to dropped file
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File created: C:\Users\user\AppData\Local\Temp\TmpBBE2.tmp	Jump to dropped file
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File created: C:\Users\user\AppData\Local\Temp\Tmp4ACD.tmp	Jump to dropped file
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File created: C:\Users\user\AppData\Local\Temp\TmpCA99.tmp	Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security			Jump to behavior

Reads the System eventlog

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System			Jump to behavior

Detected potential crypto function

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD3469FC8C	3_2_00007FFD3469FC8C
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346915F8	3_2_00007FFD346915F8
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A85F3	3_2_00007FFD346A85F3
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD34698739	3_2_00007FFD34698739
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD34693790	3_2_00007FFD34693790
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD34691B05	3_2_00007FFD34691B05
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A1425	3_2_00007FFD346A1425
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346925F5	3_2_00007FFD346925F5
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD346815F8	8_2_00007FFD346815F8
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD34683790	8_2_00007FFD34683790
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD34693313	8_2_00007FFD34693313
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD34681B05	8_2_00007FFD34681B05
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD34698850	8_2_00007FFD34698850
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3469AD08	10_2_00007FFD3469AD08
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD346615F8	10_2_00007FFD346615F8
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD34660DE4	10_2_00007FFD34660DE4
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD34663790	10_2_00007FFD34663790
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3467A848	10_2_00007FFD3467A848
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD34674343	10_2_00007FFD34674343
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD34661B05	10_2_00007FFD34661B05
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3469ABA0	10_2_00007FFD3469ABA0
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3469AC10	10_2_00007FFD3469AC10
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD34699EB8	10_2_00007FFD34699EB8

PE file contains executable resources (Code or Archives)

Source: TreeSize-Setup.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-R4FTK.tmp.2.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

PE file contains more sections than normal

Source: is-5DQET.tmp.2.dr	Static PE information: Number of sections : 11 > 10
Source: is-HL5HB.tmp.2.dr	Static PE information: Number of sections : 11 > 10
Source: is-NK7KL.tmp.2.dr	Static PE information: Number of sections : 11 > 10

Sample file is different than original file name gathered from version info

Source: TreeSize-Setup.exe, 00000000.00000003.2207508560.0000000002890000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs TreeSize-Setup.exe
Source: TreeSize-Setup.exe, 00000000.00000000.2204656016.00000000004C6000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileName vs TreeSize-Setup.exe
Source: TreeSize-Setup.exe, 00000000.00000002.4668520996.00000000022A8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekernel32j% vs TreeSize-Setup.exe
Source: TreeSize-Setup.exe, 00000000.00000003.2207933121.000000007FB50000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs TreeSize-Setup.exe

Uses 32bit PE files

Source: TreeSize-Setup.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: LicenseManager.exe.2.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: is-QPJRT.tmp.2.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: is-98K2M.tmp.2.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: LicenseManager.exe.2.dr, -.cs	Cryptographic APIs: 'CreateDecryptor'
Source: is-QPJRT.tmp.2.dr, -.cs	Cryptographic APIs: 'CreateDecryptor'
Source: is-98K2M.tmp.2.dr, -.cs	Cryptographic APIs: 'CreateDecryptor'
Source: is-SBQT2.tmp.2.dr, EncryptionExtensions.cs	Cryptographic APIs: 'CreateDecryptor'
Source: is-SBQT2.tmp.2.dr, EncryptionExtensions.cs	Cryptographic APIs: 'CreateDecryptor'
Source: is-SBQT2.tmp.2.dr, EncryptionExtensions.cs	Cryptographic APIs: 'CreateDecryptor'
Source: is-SBQT2.tmp.2.dr, EncryptionExtensions.cs	Cryptographic APIs: 'CreateDecryptor'

Source: is-98K2M.tmp.2.dr, -.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: is-98K2M.tmp.2.dr, -.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: LicenseManager.exe.2.dr, -.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: LicenseManager.exe.2.dr, -.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp

Source: classification engine

Classification label: sus28.evad.winEXE@15/93@0/0

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

File created: C:\Program Files\JAM Software

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

File created: C:\Users\user\AppData\Local\Programs

Jump to behavior

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\HookTThread$fb0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$fb0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$19a8
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\HookTThread$14c8
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptDbgHelp
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\HookTThread$19a8
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Mutant created: \Sessions\1\BaseNamedObjects\madExceptSettingsMtx$14c8

Source: C:\Users\user\Desktop\TreeSize-Setup.exe

File created: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp

Jump to behavior

Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\TreeSize-Setup.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: TreeSize.exe, 0000000B.00000000.2823019165.0000000003F5D000.00000008.00000001.01000000.00000011.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: C:\Users\user\Desktop\TreeSize-Setup.exe

File read: C:\Users\user\Desktop\TreeSize-Setup.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\TreeSize-Setup.exe "C:\Users\user\Desktop\TreeSize-Setup.exe"
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp "C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp" /SL5="$203D4,36275776,857088,C:\Users\user\Desktop\TreeSize-Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe "C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe" /register /language en /product TreeSize /version 9.1.3 /title ' Setup - TreeSize V9.1.3' /parentHandle 328676
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe "C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe" /GetLicenseType
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe "C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe" /addFirewallRule /product TreeSize /executable 'C:\Program Files\JAM Software\TreeSize\TreeSize.exe'
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "C:\Program Files\JAM Software\TreeSize\TreeSize.exe" /nogui /installcertificate
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "C:\Program Files\JAM Software\TreeSize\TreeSize.exe" /NOGUI /SETADMINFLAG "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize (Administrator).LNK" /SETADMINFLAG "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize File Search (Administrator).LNK" /SETADMINFLAG "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Duplicate File Search (Administrator).LNK" /Language "en"
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "C:\Program Files\JAM Software\TreeSize\TreeSize.exe" /NOGUI /ContextMenuEntries 6 /INSTALL /SAVESETTINGS /REGISTERPACKAGE /Language "en"
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Process created: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp "C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp" /SL5="$203D4,36275776,857088,C:\Users\user\Desktop\TreeSize-Setup.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe "C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe" /register /language en /product TreeSize /version 9.1.3 /title ' Setup - TreeSize V9.1.3' /parentHandle 328676	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe "C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe" /GetLicenseType	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe "C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe" /addFirewallRule /product TreeSize /executable 'C:\Program Files\JAM Software\TreeSize\TreeSize.exe'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "C:\Program Files\JAM Software\TreeSize\TreeSize.exe" /nogui /installcertificate	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "C:\Program Files\JAM Software\TreeSize\TreeSize.exe" /NOGUI /SETADMINFLAG "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize (Administrator).LNK" /SETADMINFLAG "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize File Search (Administrator).LNK" /SETADMINFLAG "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Duplicate File Search (Administrator).LNK" /Language "en"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "C:\Program Files\JAM Software\TreeSize\TreeSize.exe" /NOGUI /ContextMenuEntries 6 /INSTALL /SAVESETTINGS /REGISTERPACKAGE /Language "en"	Jump to behavior

Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: esdsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: esdsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: esdsip.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: virtdisk.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: fltlib.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: faultrep.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: softpub.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wpnapps.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: uiribbon.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msxml6.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: esdsip.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: virtdisk.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: version.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: netapi32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winhttp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: shfolder.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wsock32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: usp10.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mpr.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winmm.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: oleacc.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wininet.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: urlmon.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: fltlib.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: iertutil.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: srvcli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: netutils.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: samcli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msasn1.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: faultrep.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dbgcore.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winsta.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: propsys.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wldp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: profapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: softpub.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mscoree.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wpnapps.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wintypes.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rmclient.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: xmllite.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: usermgrcli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: linkinfo.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: sspicli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: srclient.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: spp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: powrprof.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vssapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vsstrace.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: umpdc.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: uiribbon.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: userenv.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: secur32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: virtdisk.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: version.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: netapi32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winhttp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: shfolder.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wsock32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: usp10.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mpr.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winmm.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: oleacc.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wininet.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: urlmon.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: fltlib.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: iertutil.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: srvcli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: netutils.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: samcli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msasn1.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: faultrep.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dbghelp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dbgcore.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wtsapi32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winsta.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: propsys.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wldp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: profapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: softpub.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mscoree.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wpnapps.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wintypes.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rmclient.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: xmllite.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: usermgrcli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: linkinfo.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: sspicli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: srclient.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: spp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: powrprof.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vssapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vsstrace.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: umpdc.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: uiribbon.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: userenv.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: secur32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: gpapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msxml6.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dwrite.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: amsi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: cryptnet.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msisip.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wshext.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: appxsip.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: opcservices.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: esdsip.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dpapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: symsrv.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: textshaping.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: edputil.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wkscli.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: winnsi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rasapi32.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rasman.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: rtutils.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: mswsock.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: msisip.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: wshext.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: appxsip.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: opcservices.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: esdsip.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: atlthunk.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: dwmapi.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: apphelp.dll
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Section loaded: prnfldr.dll

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32

Jump to behavior

Source: TreeSize.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize (Administrator).lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize File Search.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize File Search (Administrator).lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize Duplicate File Search.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize Duplicate File Search (Administrator).lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize Renamer.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.exe
Source: TreeSize Manual.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.pdf
Source: TreeSize Help.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files\JAM Software\TreeSize\TreeSize.chm

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Automated click: Next

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Copyright (c) by Joachim Marder e.K.All Rights Reserved L I C E N S E A G R E E M E N TPlease read the following terms and conditions carefully before installing and using the software. By using our software you accept this license agreement and warranty.Registered VersionTerms of UseThis License Agreement is a legal agreement between you ("Licensee") the end-user and JAM Software GmbH for the use of this software product ("Software") for both commercial and non-commercial purposes.In general you need at least as many licenses as there are computers or clients on which our software is available for execution. Each instance (installation) provided to more than one user must be licensed based on the number of users and each license may only be assigned to a new user or computer system every 30 days. A user is identified by the windows account name. For some of our products online activation is required to verify correct license usage.A licensed copy of the Software may be used by one user on up to three dedicated computers (but not simultaneously and not more than one virtual or physical server).For products that have a portable installation option the above restrictions apply. "Portable Installation" in this context means that the user is entitled to install the software on a removable medium (e.g. USB stick or external hard drive) in order to use it on another computer without further installation. The portable installation is equivalent to a full installation on an independent system in terms of licensing law. It is exclusively for use on removable media and does not include network sharing. The portable use on an external medium (if possible) remains unaffected by the 30-day transfer restriction since the user of the medium is usually also the license holder.If the licensed software is made available for execution over a network the number of licenses purchased for the software must be at least equal to the number of physical PCs servers and terminal clients on which it can be executed. For example if the Software can be executed on 8 different PCs or terminal clients on the network a minimum of 8 licenses is required regardless of whether the Software actually runs simultaneously on all PCs. For some products client licenses are offered which can be used to license additional users.A site license allows you to use the software for all users and on all computers in one location (city). Site or company-wide licenses may not be used by other legal entities in the group but are limited to the respective legal entity of the licensee.In the case of processing data on behalf of or for a customer our licenses only cover the installation of the commissioned party and the data of one customer to be supported. Additional customers mu
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation.Copyright (c) by Joachim Marder e.K.All Rights Reserved L I C E N S E A G R E E M E N TPlease read the following terms and conditions carefully before installing and using the software. By using our software you accept this license agreement and warranty.Registered VersionTerms of UseThis License Agreement is a legal agreement between you ("Licensee") the end-user and JAM Software GmbH for the use of this software product ("Software") for both commercial and non-commercial purposes.In general you need at least as many licenses as there are computers or clients on which our software is available for execution. Each instance (installation) provided to more than one user must be licensed based on the number of users and each license may only be assigned to a new user or computer system every 30 days. A user is identified by the windows account name. For some of our products online activation is required to verify correct license usage.A licensed copy of the Software may be used by one user on up to three dedicated computers (but not simultaneously and not more than one virtual or physical server).For products that have a portable installation option the above restrictions apply. "Portable Installation" in this context means that the user is entitled to install the software on a removable medium (e.g. USB stick or external hard drive) in order to use it on another computer without further installation. The portable installation is equivalent to a full installation on an independent system in terms of licensing law. It is exclusively for use on removable media and does not include network sharing. The portable use on an external medium (if possible) remains unaffected by the 30-day transfer restriction since the user of the medium is usually also the license holder.If the licensed software is made available for execution over a network the number of licenses purchased for the software must be at least equal to the number of physical PCs servers and terminal clients on which it can be executed. For example if the Software can be executed on 8 different PCs or terminal clients on the network a minimum of 8 licenses is required regardless of whether the Software actually runs simultaneously on all PCs. For some products client licenses are offered which can be used to license additional users.A site license allows you to use the software for all users and on all computers in one location (city). Site or company-wide licenses may not be used by other legal entities in the group but are limited to the respective legal entity of the licensee.In the case of processing data on behalf of or for a customer our licenses only cover the installation of the commissioned party and the data of one customer to be supported. Additional customers mu

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-R4FTK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-72PA3.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Inno Setup	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Inno Setup\is-11J8L.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-98K2M.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-6LRB2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\BouncyCastle	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\BouncyCastle\is-CONKA.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\WindowsFirewallHelper	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\WindowsFirewallHelper\is-LI4UO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Spring4D	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Spring4D\is-LCF07.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Windows Ribbon Framework for Delphi	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Windows Ribbon Framework for Delphi\is-0DE9P.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Virtual TreeView	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Virtual TreeView\is-6FK4S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Abbrevia	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Abbrevia\is-O084G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Jedi Component Library	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\Jedi Component Library\is-2G5RV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\SynPDF	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\SynPDF\is-SH3FG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\PasOpenCL	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\PasOpenCL\is-5IC8G.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\GLScene	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\LicenseFiles\GLScene\is-L77PL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-NK7KL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-NPTM0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-IG5VU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-ABQ1U.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-SBQT2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-TILR0.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-OKLVV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-5KU53.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-QPJRT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-77909.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-HL5HB.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-5DQET.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-OPABV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-GL6BI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\is-Q2OGP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Directory created: C:\Program Files\JAM Software\TreeSize\unins000.msg	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TreeSize_is1

Jump to behavior

Source: TreeSize-Setup.exe

Static PE information: certificate valid

Source: TreeSize-Setup.exe

Static file information: File size 37333832 > 1048576

Source: TreeSize-Setup.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\a\_work\e\src\out\Release_x64\WebView2Loader.dll.pdb source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D462C1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397538450.0000010D505A0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3691F000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D465D6000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB18F9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Encodings.Web/Release/net462/System.Text.Encodings.Web.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2397721211.0000010D505F0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36496000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3647A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D364EF000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3648A000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: .proj;.a;.ahk;.asm;.bml;.bdsgroup;.bpg;.bpi;.bpk;.bpr;.c;.cbl;.cpp;.cs;.cvs;.dbg;.dcp;.dcr;.dcu;.def;.dess;.dfm;.dof;.dpk;.dpr;.drc;.dtd;.elf;.exp;.fmx;.frm;.h;.hpp;.hmx;.hmxp;.??html;.idl;.inc;.inl;.ise;.ism;.iss;.java;.json;.jsl;.lib;.lic;.lpk;.mak;.mk;.map;.mds;.ncp;.nrmap;.o;.obj;.pas;.pch;.pdb;.pfx;.pl;.ps1;.py;.rc;.rc2;.rdl;.res;.resx;.resources;.rgs;.scs;.shfb;.sln;.snippet;.src;.suo;.svn;.swd;.swt;.targets;.tcLLP;.tcScript;.tcl;.trx;.tlb;.tt;.vb;.vbp;.vbs;.vbw;.vcproj;.vsp;.vsprops;.vssettings;.vstemplate;.wsdl;.wxl;.wxs;.xaml;.xdr;.xfm;.xsd;.xsl source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000051000.00000020.00000001.01000000.00000011.sdmp
Source:	Binary string: Jam.License.Validation.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D4679A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381012204.0000010D36280000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D46772000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetComponents_trunk\DotNetLib\Jam.Interop.Merged\bin\Release\Jam.Interop.pdb source: TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: WindowsFirewallHelper.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46721000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380865998.0000010D361C0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D466A9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: WindowsFirewallHelper.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46721000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2380865998.0000010D361C0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D466A9000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdbBSJB source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D3653A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3651E000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36532000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\Projekte\Demo Projects\AuthenticodeExaminer-0.3.0\src\AuthenticodeExaminer\obj\Release\net461\AuthenticodeExaminer.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2395123116.0000010D4EEC0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.CompilerServices.Unsafe\net461-Release\System.Runtime.CompilerServices.Unsafe.pdb source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D3653A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3651E000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36532000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2397492193.0000010D50590000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3688B000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D368A7000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3689F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Jam.License.Common.pdb, source: LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: Jam.License.Shared.pdb\| source: LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\a\_work\e\src\out\Release_x64\WebView2Loader.dll.pdbOGP source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetComponents_trunk\DotNetLib\Jam.Interop.Merged\bin\Release\Jam.Interop.pdbSHA256{cZ source: TreeSize.exe, 0000000B.00000003.2987412265.000001BB8717B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Encodings.Web/Release/net462/System.Text.Encodings.Web.pdb source: LicenseManager.exe, 00000003.00000002.2397721211.0000010D505F0000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36496000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3647A000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D364EF000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3648A000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdb source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: c:\ProgrammingProjects\Redemption\binary\Release\Redemption64.pdb source: TreeSize-Setup.tmp, 00000002.00000002.4797252596.0000000006431000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb source: LicenseManager.exe, 00000003.00000002.2381139818.0000010D365D2000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2397921615.0000010D50620000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365BE000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D365DA000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\Projekte\Demo Projects\AuthenticodeExaminer-0.3.0\src\AuthenticodeExaminer\obj\Release\net461\AuthenticodeExaminer.pdb source: LicenseManager.exe, 00000003.00000002.2395123116.0000010D4EEC0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetLib_trunk\DotNetLib\Jam.Logging\obj\Release\netstandard2.0\Jam.Logging.pdb source: LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2427772223.000001AFBA530000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60AC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2583412885.0000011FF60D4000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/System.Text.Json/Release/net462/System.Text.Json.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2388434996.0000010D46528000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2394679243.0000010D4EE30000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2388434996.0000010D4640C000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB17E1000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2414107375.000001AFA17EC000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000008.00000002.2421649657.000001AFB1958000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Jenkins\workspace\DotNetShared\DotNetLib_trunk\DotNetLib\Jam.Logging\obj\Release\netstandard2.0\Jam.Logging.pdbSHA256 source: LicenseManager.exe, 00000003.00000002.2380671138.0000010D349B0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: LicenseManager.exe, 00000003.00000002.2397860461.0000010D50610000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3656D000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D36581000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Jam.License.Common.pdb source: LicenseManager.exe, 00000003.00000002.2394602992.0000010D4ECD0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: LicenseManager.exe, 00000003.00000002.2397492193.0000010D50590000.00000004.08000000.00040000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3688B000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D368A7000.00000004.00000800.00020000.00000000.sdmp, LicenseManager.exe, 00000003.00000002.2381139818.0000010D3689F000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: Jam.License.Shared.pdb source: LicenseManager.exe, 00000003.00000002.2380632130.0000010D349A0000.00000004.08000000.00040000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: LicenseManager.exe.2.dr, -.cs	.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
Source: LicenseManager.exe.2.dr, -.cs	.Net Code: _E00D System.Reflection.Assembly.Load(byte[])
Source: is-QPJRT.tmp.2.dr, -.cs	.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
Source: is-QPJRT.tmp.2.dr, -.cs	.Net Code: _E00D System.Reflection.Assembly.Load(byte[])
Source: is-98K2M.tmp.2.dr, -.cs	.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
Source: is-98K2M.tmp.2.dr, -.cs	.Net Code: _E00D System.Reflection.Assembly.Load(byte[])
Source: is-SBQT2.tmp.2.dr, JamCOMObjectFactory.cs	.Net Code: _E004 System.Reflection.Assembly.Load(byte[])

Binary contains a suspicious time stamp

Source: is-OKLVV.tmp.2.dr

Static PE information: 0xBA6201D2 [Fri Feb 1 22:59:30 2069 UTC]

PE file contains an invalid checksum

Source: is-OPABV.tmp.2.dr	Static PE information: real checksum: 0x0 should be: 0x1afc75
Source: is-77909.tmp.2.dr	Static PE information: real checksum: 0x814d should be: 0x9b76

PE file contains sections with non-standard names

Source: TreeSize-Setup.exe	Static PE information: section name: .didata
Source: TreeSize-Setup.tmp.0.dr	Static PE information: section name: .didata
Source: is-HL5HB.tmp.2.dr	Static PE information: section name: .didata
Source: is-HL5HB.tmp.2.dr	Static PE information: section name: .debug
Source: is-5DQET.tmp.2.dr	Static PE information: section name: .00cfg
Source: is-5DQET.tmp.2.dr	Static PE information: section name: .gxfg
Source: is-5DQET.tmp.2.dr	Static PE information: section name: .retplne
Source: is-5DQET.tmp.2.dr	Static PE information: section name: _RDATA
Source: is-OPABV.tmp.2.dr	Static PE information: section name: .didata
Source: is-R4FTK.tmp.2.dr	Static PE information: section name: .didata
Source: is-NK7KL.tmp.2.dr	Static PE information: section name: .didata

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD346A78C2 push FFFFFFE9h; iretd	3_2_00007FFD346A78CA
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 3_2_00007FFD3469F9D5 push eax; iretd	3_2_00007FFD3469F9D9
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 8_2_00007FFD346920F7 push FFFFFFE9h; iretd	8_2_00007FFD346920FA
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD34673122 push FFFFFFE9h; iretd	10_2_00007FFD3467312A
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Code function: 10_2_00007FFD3466C2F3 push eax; iretd	10_2_00007FFD3466C309

Source: LicenseManager.exe.2.dr	Static PE information: section name: .text entropy: 7.951493927909206
Source: is-QPJRT.tmp.2.dr	Static PE information: section name: .text entropy: 7.995523930811098
Source: is-98K2M.tmp.2.dr	Static PE information: section name: .text entropy: 7.951493927909206

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\Microsoft.IdentityModel.Abstractions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-5DQET.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\Redemption64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\WebView2Loader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-98K2M.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\Jam.Logging.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-QPJRT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-TILR0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\Jam.Net.Mail.Interop.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-NK7KL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-HL5HB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-R4FTK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-SBQT2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\Jam.Interop.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\LicenseManager.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-OPABV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\Microsoft.Identity.Client.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-OKLVV.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\TreeSize-Setup.exe	File created: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-77909.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\ChartAssembly.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\is-5KU53.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\Program Files\JAM Software\TreeSize\TreeSizeContextMenu.dll (copy)	Jump to dropped file

Creates or modifies windows services

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize (Administrator).lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize File Search.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize File Search (Administrator).lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Duplicate File Search.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Duplicate File Search (Administrator).lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Renamer.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Manual.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Help.lnk	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TreeSize.lnk	Jump to behavior

Stores large binary data to the registry

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob

Jump to behavior

Source: C:\Users\user\Desktop\TreeSize-Setup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Memory allocated: 10D34970000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Memory allocated: 10D4E2C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Memory allocated: 1AF9FE00000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Memory allocated: 1AFB97E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Memory allocated: 11FE45E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Memory allocated: 11FFE080000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Memory allocated: 1BB874F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Memory allocated: 1BB9F640000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Memory allocated: 2038E860000 memory reserve \| memory write watch
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Memory allocated: 203A6920000 memory reserve \| memory write watch

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\Microsoft.IdentityModel.Abstractions.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-5DQET.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\Microsoft.Identity.Client.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-OPABV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\WebView2Loader.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\Redemption64.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\Jam.Logging.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-OKLVV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-77909.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\ChartAssembly.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-QPJRT.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-TILR0.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\Jam.Net.Mail.Interop.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-5KU53.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-HL5HB.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\is-SBQT2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\Jam.Interop.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Dropped PE file which has not been started: C:\Program Files\JAM Software\TreeSize\TreeSizeContextMenu.dll (copy)	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe TID: 6980	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe TID: 5956	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe TID: 3496	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe TID: 5708	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe TID: 7116	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe

Last function: Thread delayed

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe

Code function: 15_2_0006DDC0 GetSystemInfo,

15_2_0006DDC0

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: PC, VMware
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Files of Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: rerApplikationProgrammer, biblioteker og andre kompilerede ressourcerKomprimerede arkiver og diskbillederProgramvareudviklingKilde- og projektfiler til softwareudviklingsprojekterVirtualiseringFiler fra Virtual PC, VMware, osv.OfficeDokumenter og filer i Office-programmer og PDF-filerFejl under
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: bory Virtual PC, VMware at
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: hrbare Dateien, Bibliotheken und andere kompilierte RessourcenKomprimierte Archive und Disk ImagesSoftwareentwicklungQuell- und Projektdateien von SoftwareentwicklungsprojektenVirtualisierungDateien von Virtual PC, VMware, etc.OfficeDokumente und Dateien von Office Programmen sowie PDFsFehler beim Lesen der Zertifikat-Datei: (%d) %sDas Zertifikat wurde in der Datei nicht gefunden: (%d) %sIdleNiedrigNiedriger als normalNormalH
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Virtual PC, VMware, stb. f
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Filer fra Virtual PC, VMware, osv.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: o de PCArquivos do Virtual PC, VMware, etc.Documentos e arquivos de programas do office e PDFsErro ao abrir o arquivo de certificado: (%d) %sO certificado n
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Fichiers de Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: File di Virtual PC, VMWare, ecc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: 65535 piksler.SystemSystemfilerDatabase filerFiler som inneholder data fra klient- og serverdatabaserMidlertidigMidlertidige filer og sikkerhetskopier som inneholder tidligere versjoner av gjeldende filerTekstVanlige tekstfiler, loggfilerHjelpFiler i Windows-hjelpesystemetInternett-filerFiler relatert til WWW, som HTML-filerKon&figurasjonFiler som inneholder konfigurasjonsinnstillingerMail TilE-postmeldinger og filer fra e-postklienterLydfilerFiler som inneholder musikk, lyder eller spillelisterVideofilerFiler som inneholder videoer eller animasjonerBilledbaseFiler som inneholder bilder eller musepekereApplikasjonProgramfiler, biblioteker og andre samlede ressurserKomprimerte arkiver og diskavbildningerProgramvareutviklingsfilerKilde- og prosjektfiler for programvareutviklingsprosjekterPC-virtualiseringsfilerFiler av virtuell PC, VMware, etc.Dokumenter og filer fra office-program og PDFFeil ved
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: o de PCFicheiros do Virtual PC, VMware, etc.Documentos e ficheiros de programas do office e PDFsErro ao abrir o ficheiro do certificado: (%d) %sCertificado n
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: unalnikaDatoteke Virtual PC, VMware itd.PisarnaDokumenti in datoteke pisarni
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Sanal PC, VMware Dosyalar
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Datoteke Virtual PC, VMware itd.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: VMware
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004359000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Virtualization!Files of Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: rmaSanal PC, VMware Dosyalar
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: w oprogramowania deweloperaWirtualizacjaPliki z Virtual PC, VMware, itp.BiuroDokumenty i pliki program
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Bestanden van Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Arquivos do Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004359000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: , VMware
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Dateien von Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: nArchivos de PC virtual, VMWare, etc.OfficeArchivos y documentos de programas Office y PDFError al abrir el certificado: (%d) %sNo hay certificado en el archivo: (%d) %sDesocupadoBajaBajo la normalNormalSobre la normalAltaTiempo realArchivos miscel
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Files of Virtual PC, VMware, etc.64766
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Files of Virtual PC, VMware, etc.64767
Source: LicenseManager.exe, 00000003.00000002.2394291964.0000010D4EC15000.00000004.00000020.00020000.00000000.sdmp, LicenseManager.exe, 0000000A.00000002.2586574103.0000011FFEDB6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Ficheiros do Virtual PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000005759000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Virtual PC, VMware,
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: ho PC, VMware, atd.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Pliki z Virtual PC, VMware, itp.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: ho PC, VMware, atd.Kancel
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Filer av virtuell PC, VMware, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: , VMware,
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: nSoftware ontwikkelingBron- en projectbestanden van softwareontwikkelingsprojectenVirtualisatieBestanden van Virtual PC, VMware, etc.OfficeDocumenten en bestanden van office-programma's en PDF'sFout bij openen van certificaatbestand: (%d) %sCertificaat is niet gevonden in bestand: (%d) %sInactiefLaagLager dan normaalNormaalHoger dan normaalHoogReal-timeDiverse bestandenOnbekende bestandstypen%s is geen geldige hexadecimale stringvarDispatch type wordt niet ondersteundvarError type niet ondersteundSchema "%s" is niet geregistreerdType past niet in VariantOngeldige datum: %sOngeldige tijd: %sOngeldige minuut: %dOngeldige millisecondes: %dOngeldig deel van seconde: %fOngeldig verschil in uren: %dOngeldige waarde voor periode: %sVerschil in uren is ongeldigOngeldig decimaal getal: "%s"Microsoft MSXML is niet ge
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Archivos de PC virtual, VMWare, etc.
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: Virtual PC, VMware
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: veloppement logicielVirtualisationFichiers de Virtual PC, VMware, etc.BureauDocuments et fichiers de programmes bureautiques et PDFErreur
Source: TreeSize.exe, 0000000B.00000000.2840703954.0000000004D59000.00000002.00000001.01000000.00000011.sdmp	Binary or memory string: la larghezza o l'altezza superano la dimensione massima di 65535 pixel.SistemaFile di sistemaFiles di DatabaseFile contenenti dati di database client e serverTemporaneoFile temporanei e copie backup contenenti versioni precedenti dei file attualiTestFile di testo semplice, file di registroAiutoFile del sistema aiuto WindowsFile internetFile relativi al WWW, come file HTMLCon&figurazioneFile contenenti impostazioni di configurazionePosta aMessaggi di posta elettronica e file di client di posta elettronicaFiles audioFile contenenti musica, suoni o playlistFile videoFile contenenti video o animazioniBase immagineFile contenenti immagini, foto o cursori mouseApplicazioneFile di programma, di librerie e altre risorse compilateArchivi compressi e immagini dischiFile di sviluppo softwareFile di origine e progetto di progetti sviluppo softwareFile di virtualizzazione ComputerFile di Virtual PC, VMWare, ecc.UfficioDocumenti e file di programmi d'ufficio e PDFErrore nell'apertura del file del certificato: (%d) %sIl certificato non

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp

Process information queried: ProcessInformation

Jump to behavior

Enables debug privileges

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	NtQueryDirectoryFile: Indirect: 0x12EEFD9
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	NtQuerySystemInformation: Indirect: 0x10CB31
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	NtQuerySystemInformation: Indirect: 0x10CA67

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "c:\program files\jam software\treesize\treesize.exe" /nogui /setadminflag "c:\programdata\microsoft\windows\start menu\programs\treesize\treesize (administrator).lnk" /setadminflag "c:\programdata\microsoft\windows\start menu\programs\treesize\treesize file search (administrator).lnk" /setadminflag "c:\programdata\microsoft\windows\start menu\programs\treesize\treesize duplicate file search (administrator).lnk" /language "en"
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Process created: C:\Program Files\JAM Software\TreeSize\TreeSize.exe "c:\program files\jam software\treesize\treesize.exe" /nogui /setadminflag "c:\programdata\microsoft\windows\start menu\programs\treesize\treesize (administrator).lnk" /setadminflag "c:\programdata\microsoft\windows\start menu\programs\treesize\treesize file search (administrator).lnk" /setadminflag "c:\programdata\microsoft\windows\start menu\programs\treesize\treesize duplicate file search (administrator).lnk" /language "en"			Jump to behavior

Source: TreeSize.exe, 0000000B.00000000.2663220607.0000000000A51000.00000020.00000001.01000000.00000011.sdmp

Binary or memory string: Shell_TrayWnd

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\Jam.Interop.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\Jam.Interop.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\Jam.Logging.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\LicenseManager.exe VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\LicenseManager.exe VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation	Jump to behavior
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\Jam.Interop.dll VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\Jam.Interop.dll VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\Jam.Logging.dll VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\LicenseManager.exe VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Program Files\JAM Software\TreeSize\LicenseManager.exe VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Program Files\JAM Software\TreeSize\TreeSize.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Adds / modifies Windows certificates

Source: C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 Blob

Jump to behavior

ID:	1426779
Product:	CloudBasic
Start time:	16:02:14
Start date:	16.04.2024
Sample:	TreeSize-Setup.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	b2b00fa27fde68996228cf16b68c682c
SHA1:	d142ff8b539dd5eb151928ceaff4dea35cfa78ce
SHA256:	cc46c28b28db55db42341502db22529d16d8f38f167a5588d07dbb799b330bad
Filetype:	Win32 Executable (generic) a (10002005/4) 98.45%

Name	Type	MD5	SHA1	SHA256
C:\Program Files\JAM Software\TreeSize\ChartAssembly.dll (copy)	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	9405F1CC51791938CD25EB882B55E487	755C2189593677564D096592F689A00706CDF3B4	87A4C5E247D32C735BAC8690F42AFF1EF5C9303FAE2CE07AA734E0B78B31562C
C:\Program Files\JAM Software\TreeSize\Jam.Interop.dll (copy)	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	E0AF33F54A9BC7AAA9E4FE5297076B0E	95C325608B9C8F6183336A9770B3763EAAB8F8E3	D49EEDAA543182EAEA07F18FA08D881A5E25C8E0A47E1002A412BDDE383AEC2D
C:\Program Files\JAM Software\TreeSize\Jam.Logging.dll (copy)	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	16BD9F798FDA178C404608CA8B261CCD	AEA571DCFF9B4F13C1E1A468621648D1E462FD8A	F82562B0B6CAD52F514290DEE76CF330E7289A8F571325A624E97D87652229C7
C:\Program Files\JAM Software\TreeSize\Jam.Net.Mail.Interop.dll (copy)	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	0063D09F4662CAF2726C38DBFA40F61F	A049CDF15AE233B3FD8AE99C18C9883CBBEBDCD9	50AA8BC2C311B0D01B98CCEA9865981FBCFCE1588CBD1D5B2998021A04B3D710
C:\Program Files\JAM Software\TreeSize\License.rtf (copy)	Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025	911EAF50AF90A456F537CEE153FD0869	B61CB4D6B68EAB0FAAB4DF9704F1B29339E26F41	0C9F2EC14F247D3FF74F68A98DAF129B0B5EF287D075867A9470F78734E2F681
C:\Program Files\JAM Software\TreeSize\LicenseFiles\Abbrevia\License.txt (copy)	ASCII text, with CRLF line terminators	29FD8042FD371C2E8BC532B8C833C4EB	384FACF0A93C43D2BA47FBB1A8448C23BFE1EF8B	3E9C4877FEFD63A6A97237D840660C487E38CD7B468BBC52A1CCF894F4866C45
C:\Program Files\JAM Software\TreeSize\LicenseFiles\Abbrevia\is-O084G.tmp	ASCII text, with CRLF line terminators	29FD8042FD371C2E8BC532B8C833C4EB	384FACF0A93C43D2BA47FBB1A8448C23BFE1EF8B	3E9C4877FEFD63A6A97237D840660C487E38CD7B468BBC52A1CCF894F4866C45
C:\Program Files\JAM Software\TreeSize\LicenseFiles\BouncyCastle\is-CONKA.tmp	ASCII text, with very long lines (461), with CRLF line terminators	92197937BCA776376A2E2F2F08CC0551	CBDFBB7ACAEF763AA5E3DD30FEA4731A39370A23	FAC753057E854D4A389B4A7FFB271F05CEE527636FCDDF3B59423E2C8004E28D
C:\Program Files\JAM Software\TreeSize\LicenseFiles\BouncyCastle\licence (copy)	ASCII text, with very long lines (461), with CRLF line terminators	92197937BCA776376A2E2F2F08CC0551	CBDFBB7ACAEF763AA5E3DD30FEA4731A39370A23	FAC753057E854D4A389B4A7FFB271F05CEE527636FCDDF3B59423E2C8004E28D
C:\Program Files\JAM Software\TreeSize\LicenseFiles\GLScene\LICENSE (copy)	ASCII text, with CRLF line terminators	55A288862EC4D1FD20F996344D511A1F	E2BD6BDB41B8337BF19F0363674998A1319BED52	2684DE17300E0A434686F1EC7F8AF6045207A4B457A3FE04B2B9CE655E7C5D50
C:\Program Files\JAM Software\TreeSize\LicenseFiles\GLScene\is-L77PL.tmp	ASCII text, with CRLF line terminators	55A288862EC4D1FD20F996344D511A1F	E2BD6BDB41B8337BF19F0363674998A1319BED52	2684DE17300E0A434686F1EC7F8AF6045207A4B457A3FE04B2B9CE655E7C5D50
C:\Program Files\JAM Software\TreeSize\LicenseFiles\Inno Setup\LICENSE.txt (copy)	ASCII text, with CRLF line terminators	F960CFC0C8310C487633F5A0B945C987	10090C5FEFAF36983E0DF80DEC4A9EBCC3580A49	D022EE9A38EA46EA445AD5370EE2B8AC75303D96A6FDBB30F50292F78A04D3D8
C:\Program Files\JAM Software\TreeSize\LicenseFiles\Inno Setup\is-11J8L.tmp	ASCII text, with CRLF line terminators	F960CFC0C8310C487633F5A0B945C987	10090C5FEFAF36983E0DF80DEC4A9EBCC3580A49	D022EE9A38EA46EA445AD5370EE2B8AC75303D96A6FDBB30F50292F78A04D3D8
C:\Program Files\JAM Software\TreeSize\LicenseFiles\Jedi Component Library\License.txt (copy)	ASCII text, with CRLF line terminators	119094B8F3DB0B669B39C70F95199A54	F60C5CD120268AC4FAE07D83A3677CC9F2710301	5E8AD5B75CB6FFE779D84BFA19836E92E7B26CC50500AEE939A9E7C97E9417AD
C:\Program Files\JAM Software\TreeSize\LicenseFiles\Jedi Component Library\is-2G5RV.tmp	ASCII text, with CRLF line terminators	119094B8F3DB0B669B39C70F95199A54	F60C5CD120268AC4FAE07D83A3677CC9F2710301	5E8AD5B75CB6FFE779D84BFA19836E92E7B26CC50500AEE939A9E7C97E9417AD
C:\Program Files\JAM Software\TreeSize\LicenseFiles\PasOpenCL\License.txt (copy)	ASCII text, with very long lines (946)	D195221EFF7F43570C622E530DFB54C1	EA77A64B0C15023A8EB44B978C87EFE7B419A5D6	BFF8769453EEF48260BF36B8DD3096E4B416359FF5FC2A9FBF433D04F505E596
C:\Program Files\JAM Software\TreeSize\LicenseFiles\PasOpenCL\is-5IC8G.tmp	ASCII text, with very long lines (946)	D195221EFF7F43570C622E530DFB54C1	EA77A64B0C15023A8EB44B978C87EFE7B419A5D6	BFF8769453EEF48260BF36B8DD3096E4B416359FF5FC2A9FBF433D04F505E596
C:\Program Files\JAM Software\TreeSize\LicenseFiles\Spring4D\License.txt (copy)	ASCII text, with very long lines (946), with CRLF line terminators	3CD65C5DF51A3989AF566559988AED3A	B75F20FA0D7408A1336E9182F8E4C88D8E4105AC	16867DA3DE1576EFA706D6AFBD123B3746C3103EB2A13664E2F26CFF2754D894
C:\Program Files\JAM Software\TreeSize\LicenseFiles\Spring4D\is-LCF07.tmp	ASCII text, with very long lines (946), with CRLF line terminators	3CD65C5DF51A3989AF566559988AED3A	B75F20FA0D7408A1336E9182F8E4C88D8E4105AC	16867DA3DE1576EFA706D6AFBD123B3746C3103EB2A13664E2F26CFF2754D894
C:\Program Files\JAM Software\TreeSize\LicenseFiles\SynPDF\License.txt (copy)	ASCII text, with CRLF line terminators	21733EA78792989242F5B2335EE98930	7A5D35EE16C42D9159CDCA71C7E28C146DE05061	D11F2A48EC689B6087601AD447A2B27B00DE49ED18A6E960F19524C7C164C099
C:\Program Files\JAM Software\TreeSize\LicenseFiles\SynPDF\is-SH3FG.tmp	ASCII text, with CRLF line terminators	21733EA78792989242F5B2335EE98930	7A5D35EE16C42D9159CDCA71C7E28C146DE05061	D11F2A48EC689B6087601AD447A2B27B00DE49ED18A6E960F19524C7C164C099
C:\Program Files\JAM Software\TreeSize\LicenseFiles\Virtual TreeView\License.txt (copy)	ASCII text, with CRLF line terminators	779779A7229289E71CED3F290A644F71	5B985B4532B36975F31F777B875803FDD4A983ED	6283D1E7EF5C6F6BACFA23C6FB73A0FBFF4E1BBD77EF1410590F47532E38DBD7
C:\Program Files\JAM Software\TreeSize\LicenseFiles\Virtual TreeView\is-6FK4S.tmp	ASCII text, with CRLF line terminators	779779A7229289E71CED3F290A644F71	5B985B4532B36975F31F777B875803FDD4A983ED	6283D1E7EF5C6F6BACFA23C6FB73A0FBFF4E1BBD77EF1410590F47532E38DBD7
C:\Program Files\JAM Software\TreeSize\LicenseFiles\Windows Ribbon Framework for Delphi\License.txt (copy)	ASCII text, with CRLF line terminators	8F311CAE53D392494AAEF34CE9D7296F	0F5581638EBB0B897F575E641604690D1094CC90	9137CF1DC1B99DEFB98C79E504C00D542110A035F1D848B9D99B6A6E65DE1F0C
C:\Program Files\JAM Software\TreeSize\LicenseFiles\Windows Ribbon Framework for Delphi\is-0DE9P.tmp	ASCII text, with CRLF line terminators	8F311CAE53D392494AAEF34CE9D7296F	0F5581638EBB0B897F575E641604690D1094CC90	9137CF1DC1B99DEFB98C79E504C00D542110A035F1D848B9D99B6A6E65DE1F0C
C:\Program Files\JAM Software\TreeSize\LicenseFiles\WindowsFirewallHelper\LICENSE (copy)	ASCII text	DC1CBEB991B23714A2F6A18C381EEF12	7125504A88F0C97A4C8DEAEA0B7C31FDAE9D535B	842FB62CC62CC4515612BC67528EE512F4099C53EB7D0E55571A14AAA2F362E0
C:\Program Files\JAM Software\TreeSize\LicenseFiles\WindowsFirewallHelper\is-LI4UO.tmp	ASCII text	DC1CBEB991B23714A2F6A18C381EEF12	7125504A88F0C97A4C8DEAEA0B7C31FDAE9D535B	842FB62CC62CC4515612BC67528EE512F4099C53EB7D0E55571A14AAA2F362E0
C:\Program Files\JAM Software\TreeSize\LicenseManager.exe (copy)	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	7CB08BDE1C788E306D481AF58C3143B0	F8AD6BED9A00CB7A830D9FBEB29C3D36C6D37EBF	C989461BE7FFC1B586BF3EDD792F09A356B834470B368CCF4B5D2CDAB88E259F
C:\Program Files\JAM Software\TreeSize\LicenseManager.exe.config (copy)	XML 1.0 document, ASCII text, with CRLF line terminators	D03CCEAFBCA07120C7A36F3E243805B8	F868045E675D82CDFF1FD253B68A020CAD3D3FD8	ABEFC8827FC03DDE158EAD299D4A160F13D79B7D72A936D68AAF95B075B2D789
C:\Program Files\JAM Software\TreeSize\Microsoft.Identity.Client.dll (copy)	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	135422362A12707DE9F3C7043BA9AAAD	DD969810EA5FC6B8DC111FB4F6B6A4C9E5C21CD1	ECCF880BA508CF7B34B2BCAFDCB120C3A937A95740A0F11328059A273D2C277A
C:\Program Files\JAM Software\TreeSize\Microsoft.IdentityModel.Abstractions.dll (copy)	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	208D544E3A2D28601A7AE1FCA5AB4A12	361B310340568A91AEF7C951B52C16BA01F8BBFD	18BDB8AF01056E8BABE77FB76452878E8DA5611D00F9EF65DF61410AEDF34146
C:\Program Files\JAM Software\TreeSize\Redemption64.dll (copy)	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows	9DAAF2A967BF955D5EEB94987C7286CE	98726814744D82BA3A9DE4B0422B5F14B5DEC3FA	3230E05B8202D1BD7F11FDC21FB12EFFEA21D83D011D5BB025E0356C90658168
C:\Program Files\JAM Software\TreeSize\TreeSize.chm (copy)	MS Windows HtmlHelp Data	C16D3E58C3EA19426904981CF51E4518	B68EE1D91F3E6C6D8DBD8AE0DF957CD3B1BD3606	7A9CDAE159729108EF3001E022B078852E1CE9FB86B9E3B529882B6155D954CE
C:\Program Files\JAM Software\TreeSize\TreeSize.exe (copy)	PE32+ executable (GUI) x86-64, for MS Windows	DECFC2E2970FD5D17917980F05767EDC	4174B9A1D745842ACDCB42EB1CAE8A1CFA3852BF	A88AE5AA30852F0ECE1D71E7E41F78B9A0EE886F0D6095F90F19FF6314BACB44
C:\Program Files\JAM Software\TreeSize\TreeSize.pdf (copy)	PDF document, version 1.4	E467FCB1B83506E223A005A07CB6B8B2	ED4DC9BE588F8258A90F26B766825330C264E149	B95D92545CA7A044846DAA2BEBC21CA7BB59FC09FC229DBC0EB1AF1B568FB92C
C:\Program Files\JAM Software\TreeSize\TreeSize44.png (copy)	PNG image data, 44 x 44, 8-bit/color RGBA, non-interlaced	D72E584EA7A39ECE105A2005BD2CEE2B	7B112183FAEEE24F36D353B78FBB7FC9857358DC	4CDD6148C92292B18E996C1579D51492FAA9393FE5E58099637F10AE96725E00
C:\Program Files\JAM Software\TreeSize\TreeSizeContextMenu.dll (copy)	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	4808D26EA370ED1E26B832CA799FFA33	8BC1D2A767048C7DCD591451E8AD15F08A957A21	E37DAF398A3B1B160B63E9882808BF0787082AFCEE967AB8A37F6C29259B62F2
C:\Program Files\JAM Software\TreeSize\TreeSizeContextMenu.msix (copy)	Zip archive data, at least v4.5 to extract, compression method=store	93ABE45170C838B101FA51937A90760D	EE3DD07305B936DC37B5B29DEEDEDBE615753A82	7FA6E2032A3092F3C5727354114937B62003E349A01B4D014B1FE4E93954CAF5
C:\Program Files\JAM Software\TreeSize\WebView2Loader.dll (copy)	PE32+ executable (DLL) (console) x86-64, for MS Windows	8838E584DE6B554189DA0297B36AFD2B	3FD613F6C14B484446C71AA651D2CCA2C3515E2C	28B898E4433291C969CD4F3BC46377B195527AD9138DF2FA57243CEB6717A6B9
C:\Program Files\JAM Software\TreeSize\is-5DQET.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	8838E584DE6B554189DA0297B36AFD2B	3FD613F6C14B484446C71AA651D2CCA2C3515E2C	28B898E4433291C969CD4F3BC46377B195527AD9138DF2FA57243CEB6717A6B9
C:\Program Files\JAM Software\TreeSize\is-5KU53.tmp	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	208D544E3A2D28601A7AE1FCA5AB4A12	361B310340568A91AEF7C951B52C16BA01F8BBFD	18BDB8AF01056E8BABE77FB76452878E8DA5611D00F9EF65DF61410AEDF34146
C:\Program Files\JAM Software\TreeSize\is-6LRB2.tmp	XML 1.0 document, ASCII text, with CRLF line terminators	D03CCEAFBCA07120C7A36F3E243805B8	F868045E675D82CDFF1FD253B68A020CAD3D3FD8	ABEFC8827FC03DDE158EAD299D4A160F13D79B7D72A936D68AAF95B075B2D789
C:\Program Files\JAM Software\TreeSize\is-72PA3.tmp	Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025	911EAF50AF90A456F537CEE153FD0869	B61CB4D6B68EAB0FAAB4DF9704F1B29339E26F41	0C9F2EC14F247D3FF74F68A98DAF129B0B5EF287D075867A9470F78734E2F681
C:\Program Files\JAM Software\TreeSize\is-77909.tmp	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	16BD9F798FDA178C404608CA8B261CCD	AEA571DCFF9B4F13C1E1A468621648D1E462FD8A	F82562B0B6CAD52F514290DEE76CF330E7289A8F571325A624E97D87652229C7
C:\Program Files\JAM Software\TreeSize\is-98K2M.tmp	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	7CB08BDE1C788E306D481AF58C3143B0	F8AD6BED9A00CB7A830D9FBEB29C3D36C6D37EBF	C989461BE7FFC1B586BF3EDD792F09A356B834470B368CCF4B5D2CDAB88E259F
C:\Program Files\JAM Software\TreeSize\is-ABQ1U.tmp	Rich Text Format data, version 1, ANSI, code page 1252, default middle east language ID 1025	911EAF50AF90A456F537CEE153FD0869	B61CB4D6B68EAB0FAAB4DF9704F1B29339E26F41	0C9F2EC14F247D3FF74F68A98DAF129B0B5EF287D075867A9470F78734E2F681
C:\Program Files\JAM Software\TreeSize\is-GL6BI.tmp	Zip archive data, at least v4.5 to extract, compression method=store	93ABE45170C838B101FA51937A90760D	EE3DD07305B936DC37B5B29DEEDEDBE615753A82	7FA6E2032A3092F3C5727354114937B62003E349A01B4D014B1FE4E93954CAF5
C:\Program Files\JAM Software\TreeSize\is-HL5HB.tmp	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows	9DAAF2A967BF955D5EEB94987C7286CE	98726814744D82BA3A9DE4B0422B5F14B5DEC3FA	3230E05B8202D1BD7F11FDC21FB12EFFEA21D83D011D5BB025E0356C90658168
C:\Program Files\JAM Software\TreeSize\is-IG5VU.tmp	PDF document, version 1.4	E467FCB1B83506E223A005A07CB6B8B2	ED4DC9BE588F8258A90F26B766825330C264E149	B95D92545CA7A044846DAA2BEBC21CA7BB59FC09FC229DBC0EB1AF1B568FB92C
C:\Program Files\JAM Software\TreeSize\is-NK7KL.tmp	PE32+ executable (GUI) x86-64, for MS Windows	DECFC2E2970FD5D17917980F05767EDC	4174B9A1D745842ACDCB42EB1CAE8A1CFA3852BF	A88AE5AA30852F0ECE1D71E7E41F78B9A0EE886F0D6095F90F19FF6314BACB44
C:\Program Files\JAM Software\TreeSize\is-NPTM0.tmp	MS Windows HtmlHelp Data	C16D3E58C3EA19426904981CF51E4518	B68EE1D91F3E6C6D8DBD8AE0DF957CD3B1BD3606	7A9CDAE159729108EF3001E022B078852E1CE9FB86B9E3B529882B6155D954CE
C:\Program Files\JAM Software\TreeSize\is-OKLVV.tmp	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	135422362A12707DE9F3C7043BA9AAAD	DD969810EA5FC6B8DC111FB4F6B6A4C9E5C21CD1	ECCF880BA508CF7B34B2BCAFDCB120C3A937A95740A0F11328059A273D2C277A
C:\Program Files\JAM Software\TreeSize\is-OPABV.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	4808D26EA370ED1E26B832CA799FFA33	8BC1D2A767048C7DCD591451E8AD15F08A957A21	E37DAF398A3B1B160B63E9882808BF0787082AFCEE967AB8A37F6C29259B62F2
C:\Program Files\JAM Software\TreeSize\is-Q2OGP.tmp	PNG image data, 44 x 44, 8-bit/color RGBA, non-interlaced	D72E584EA7A39ECE105A2005BD2CEE2B	7B112183FAEEE24F36D353B78FBB7FC9857358DC	4CDD6148C92292B18E996C1579D51492FAA9393FE5E58099637F10AE96725E00
C:\Program Files\JAM Software\TreeSize\is-QPJRT.tmp	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	0063D09F4662CAF2726C38DBFA40F61F	A049CDF15AE233B3FD8AE99C18C9883CBBEBDCD9	50AA8BC2C311B0D01B98CCEA9865981FBCFCE1588CBD1D5B2998021A04B3D710
C:\Program Files\JAM Software\TreeSize\is-R4FTK.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3193E0550820FA622974D28A99617E8C	2024EA27AB7021B76B1794172D6F37FFB3D7EC1B	E5D7AC9BD117C9E6FE80534B2EC18BA6E450E878BC210EF73206C7E10EA6F3E5
C:\Program Files\JAM Software\TreeSize\is-SBQT2.tmp	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	E0AF33F54A9BC7AAA9E4FE5297076B0E	95C325608B9C8F6183336A9770B3763EAAB8F8E3	D49EEDAA543182EAEA07F18FA08D881A5E25C8E0A47E1002A412BDDE383AEC2D
C:\Program Files\JAM Software\TreeSize\is-TILR0.tmp	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows	9405F1CC51791938CD25EB882B55E487	755C2189593677564D096592F689A00706CDF3B4	87A4C5E247D32C735BAC8690F42AFF1EF5C9303FAE2CE07AA734E0B78B31562C
C:\Program Files\JAM Software\TreeSize\unins000.dat	InnoSetup Log 64-bit TreeSize, version 0x418, 89732 bytes, 424505\37\user\, C:\Program Files\JAM Software\TreeSize\376	7684E1FB3E0C8369D3572648D1357C06	136EA590CD6B53173D35660655E28DEA983E0FEF	6850AE92EF8BE498FB12E9DFE3DE789331848C4894A60EF731704EC3D6207EBA
C:\Program Files\JAM Software\TreeSize\unins000.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	3193E0550820FA622974D28A99617E8C	2024EA27AB7021B76B1794172D6F37FFB3D7EC1B	E5D7AC9BD117C9E6FE80534B2EC18BA6E450E878BC210EF73206C7E10EA6F3E5
C:\Program Files\JAM Software\TreeSize\unins000.msg	InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation	F800545E9E894C694EAD177A94AEE500	861869732C336C66FDEEE4F8F93C4A48D8B65305	46410EAA7A842F33716AABC7A27CA56A4CFEBC899BC660155BABAD42814C1DAD
C:\ProgramData\JAM Software\Licenses\05E70BE193D4EAA94D2734139C6593C3C069A50A7C677A9202C8B2E60DD8E297	ASCII text, with very long lines (436), with no line terminators	E3849620F2C8CAA736D2424A8A3F8F5B	529C22B27B678C465ACAB96685C7335FE5F6228E	5D7D069F1F89BA2672004A83465B3EF6E859A5409BF38CFAE9B0E471EA882D91
C:\ProgramData\Licenses\05E70BE193D4EAA94D2734139C6593C3C069A50A7C677A9202C8B2E60DD8E297	ASCII text, with very long lines (436), with no line terminators	E3849620F2C8CAA736D2424A8A3F8F5B	529C22B27B678C465ACAB96685C7335FE5F6228E	5D7D069F1F89BA2672004A83465B3EF6E859A5409BF38CFAE9B0E471EA882D91
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize (Administrator).lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Apr 16 13:03:54 2024, mtime=Tue Apr 16 13:04:00 2024, atime=Thu Mar 14 09:44:12 2024, length=93973680, window=hide	EAC0AE0BF91012E3DCEC59B58ECDB225	CF3C5A07ADA1F602991DC9333A8C9D1F7F291ED5	6F6F68F6E079AB853DBFE2151CF00837EB05B4EAAA03F38D0407E9A2268A31A1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Duplicate File Search (Administrator).lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Tue Apr 16 13:03:54 2024, mtime=Tue Apr 16 13:04:00 2024, atime=Thu Mar 14 09:44:12 2024, length=93973680, window=hide	26B3F6BD56B0B618DE5643ED3AA83552	0C35A7CE5A68CC8FCB0954E61FAA56679A740ABC	2BE2FC30F87150879B58648B83D612D6387E7D5BF55AD5ECB812F1CF7D0B8C41
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Duplicate File Search.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Tue Apr 16 13:03:54 2024, mtime=Tue Apr 16 13:04:00 2024, atime=Thu Mar 14 09:44:12 2024, length=93973680, window=hide	DDE9F98A94CDD5A92DBB33796B2EC454	9DAD399DF7F3F926CAF9BCF07B37AD40EF5C4FD6	901A603C4B14667347CF19FBB25EC44B54BF01E960C5722D9F1C22E7B5004270
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize File Search (Administrator).lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Tue Apr 16 13:03:54 2024, mtime=Tue Apr 16 13:04:00 2024, atime=Thu Mar 14 09:44:12 2024, length=93973680, window=hide	4F010000BA5F43B166782C50EDBFCC40	19A286725EE9A2CE2E860982D22CCFBC575E34D7	332E2CEC8CCCFA205FF6889A8F882C224D3BDFEA03454192BE5DE781651E19B4
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize File Search.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Tue Apr 16 13:03:54 2024, mtime=Tue Apr 16 13:04:00 2024, atime=Thu Mar 14 09:44:12 2024, length=93973680, window=hide	298E1C7F7663B08044979B9B786CA528	93EEB5913BA35C4ECA56EB26E3CA117B540103E5	ED669EB21494C4441D2D7598AFA46FCB0E4B385E11C4B0290E213B1AC2D2B60F
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Help.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Apr 16 13:03:58 2024, mtime=Tue Apr 16 13:03:58 2024, atime=Thu Mar 14 09:30:36 2024, length=1801081, window=hide	F0935B8619277F11191792ABD687A32A	4455023054765E2CB9799BBF52C23B6BF0076009	B70B076816E050B522420038CC7B5F2A07671E986F7EDDA9E1D02F5C3C014702
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Manual.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Apr 16 13:03:58 2024, mtime=Tue Apr 16 13:03:58 2024, atime=Thu Mar 14 09:32:30 2024, length=3295051, window=hide	CBE6F4970724C5EB544BB0922C666DD5	1805BE1C22737063F517E3F9BFC57D372CBAE0DC	5355F391ED602E94B309F1B503DE8BD5A543F5AD03045F6F9FA56F5508235EC0
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize Renamer.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Tue Apr 16 13:03:54 2024, mtime=Tue Apr 16 13:04:00 2024, atime=Thu Mar 14 09:44:12 2024, length=93973680, window=hide	D0B917F8A1A37F121338E071E216692A	4626323075B2C87C5250E74CD436422A09706F80	358DB9A4FAAEEBA2A99785EED2289EC81771C2DA3D421AA74522C4554C02DD3B
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize\TreeSize.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Tue Apr 16 13:03:54 2024, mtime=Tue Apr 16 13:03:56 2024, atime=Thu Mar 14 09:44:12 2024, length=93973680, window=hide	120CA27A47E42B86036C50561515D414	3C754CD78BC443812707EBEED7D5258D40F58405	FE2C515F0ECDE174D04BCF71405D42BEA0EA7277BDDB1ED7F374965A8FCAAD04
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\LicenseManager.exe.log	ASCII text, with CRLF line terminators	DFD014776588C696604395C56DB57953	D57697DE980BDF7487B3270667E492908E1FAFB8	000152B863CFF54A293FD8FD9C673249B59E8482E202F3FD471F21D2C9C442E0
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TreeSize.exe.log	ASCII text, with CRLF line terminators	9E3F9AA985EF89611B87386CAFF2E97D	368DFAE1521E4AA91EDBED22E8896597B18D5AE9	70BE82ED15FEDE35EA59F6963E6089C451DEE87B705475AC0681E01384D601D9
C:\Users\user\AppData\Local\Temp\Tmp4076.tmp	data	B0E95EB9C408F1C5996C8306A27F12EB	972EAD7FC692EB24CE1C3DB98F87C3FD15BEE537	3C8551E28F1EDD49181D65AAFBA20A0053083BC21785CE276156C836165E111E
C:\Users\user\AppData\Local\Temp\Tmp40F4.tmp	data	B0E95EB9C408F1C5996C8306A27F12EB	972EAD7FC692EB24CE1C3DB98F87C3FD15BEE537	3C8551E28F1EDD49181D65AAFBA20A0053083BC21785CE276156C836165E111E
C:\Users\user\AppData\Local\Temp\Tmp4ACD.tmp	data	B0E95EB9C408F1C5996C8306A27F12EB	972EAD7FC692EB24CE1C3DB98F87C3FD15BEE537	3C8551E28F1EDD49181D65AAFBA20A0053083BC21785CE276156C836165E111E
C:\Users\user\AppData\Local\Temp\Tmp5299.tmp	data	B0E95EB9C408F1C5996C8306A27F12EB	972EAD7FC692EB24CE1C3DB98F87C3FD15BEE537	3C8551E28F1EDD49181D65AAFBA20A0053083BC21785CE276156C836165E111E
C:\Users\user\AppData\Local\Temp\Tmp5EEB.tmp	data	B0E95EB9C408F1C5996C8306A27F12EB	972EAD7FC692EB24CE1C3DB98F87C3FD15BEE537	3C8551E28F1EDD49181D65AAFBA20A0053083BC21785CE276156C836165E111E
C:\Users\user\AppData\Local\Temp\Tmp6B1B.tmp	data	B0E95EB9C408F1C5996C8306A27F12EB	972EAD7FC692EB24CE1C3DB98F87C3FD15BEE537	3C8551E28F1EDD49181D65AAFBA20A0053083BC21785CE276156C836165E111E
C:\Users\user\AppData\Local\Temp\Tmp9D7B.tmp	data	B0E95EB9C408F1C5996C8306A27F12EB	972EAD7FC692EB24CE1C3DB98F87C3FD15BEE537	3C8551E28F1EDD49181D65AAFBA20A0053083BC21785CE276156C836165E111E
C:\Users\user\AppData\Local\Temp\TmpA6CD.tmp	data	B0E95EB9C408F1C5996C8306A27F12EB	972EAD7FC692EB24CE1C3DB98F87C3FD15BEE537	3C8551E28F1EDD49181D65AAFBA20A0053083BC21785CE276156C836165E111E
C:\Users\user\AppData\Local\Temp\TmpBBE2.tmp	data	B0E95EB9C408F1C5996C8306A27F12EB	972EAD7FC692EB24CE1C3DB98F87C3FD15BEE537	3C8551E28F1EDD49181D65AAFBA20A0053083BC21785CE276156C836165E111E
C:\Users\user\AppData\Local\Temp\TmpCA99.tmp	data	B0E95EB9C408F1C5996C8306A27F12EB	972EAD7FC692EB24CE1C3DB98F87C3FD15BEE537	3C8551E28F1EDD49181D65AAFBA20A0053083BC21785CE276156C836165E111E
C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	7CB08BDE1C788E306D481AF58C3143B0	F8AD6BED9A00CB7A830D9FBEB29C3D36C6D37EBF	C989461BE7FFC1B586BF3EDD792F09A356B834470B368CCF4B5D2CDAB88E259F
C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\LicenseManager.exe.config	XML 1.0 document, ASCII text, with CRLF line terminators	D03CCEAFBCA07120C7A36F3E243805B8	F868045E675D82CDFF1FD253B68A020CAD3D3FD8	ABEFC8827FC03DDE158EAD299D4A160F13D79B7D72A936D68AAF95B075B2D789
C:\Users\user\AppData\Local\Temp\is-7N7OJ.tmp\_isetup\_setup64.tmp	PE32+ executable (console) x86-64, for MS Windows	E4211D6D009757C078A9FAC7FF4F03D4	019CD56BA687D39D12D4B13991C9A42EA6BA03DA	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
C:\Users\user\AppData\Local\Temp\is-JKD41.tmp\TreeSize-Setup.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	3193E0550820FA622974D28A99617E8C	2024EA27AB7021B76B1794172D6F37FFB3D7EC1B	E5D7AC9BD117C9E6FE80534B2EC18BA6E450E878BC210EF73206C7E10EA6F3E5
C:\Users\user\AppData\Local\Temp\jam_632056533751947870728.config	ASCII text, with very long lines (4931), with CRLF line terminators	82F9976C6C6A030C0F7744DF3E2F0343	10E8A47CFD1058DE162DB06895F21D3037B6734C	685321F287E81C68312EAD10E30D4FDEF0C7394D8744068E2B6BFEA54297FD9C
C:\Users\user\AppData\Local\Temp\jam_711657079681149295730.config	ASCII text, with very long lines (4931), with CRLF line terminators	82F9976C6C6A030C0F7744DF3E2F0343	10E8A47CFD1058DE162DB06895F21D3037B6734C	685321F287E81C68312EAD10E30D4FDEF0C7394D8744068E2B6BFEA54297FD9C
C:\Users\user\AppData\Roaming\JAM Software\TreeSize\GlobalOptions.xml	XML 1.0 document, ASCII text, with CRLF line terminators	AB635F5A48AF2CDF081B6E650B0BF3CF	022DB06A43954F45FB7DC8C6269B820E225E50F0	E00D784D3AF652CD23C121A0488B2417FC2BB529CA99A1DEACA9098FD350C4DD
C:\Users\user\AppData\Roaming\JAM Software\TreeSize\bugreport.jer	ASCII text, with CRLF line terminators	AF941AB05821FEFD3739423FA0D5FA94	113BA3CA5A3FC5DDE588EF5723FA8F090C213F46	4CF2867521AF2DD2FA8F33FCF112A55AFF1E0CC640787995A335FEC5404EF1EC
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TreeSize.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Apr 16 13:03:54 2024, mtime=Tue Apr 16 13:04:30 2024, atime=Thu Mar 14 09:44:12 2024, length=93973680, window=hide	8845420AA708963D19128C5A803488F2	11E02DB1C9CEBB0BED0656E7E35DE87F57FEC6E6	D6A15CA06A610E6D9D12D0527D6EB9D4E6A4C555F19DFBAE8C69EF7AE9197A7A

Windows Analysis Report
TreeSize-Setup.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report TreeSize-Setup.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
TreeSize-Setup.exe