File name:

WinMerge-2.16.40-x64-Setup.exe

Full analysis: https://app.any.run/tasks/4b1744d9-a867-46c0-8b6d-2a6ab0182405
Verdict: Malicious activity
Analysis date: July 01, 2024, 13:19:10
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

50B3D855CE754D42210383F873997EA9

SHA1:

803588AC0397F273B22AD0D4BE34F7E6C2568782

SHA256:

C76BCFDD5025059F398E94F97D801A4A6CF52BEF5B86F88209DCDFFB28A141CD

SSDEEP:

98304:Rg/M+ztdkVR1Qs3LCsszystbKm401aHJ3yYFwF0Lo/VrpPv9vlvnE/y6Mk571/14:b3IdnEoopk6dmZ6SJIh+/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinMerge-2.16.40-x64-Setup.exe (PID: 4608)
      • WinMerge-2.16.40-x64-Setup.exe (PID: 4836)
      • WinMerge-2.16.40-x64-Setup.tmp (PID: 1324)

    • Registers / Runs the DLL via REGSVR32.EXE

      • WinMerge-2.16.40-x64-Setup.tmp (PID: 1324)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinMerge-2.16.40-x64-Setup.tmp (PID: 5328)

    • Reads the date of Windows installation

      • WinMerge-2.16.40-x64-Setup.tmp (PID: 5328)

    • Executable content was dropped or overwritten

      • WinMerge-2.16.40-x64-Setup.exe (PID: 4608)
      • WinMerge-2.16.40-x64-Setup.tmp (PID: 1324)
      • WinMerge-2.16.40-x64-Setup.exe (PID: 4836)

    • Reads the Windows owner or organization settings

      • WinMerge-2.16.40-x64-Setup.tmp (PID: 1324)

    • Drops 7-zip archiver for unpacking

      • WinMerge-2.16.40-x64-Setup.tmp (PID: 1324)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 2220)

    • Process drops legitimate windows executable

      • WinMerge-2.16.40-x64-Setup.tmp (PID: 1324)

  • INFO

    • Reads the computer name

      • WinMerge-2.16.40-x64-Setup.tmp (PID: 5328)
      • WinMerge-2.16.40-x64-Setup.tmp (PID: 1324)
      • WinMergeU.exe (PID: 2636)
      • WinMerge32BitPluginProxy.exe (PID: 2488)
      • WinMergeU.exe (PID: 3944)

    • Create files in a temporary directory

      • WinMerge-2.16.40-x64-Setup.exe (PID: 4608)
      • WinMerge-2.16.40-x64-Setup.exe (PID: 4836)
      • WinMerge-2.16.40-x64-Setup.tmp (PID: 1324)

    • Checks supported languages

      • WinMerge-2.16.40-x64-Setup.tmp (PID: 5328)
      • WinMerge-2.16.40-x64-Setup.exe (PID: 4608)
      • WinMerge-2.16.40-x64-Setup.tmp (PID: 1324)
      • WinMerge-2.16.40-x64-Setup.exe (PID: 4836)
      • WinMerge32BitPluginProxy.exe (PID: 2488)
      • WinMergeU.exe (PID: 2636)
      • WinMergeU.exe (PID: 3944)

    • Process checks computer location settings

      • WinMerge-2.16.40-x64-Setup.tmp (PID: 5328)

    • Creates files in the program directory

      • WinMerge-2.16.40-x64-Setup.tmp (PID: 1324)

    • Creates a software uninstall entry

      • WinMerge-2.16.40-x64-Setup.tmp (PID: 1324)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Delphi generic (45.2)
.dll | Win32 Dynamic Link Library (generic) (20.9)
.exe | Win32 Executable (generic) (14.3)
.exe | Win16/32 Executable Delphi generic (6.6)
.exe | Generic Win/DOS Executable (6.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:04:06 14:39:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 66560
InitializedDataSize: 53760
UninitializedDataSize: -
EntryPoint: 0x117dc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 2.16.40.0
ProductVersionNumber: 2.16.40.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: https://winmerge.org
FileDescription: WinMerge Installer
FileVersion: 2.16.40.0
LegalCopyright:
ProductName: WinMerge
ProductVersion: 2.16.40.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
133
Monitored processes
8
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winmerge-2.16.40-x64-setup.exe winmerge-2.16.40-x64-setup.tmp no specs winmerge-2.16.40-x64-setup.exe winmerge-2.16.40-x64-setup.tmp regsvr32.exe no specs winmerge32bitpluginproxy.exe no specs winmergeu.exe no specs winmergeu.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1324"C:\Users\admin\AppData\Local\Temp\is-5D53N.tmp\WinMerge-2.16.40-x64-Setup.tmp" /SL5="$150056,9267469,121344,C:\Users\admin\AppData\Local\Temp\WinMerge-2.16.40-x64-Setup.exe" /SPAWNWND=$602A6 /NOTIFYWND=$9027C C:\Users\admin\AppData\Local\Temp\is-5D53N.tmp\WinMerge-2.16.40-x64-Setup.tmp
WinMerge-2.16.40-x64-Setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-5d53n.tmp\winmerge-2.16.40-x64-setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2220"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\WinMerge\ShellExtensionX64.dll"C:\Windows\System32\regsvr32.exeWinMerge-2.16.40-x64-Setup.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2488"C:\Program Files\WinMerge\WinMerge32BitPluginProxy.exe" /RegServerC:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeWinMerge-2.16.40-x64-Setup.tmp
User:
admin
Company:
http://www.geocities.co.jp/SiliconValley-SanJose/8165/winmerge.html
Integrity Level:
HIGH
Description:
WinMerge 32 Bit Plug-in Proxy
Exit code:
0
Version:
1.0.0.4
Modules
Images
c:\program files\winmerge\winmerge32bitpluginproxy.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2636"C:\Program Files\WinMerge\WinMergeU.exe" /s- /minimize /noninteractive /set-usertasks-to-jumplist 4097C:\Program Files\WinMerge\WinMergeU.exeWinMerge-2.16.40-x64-Setup.tmp
User:
admin
Company:
https://winmerge.org
Integrity Level:
HIGH
Description:
WinMerge
Exit code:
0
Version:
2.16.40.0
Modules
Images
c:\program files\winmerge\winmergeu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
3944"C:\Program Files\WinMerge\WinMergeU.exe"C:\Program Files\WinMerge\WinMergeU.exeWinMerge-2.16.40-x64-Setup.tmp
User:
admin
Company:
https://winmerge.org
Integrity Level:
MEDIUM
Description:
WinMerge
Version:
2.16.40.0
Modules
Images
c:\program files\winmerge\winmergeu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
4608"C:\Users\admin\AppData\Local\Temp\WinMerge-2.16.40-x64-Setup.exe" C:\Users\admin\AppData\Local\Temp\WinMerge-2.16.40-x64-Setup.exe
explorer.exe
User:
admin
Company:
https://winmerge.org
Integrity Level:
MEDIUM
Description:
WinMerge Installer
Exit code:
0
Version:
2.16.40.0
Modules
Images
c:\users\admin\appdata\local\temp\winmerge-2.16.40-x64-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
4836"C:\Users\admin\AppData\Local\Temp\WinMerge-2.16.40-x64-Setup.exe" /SPAWNWND=$602A6 /NOTIFYWND=$9027C C:\Users\admin\AppData\Local\Temp\WinMerge-2.16.40-x64-Setup.exe
WinMerge-2.16.40-x64-Setup.tmp
User:
admin
Company:
https://winmerge.org
Integrity Level:
HIGH
Description:
WinMerge Installer
Version:
2.16.40.0
Modules
Images
c:\users\admin\appdata\local\temp\winmerge-2.16.40-x64-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
5328"C:\Users\admin\AppData\Local\Temp\is-AMVSA.tmp\WinMerge-2.16.40-x64-Setup.tmp" /SL5="$9027C,9267469,121344,C:\Users\admin\AppData\Local\Temp\WinMerge-2.16.40-x64-Setup.exe" C:\Users\admin\AppData\Local\Temp\is-AMVSA.tmp\WinMerge-2.16.40-x64-Setup.tmpWinMerge-2.16.40-x64-Setup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-amvsa.tmp\winmerge-2.16.40-x64-setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
Total events
5 872
Read events
5 790
Write events
62
Delete events
20

Modification events

(PID) Process:(1324) WinMerge-2.16.40-x64-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
2C05000069CE8A48B9CBDA01
(PID) Process:(1324) WinMerge-2.16.40-x64-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
90F13FB17280C7A01820611BED29575E39BA52D81BE098EBED010848A55B99D7
(PID) Process:(1324) WinMerge-2.16.40-x64-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(1324) WinMerge-2.16.40-x64-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\WinMerge\WinMergeU.exe
(PID) Process:(1324) WinMerge-2.16.40-x64-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
E550794BA132FAF9B063A75CFDEA5A671F6C2F572B55138526E64E0FEEAFCEA0
(PID) Process:(1324) WinMerge-2.16.40-x64-Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Thingamahoochie\WinMerge
Operation:writeName:Executable
Value:
C:\Program Files\WinMerge\WinMergeU.exe
(PID) Process:(1324) WinMerge-2.16.40-x64-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Thingamahoochie\WinMerge
Operation:writeName:Executable
Value:
C:\Program Files\WinMerge\WinMergeU.exe
(PID) Process:(1324) WinMerge-2.16.40-x64-Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Thingamahoochie\WinMerge
Operation:writeName:ContextMenuEnabled
Value:
0
(PID) Process:(1324) WinMerge-2.16.40-x64-Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Thingamahoochie\WinMerge
Operation:writeName:ContextMenuEnabled
Value:
1
(PID) Process:(1324) WinMerge-2.16.40-x64-Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Thingamahoochie\WinMerge
Operation:writeName:ContextMenuEnabled
Value:
1
Executable files
55
Suspicious files
18
Text files
350
Unknown types
2

Dropped files

PID
Process
Filename
Type
4836WinMerge-2.16.40-x64-Setup.exeC:\Users\admin\AppData\Local\Temp\is-5D53N.tmp\WinMerge-2.16.40-x64-Setup.tmpexecutable
MD5:C8DB4DDEA101C90CCCEA094D8FD50810
SHA256:1BCC000174046980A9B3424A700239EF79177A52C33879B00524BC9518AAE0D9
4608WinMerge-2.16.40-x64-Setup.exeC:\Users\admin\AppData\Local\Temp\is-AMVSA.tmp\WinMerge-2.16.40-x64-Setup.tmpexecutable
MD5:C8DB4DDEA101C90CCCEA094D8FD50810
SHA256:1BCC000174046980A9B3424A700239EF79177A52C33879B00524BC9518AAE0D9
1324WinMerge-2.16.40-x64-Setup.tmpC:\Users\admin\AppData\Local\Temp\is-N4NHI.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
1324WinMerge-2.16.40-x64-Setup.tmpC:\Program Files\WinMerge\unins000.exeexecutable
MD5:C8DB4DDEA101C90CCCEA094D8FD50810
SHA256:1BCC000174046980A9B3424A700239EF79177A52C33879B00524BC9518AAE0D9
1324WinMerge-2.16.40-x64-Setup.tmpC:\Program Files\WinMerge\is-LSMKH.tmpexecutable
MD5:F44D4291108147CCBAD59599E6C7CD80
SHA256:65934528F57CB736DB0AC8A2CFD58856A025D23D823A15C86118BA91C7DE2D40
1324WinMerge-2.16.40-x64-Setup.tmpC:\Program Files\WinMerge\WinMerge32BitPluginProxy.exeexecutable
MD5:0BF44140B929D5B80CF5F3A8FBA33767
SHA256:5A520B3DE6C24FBD81A0281F7B3D3FDB97455F1D5E14880BDE423DD765A2C8B6
1324WinMerge-2.16.40-x64-Setup.tmpC:\Program Files\WinMerge\is-5VE00.tmpexecutable
MD5:48F286AB3AFD0BC27E7ED7B929D6FE61
SHA256:775F3855AFA14F54AB9DB1C2587C4B3558A65CE6F98BA818765A3A4462F96777
1324WinMerge-2.16.40-x64-Setup.tmpC:\Program Files\WinMerge\is-PI8RD.tmpexecutable
MD5:67DF5A575E5B257CD500BACA605EA4D1
SHA256:77D4DC3911803F369B47A8622191B77F77F8FAC6C7ED7607A6B58F1CFF454AEC
1324WinMerge-2.16.40-x64-Setup.tmpC:\Program Files\WinMerge\is-1GEQP.tmpexecutable
MD5:7FA97064B821222911AB56418DDA766F
SHA256:D4AFC650BE1E06A0F046BEA8E40FE8BA9ADE737F4C04551A47A047F00A0B44A3
1324WinMerge-2.16.40-x64-Setup.tmpC:\Program Files\WinMerge\ShellExtensionX64.dllexecutable
MD5:67DF5A575E5B257CD500BACA605EA4D1
SHA256:77D4DC3911803F369B47A8622191B77F77F8FAC6C7ED7607A6B58F1CFF454AEC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
55
DNS requests
17
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1544
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
4656
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
unknown
4220
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
3040
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
unknown
1572
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
1572
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
5048
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3516
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
unknown
4032
svchost.exe
239.255.255.250:1900
whitelisted
3688
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4656
SearchApp.exe
92.123.104.53:443
www.bing.com
Akamai International B.V.
DE
unknown
1544
svchost.exe
40.126.32.134:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1544
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4656
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
69.192.162.125:443
go.microsoft.com
AKAMAI-AS
DE
unknown
40.126.32.134:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 92.123.104.53
  • 92.123.104.46
  • 92.123.104.40
  • 92.123.104.44
  • 92.123.104.51
  • 92.123.104.43
  • 92.123.104.50
  • 92.123.104.52
  • 92.123.104.54
  • 92.123.104.35
  • 92.123.104.38
  • 92.123.104.41
  • 92.123.104.32
  • 92.123.104.33
  • 92.123.104.34
whitelisted
login.live.com
  • 40.126.32.134
  • 40.126.32.140
  • 20.190.160.17
  • 40.126.32.138
  • 20.190.160.22
  • 40.126.32.72
  • 20.190.160.20
  • 40.126.32.68
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 69.192.162.125
whitelisted
self.events.data.microsoft.com
  • 20.42.65.84
whitelisted
arc.msn.com
  • 20.31.169.57
whitelisted
r.bing.com
  • 92.123.104.40
  • 92.123.104.53
  • 92.123.104.43
  • 92.123.104.46
  • 92.123.104.54
  • 92.123.104.44
  • 92.123.104.52
  • 92.123.104.51
  • 92.123.104.50
  • 92.123.104.38
  • 92.123.104.35
  • 92.123.104.31
  • 92.123.104.32
  • 92.123.104.37
  • 92.123.104.33
  • 92.123.104.30
  • 92.123.104.34
  • 92.123.104.36
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WinMerge-2.16.40-x64-Setup.exe