File name:

Agenda Setup.exe

Full analysis: https://app.any.run/tasks/5612d9b1-44ac-451b-9361-d9d7649733ea
Verdict: Malicious activity
Analysis date: December 10, 2024, 14:09:34
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

445E3C01483F154C7E6603907EDD9D4B

SHA1:

DDAE8FE4D8E90BD306CB9AFCBC8C8422CF1CD71E

SHA256:

1A9D6545A5BC43619BCF0F03C9F0157E015767AD2FAA0B011B8456FE891AF399

SSDEEP:

98304:Q+cD4dn/vBFzuXFAgyjiJUXenfioDC1R5rfhpOvSV9rr9HZlmEHLyjgPgwsRL4FB:gIR9vFWh4lb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Agenda Setup.tmp (PID: 7136)
      • Agenda Setup.exe (PID: 6552)
      • unins000.exe (PID: 1580)
      • _unins.tmp (PID: 396)
      • Agenda Setup.exe (PID: 7112)

    • Executes application which crashes

      • Agenda.exe (PID: 6228)
      • Agenda.exe (PID: 3744)

    • Searches for installed software

      • explorer.exe (PID: 6544)
      • dllhost.exe (PID: 4536)

    • Starts application with an unusual extension

      • unins000.exe (PID: 1580)

    • Starts itself from another location

      • unins000.exe (PID: 1580)

    • Reads security settings of Internet Explorer

      • Agenda Setup.tmp (PID: 6572)

    • Reads the Windows owner or organization settings

      • Agenda Setup.tmp (PID: 7136)

  • INFO

    • Create files in a temporary directory

      • Agenda Setup.exe (PID: 6552)
      • Agenda Setup.exe (PID: 7112)

    • Checks supported languages

      • Agenda Setup.tmp (PID: 6572)
      • Agenda.exe (PID: 6228)
      • Agenda Setup.exe (PID: 6552)
      • Agenda Setup.exe (PID: 7112)
      • _unins.tmp (PID: 396)

    • Reads the computer name

      • Agenda.exe (PID: 3744)
      • Agenda.exe (PID: 6228)
      • Agenda Setup.tmp (PID: 6572)
      • _unins.tmp (PID: 396)

    • Manual execution by a user

      • Agenda.exe (PID: 3744)

    • Checks proxy server information

      • WerFault.exe (PID: 3620)

    • Process checks computer location settings

      • _unins.tmp (PID: 396)
      • Agenda Setup.tmp (PID: 6572)

    • Creates a software uninstall entry

      • Agenda Setup.tmp (PID: 7136)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (65.1)
.exe | Win32 EXE PECompact compressed (generic) (24.6)
.dll | Win32 Dynamic Link Library (generic) (3.9)
.exe | Win32 Executable (generic) (2.6)
.exe | Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 48640
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Luan, INC
FileDescription: Agenda Setup
FileVersion:
LegalCopyright:
OriginalFileName:
ProductName: Agenda
ProductVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
136
Monitored processes
13
Malicious processes
1
Suspicious processes
3

Behavior graph

Click at the process to see the details
start agenda setup.exe agenda setup.tmp no specs agenda setup.exe agenda setup.tmp agenda.exe werfault.exe agenda.exe werfault.exe COpenControlPanel no specs explorer.exe no specs appwiz.cpl no specs unins000.exe _unins.tmp

Process information

PID
CMD
Path
Indicators
Parent process
396"C:\Users\admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp" /SECONDPHASE="C:\Agenda\unins000.exe" /FIRSTPHASEWND=$702CA C:\Users\admin\AppData\Local\Temp\iu-14D2N.tmp\_unins.tmp
unins000.exe
User:
admin
Company:
Luan, INC
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\iu-14d2n.tmp\_unins.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
1580"C:\Agenda\unins000.exe" C:\Agenda\unins000.exe
dllhost.exe
User:
admin
Company:
Luan, INC
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\agenda\unins000.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
3620C:\WINDOWS\SysWOW64\WerFault.exe -u -p 6228 -s 756C:\Windows\SysWOW64\WerFault.exe
Agenda.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
3744"C:\Agenda\Agenda.exe" C:\Agenda\Agenda.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Agenda
Exit code:
1
Version:
1.0.0.0
Modules
Images
c:\agenda\agenda.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
3832C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}C:\Windows\SysWOW64\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ucrtbase.dll
c:\windows\syswow64\combase.dll
4536C:\WINDOWS\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}C:\Windows\SysWOW64\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ucrtbase.dll
c:\windows\syswow64\combase.dll
5244C:\WINDOWS\SysWOW64\WerFault.exe -u -p 3744 -s 756C:\Windows\SysWOW64\WerFault.exe
Agenda.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
6228"C:\Agenda\Agenda.exe"C:\Agenda\Agenda.exe
Agenda Setup.tmp
User:
admin
Integrity Level:
MEDIUM
Description:
Agenda
Exit code:
1
Version:
1.0.0.0
Modules
Images
c:\agenda\agenda.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
6544C:\WINDOWS\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -EmbeddingC:\Windows\explorer.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
10.0.19041.3758 (WinBuild.160101.0800)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\twinapi.dll
6552"C:\Users\admin\Desktop\Agenda Setup.exe" C:\Users\admin\Desktop\Agenda Setup.exe
explorer.exe
User:
admin
Company:
Luan, INC
Integrity Level:
MEDIUM
Description:
Agenda Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\agenda setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
Total events
22 246
Read events
22 194
Write events
50
Delete events
2

Modification events

(PID) Process:(7136) Agenda Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{445C6D47-163E-424D-9A98-02FFD11F4E58}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(7136) Agenda Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{445C6D47-163E-424D-9A98-02FFD11F4E58}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Agenda
(PID) Process:(7136) Agenda Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{445C6D47-163E-424D-9A98-02FFD11F4E58}_is1
Operation:writeName:InstallLocation
Value:
C:\Agenda\
(PID) Process:(7136) Agenda Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{445C6D47-163E-424D-9A98-02FFD11F4E58}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(7136) Agenda Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{445C6D47-163E-424D-9A98-02FFD11F4E58}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(7136) Agenda Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{445C6D47-163E-424D-9A98-02FFD11F4E58}_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
(PID) Process:(7136) Agenda Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{445C6D47-163E-424D-9A98-02FFD11F4E58}_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
desktopicon
(PID) Process:(7136) Agenda Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{445C6D47-163E-424D-9A98-02FFD11F4E58}_is1
Operation:writeName:Inno Setup: Language
Value:
brazilianportuguese
(PID) Process:(7136) Agenda Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{445C6D47-163E-424D-9A98-02FFD11F4E58}_is1
Operation:writeName:DisplayName
Value:
Agenda versão 1.0.0.0
(PID) Process:(7136) Agenda Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{445C6D47-163E-424D-9A98-02FFD11F4E58}_is1
Operation:writeName:UninstallString
Value:
"C:\Agenda\unins000.exe"
Executable files
9
Suspicious files
10
Text files
4
Unknown types
3

Dropped files

PID
Process
Filename
Type
3620WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Agenda.exe_94f197a7454e611838d5ea9c2b3f1ba61ae2221e_22992c88_0e624c7d-fa39-4da6-802d-1080148a114d\Report.wer
MD5:
SHA256:
6552Agenda Setup.exeC:\Users\admin\AppData\Local\Temp\is-182V8.tmp\Agenda Setup.tmpexecutable
MD5:DFECC2C7727046DB27610B4C60A60F60
SHA256:32F4394133B3E38955F4AAB65CEACB4A6D899AB39A516779EE0DE4941EB66FFE
7136Agenda Setup.tmpC:\Agenda\ADATA.FDBbinary
MD5:53504DB1D6C40ACE70ED80D364C871FF
SHA256:3897A67B027541B9FA2B1AC4A41B45C3561335717607F99485326D0DFB495251
7136Agenda Setup.tmpC:\Agenda\is-JMUAI.tmpexecutable
MD5:2C364207F03996A7D6578AE2C73599AC
SHA256:AFB2376C321212155477A523C0F72E383735B9BB402DC2A6574C9F9DC18BE7E9
5244WerFault.exeC:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Agenda.exe_cb709e5f54af58bdd0c78f8831d1a1fbe1144c12_22992c88_f829e190-4ae7-4e5a-a371-eec86f92a7ca\Report.wer
MD5:
SHA256:
7112Agenda Setup.exeC:\Users\admin\AppData\Local\Temp\is-I47RO.tmp\Agenda Setup.tmpexecutable
MD5:DFECC2C7727046DB27610B4C60A60F60
SHA256:32F4394133B3E38955F4AAB65CEACB4A6D899AB39A516779EE0DE4941EB66FFE
7136Agenda Setup.tmpC:\Agenda\unins000.exeexecutable
MD5:574FC0BE674742261B79848B73423708
SHA256:ED571BA8517CF722042D9F87D54EF1A933E33DD1A080DABC8D0098D9897589FD
7136Agenda Setup.tmpC:\Agenda\unins000.datdat
MD5:C4C1C9E47E9881DDCDBA45BEA30EA2E2
SHA256:B4CE1CD501BDFEABA25E262E1148E5FA9F28EDCE687A2AD9FF695D4A935CB00B
3620WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WERF08E.tmp.WERInternalMetadata.xmlxml
MD5:093C9F7412553F45A99460E698A24997
SHA256:C491867342274A92536A6F1F33BF12C570A6158409B57C0635DA0748748C0678
3620WerFault.exeC:\ProgramData\Microsoft\Windows\WER\Temp\WEREFB2.tmp.dmpdmp
MD5:345D1183C83C1F355FFA1CBDD4C60610
SHA256:582AF824FD7ED738EA7AAF1E7AAD3182F1EB5FA70522E22BBD7982B54FEBFEF3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
43
DNS requests
30
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5448
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5448
svchost.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5848
SIHClient.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5848
SIHClient.exe
GET
200
23.37.237.227:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6672
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
3620
WerFault.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5064
SearchApp.exe
2.16.204.138:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5448
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.37.237.227:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5448
svchost.exe
23.37.237.227:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1176
svchost.exe
20.190.159.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 2.16.204.138
  • 2.16.204.161
  • 2.16.204.139
  • 2.16.204.145
  • 2.16.204.146
  • 2.16.204.134
  • 2.16.204.160
  • 2.16.204.135
  • 2.16.204.133
  • 2.16.204.155
  • 2.16.204.152
  • 2.16.204.150
  • 2.16.204.156
  • 2.16.204.158
  • 2.16.204.157
  • 2.16.204.142
  • 2.16.204.148
whitelisted
google.com
  • 142.250.186.46
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.177
  • 23.48.23.194
  • 23.48.23.147
  • 23.48.23.145
  • 23.48.23.173
  • 23.48.23.164
  • 2.16.164.9
  • 2.16.164.25
  • 2.16.164.18
  • 2.16.164.114
  • 2.16.164.88
  • 2.16.164.128
  • 2.16.164.104
  • 2.16.164.11
  • 2.16.164.106
whitelisted
www.microsoft.com
  • 23.37.237.227
whitelisted
login.live.com
  • 20.190.159.73
  • 40.126.31.67
  • 40.126.31.69
  • 20.190.159.0
  • 20.190.159.68
  • 20.190.159.23
  • 20.190.159.64
  • 20.190.159.4
  • 20.190.159.2
  • 40.126.31.73
  • 20.190.159.75
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.95.31.18
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Agenda Setup.exe