File name:

Setup_Viewx64_24.00.00.122 (1).exe

Full analysis: https://app.any.run/tasks/9d430215-1cc7-4608-bf11-695c13745e96
Verdict: Malicious activity
Analysis date: October 31, 2024, 10:57:07
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-html
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

A4BC7B690F452D2DCCC78EBD9A602DC7

SHA1:

250903CB6D83C8A4344930668EDF2B15B46FFC3C

SHA256:

BC7F2CF175009C73E0A5BA339685429F0ACAB3B646B52AA795C0A2C4D75DEACA

SSDEEP:

98304:F1svXJG6gIS6476e8cgYdeolDBDDDDDDgKWVCNgMCMuynEkmkYxD/Qi1PnQU+6bf:RHts1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Setup_Viewx64_24.00.00.122 (1).exe (PID: 6284)
      • Setup_Viewx64_24.00.00.122.exe (PID: 6564)
      • Setup_Viewx64_24.00.00.122 (1).exe (PID: 3128)
      • Setup_CONNECTIONClientx64_23.00.01.25.exe (PID: 8188)
      • Setup_CONNECTIONClientx64_23.00.01.25.exe (PID: 7276)
      • VC_redist.x64.exe (PID: 7784)
      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 528)
      • Setup_CONNECTIONClientx64_23.00.01.25.exe (PID: 6380)
      • VC_redist.x64.exe (PID: 7760)

    • Starts itself from another location

      • Setup_CONNECTIONClientx64_23.00.01.25.exe (PID: 6380)
      • Setup_Viewx64_24.00.00.122 (1).exe (PID: 3128)

    • Executes as Windows Service

      • VSSVC.exe (PID: 692)

    • Process drops legitimate windows executable

      • Setup_Viewx64_24.00.00.122.exe (PID: 6564)
      • VC_redist.x64.exe (PID: 7760)
      • msiexec.exe (PID: 7588)
      • Setup_Viewx64_24.00.00.122 (1).exe (PID: 3128)
      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 528)
      • MicrosoftEdgeUpdate.exe (PID: 4316)

    • Starts a Microsoft application from unusual location

      • VC_redist.x64.exe (PID: 7784)
      • MicrosoftEdgeUpdate.exe (PID: 4316)

  • INFO

    • Manages system restore points

      • SrTasks.exe (PID: 7316)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 7588)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:22 22:14:43+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.16
CodeSize: 314368
InitializedDataSize: 308736
UninitializedDataSize: -
EntryPoint: 0x302e5
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 24.0.0.122
ProductVersionNumber: 24.0.0.122
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Bentley Systems, Incorporated
FileDescription: Bentley View 2024
FileVersion: 24.0.0.122
InternalName: setup
LegalCopyright: Copyright © 2024 Bentley Systems, Incorporated. All rights reserved.
OriginalFileName: Setup_Viewx64_24.00.00.122.exe
ProductName: Bentley View 2024
ProductVersion: 24.0.0.122
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
160
Monitored processes
20
Malicious processes
5
Suspicious processes
3

Behavior graph

Click at the process to see the details
start setup_viewx64_24.00.00.122 (1).exe setup_viewx64_24.00.00.122 (1).exe setup_viewx64_24.00.00.122.exe SPPSurrogate no specs vssvc.exe no specs sppextcomobj.exe no specs slui.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe vc_redist.x64.exe vc_redist.x64.exe slui.exe no specs setup_connectionclientx64_23.00.01.25.exe setup_connectionclientx64_23.00.01.25.exe setup_connectionclientx64_23.00.01.25.exe SPPSurrogate no specs microsoftedgewebview2runtimeinstallerx64.exe microsoftedgeupdate.exe no specs wermgr.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
528"C:\ProgramData\Package Cache\847B439D00D2629B3322F326E0558A7D9F96765A\MicrosoftEdgeWebView2RuntimeInstallerX64.exe" /silent /installC:\ProgramData\Package Cache\847B439D00D2629B3322F326E0558A7D9F96765A\MicrosoftEdgeWebView2RuntimeInstallerX64.exe
Setup_CONNECTIONClientx64_23.00.01.25.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Exit code:
2147747592
Version:
1.3.147.37
692C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2796"C:\WINDOWS\system32\wermgr.exe" "-outproc" "0" "4316" "1896" "1528" "1892" "0" "0" "0" "0" "0" "0" "0" "0" C:\Windows\SysWOW64\wermgr.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
3128"C:\Users\admin\AppData\Local\Temp\{268D61BF-26A5-4D5F-8393-D879CB326F79}\.cr\Setup_Viewx64_24.00.00.122 (1).exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\Setup_Viewx64_24.00.00.122 (1).exe" -burn.filehandle.attached=748 -burn.filehandle.self=576 C:\Users\admin\AppData\Local\Temp\{268D61BF-26A5-4D5F-8393-D879CB326F79}\.cr\Setup_Viewx64_24.00.00.122 (1).exe
Setup_Viewx64_24.00.00.122 (1).exe
User:
admin
Company:
Bentley Systems, Incorporated
Integrity Level:
MEDIUM
Description:
Bentley View 2024
Exit code:
2147747592
Version:
24.0.0.122
Modules
Images
c:\users\admin\appdata\local\temp\{268d61bf-26a5-4d5f-8393-d879cb326f79}\.cr\setup_viewx64_24.00.00.122 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4316"C:\Program Files (x86)\Microsoft\Temp\EU348C.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=True"C:\Program Files (x86)\Microsoft\Temp\EU348C.tmp\MicrosoftEdgeUpdate.exeMicrosoftEdgeWebView2RuntimeInstallerX64.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
2147747592
Version:
1.3.147.37
6284"C:\Users\admin\AppData\Local\Temp\Setup_Viewx64_24.00.00.122 (1).exe" C:\Users\admin\AppData\Local\Temp\Setup_Viewx64_24.00.00.122 (1).exe
explorer.exe
User:
admin
Company:
Bentley Systems, Incorporated
Integrity Level:
MEDIUM
Description:
Bentley View 2024
Exit code:
2147747592
Version:
24.0.0.122
Modules
Images
c:\users\admin\appdata\local\temp\setup_viewx64_24.00.00.122 (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6380"C:\WINDOWS\Temp\{03190272-76B1-4CD8-B804-B26BF7F16A25}\.cr\Setup_CONNECTIONClientx64_23.00.01.25.exe" -burn.clean.room="C:\ProgramData\Package Cache\7988EE3B8B402410F5BE3E025AA1DB91F935EE90\Setup_CONNECTIONClientx64_23.00.01.25.exe" -burn.filehandle.attached=572 -burn.filehandle.self=536 /quiet SkipPendingSystemRebootCheck=1 /log C:\Users\admin\AppData\Local\Temp\Bentley_View_2024_20241031105714_003_BentleyConnectClient.logC:\Windows\Temp\{03190272-76B1-4CD8-B804-B26BF7F16A25}\.cr\Setup_CONNECTIONClientx64_23.00.01.25.exe
Setup_CONNECTIONClientx64_23.00.01.25.exe
User:
admin
Company:
Bentley Systems, Incorporated
Integrity Level:
HIGH
Description:
CONNECTION Client
Exit code:
2147747592
Version:
23.0.1.25
6564"C:\Users\admin\AppData\Local\Temp\{4894AA1C-137F-455F-84F4-46713E311F17}\.be\Setup_Viewx64_24.00.00.122.exe" -q -burn.elevated BurnPipe.{0D1D2510-3615-4C05-8C45-E73E7336E0BE} {2B0DF709-F45B-4B28-AB9F-20D75C2D5803} 3128C:\Users\admin\AppData\Local\Temp\{4894AA1C-137F-455F-84F4-46713E311F17}\.be\Setup_Viewx64_24.00.00.122.exe
Setup_Viewx64_24.00.00.122 (1).exe
User:
admin
Company:
Bentley Systems, Incorporated
Integrity Level:
HIGH
Description:
Bentley View 2024
Exit code:
2147747592
Version:
24.0.0.122
Modules
Images
c:\users\admin\appdata\local\temp\{4894aa1c-137f-455f-84f4-46713e311f17}\.be\setup_viewx64_24.00.00.122.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
7036"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exeSppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
7104C:\WINDOWS\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
Total events
2 858
Read events
2 811
Write events
38
Delete events
9

Modification events

(PID) Process:(3128) Setup_Viewx64_24.00.00.122 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Setup_Viewx64_24_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(3128) Setup_Viewx64_24.00.00.122 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Setup_Viewx64_24_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(3128) Setup_Viewx64_24.00.00.122 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Setup_Viewx64_24_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(3128) Setup_Viewx64_24.00.00.122 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Setup_Viewx64_24_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(3128) Setup_Viewx64_24.00.00.122 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Setup_Viewx64_24_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(3128) Setup_Viewx64_24.00.00.122 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Setup_Viewx64_24_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(3128) Setup_Viewx64_24.00.00.122 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Setup_Viewx64_24_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(3128) Setup_Viewx64_24.00.00.122 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Setup_Viewx64_24_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(3128) Setup_Viewx64_24.00.00.122 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Setup_Viewx64_24_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(3128) Setup_Viewx64_24.00.00.122 (1).exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Setup_Viewx64_24_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
302
Suspicious files
57
Text files
126
Unknown types
3

Dropped files

PID
Process
Filename
Type
3128Setup_Viewx64_24.00.00.122 (1).exeC:\Users\admin\AppData\Local\Temp\{4894AA1C-137F-455F-84F4-46713E311F17}\.ba\Winterop.dllexecutable
MD5:695BD38BB62302A0903E4CED008A73DD
SHA256:5EE45A965AA6BD6C00C795BDB394B9A8D911FBC8961EF62E55014F53EFE64F9F
3128Setup_Viewx64_24.00.00.122 (1).exeC:\Users\admin\AppData\Local\Temp\{4894AA1C-137F-455F-84F4-46713E311F17}\.ba\WixInstallBA.dllexecutable
MD5:972F04F6F53DBFA26857C67A42523C70
SHA256:993D06F7AAAC5571A0BB6F3FDD6F066BB4AE41AC11510BDA065930D0502FD2DB
3128Setup_Viewx64_24.00.00.122 (1).exeC:\Users\admin\AppData\Local\Temp\{4894AA1C-137F-455F-84F4-46713E311F17}\.ba\1043\mbapreq.wxlxml
MD5:67F28BCDB3BA6774CD66AA198B06FF38
SHA256:226B778604236931B4AE45F6F272586C884A11517444A34BF45CD5CAE49BE62E
3128Setup_Viewx64_24.00.00.122 (1).exeC:\Users\admin\AppData\Local\Temp\{4894AA1C-137F-455F-84F4-46713E311F17}\.ba\1038\mbapreq.wxlxml
MD5:17FB605A2F02DA203DF06F714D1CC6DE
SHA256:55CF62D54EFB79801A9D94B24B3C9BA221C2465417A068950D40A67C52BA66EF
3128Setup_Viewx64_24.00.00.122 (1).exeC:\Users\admin\AppData\Local\Temp\{4894AA1C-137F-455F-84F4-46713E311F17}\.ba\1042\mbapreq.wxlxml
MD5:442F8463EF5CA42B99B2EFACA696BD01
SHA256:D22F6ADA97DBFFC1E7548E52163807F982B30B11A2A5109E71F42985102CCCBD
3128Setup_Viewx64_24.00.00.122 (1).exeC:\Users\admin\AppData\Local\Temp\{4894AA1C-137F-455F-84F4-46713E311F17}\.ba\1044\mbapreq.wxlxml
MD5:5454F724C9CDAB8172678A1CC7057220
SHA256:41545AC1247B61C3C3E2A7E4659D9FAD2BCCA8347C69F2EB7B9D0CF5FC31E113
3128Setup_Viewx64_24.00.00.122 (1).exeC:\Users\admin\AppData\Local\Temp\{4894AA1C-137F-455F-84F4-46713E311F17}\.ba\1030\mbapreq.wxlxml
MD5:7C6E4CE87870B3B5E71D3EF4555500F8
SHA256:CAC263E0E90A4087446A290055257B1C39F17E11F065598CB2286DF4332C7696
3128Setup_Viewx64_24.00.00.122 (1).exeC:\Users\admin\AppData\Local\Temp\{4894AA1C-137F-455F-84F4-46713E311F17}\.ba\1060\mbapreq.wxlxml
MD5:5836F0C655BDD97093F68AAF69AB2BAB
SHA256:C015247D022BDC108B4FFCAE89CB55D1E313034D7E6EED18744C1BB55F108F8C
3128Setup_Viewx64_24.00.00.122 (1).exeC:\Users\admin\AppData\Local\Temp\{4894AA1C-137F-455F-84F4-46713E311F17}\.ba\1041\mbapreq.wxlxml
MD5:DB0F5BAB42403FD67C0A18E35E6880EC
SHA256:CCDCDB111EFA152C5F9FF4930033698B843390A549699AE802098D87431F16FE
3128Setup_Viewx64_24.00.00.122 (1).exeC:\Users\admin\AppData\Local\Temp\{4894AA1C-137F-455F-84F4-46713E311F17}\.ba\1031\mbapreq.wxlxml
MD5:C8E7E0B4E63B3076047B7F49C76D56E1
SHA256:631D46CB048FB6CF0B9A1362F8E5A1854C46E9525A0260C7841A04B2316C8295
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
60
DNS requests
37
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.32.238.107:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.32.238.107:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
3608
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5488
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.32.238.107:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
3128
Setup_Viewx64_24.00.00.122 (1).exe
20.105.216.25:443
aka.bentley.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3128
Setup_Viewx64_24.00.00.122 (1).exe
89.106.200.1:443
communities.bentley.com
Enflow B.V.
NL
whitelisted
4360
SearchApp.exe
104.126.37.170:443
www.bing.com
Akamai International B.V.
DE
whitelisted
3128
Setup_Viewx64_24.00.00.122 (1).exe
149.96.243.108:443
bentleysystems.service-now.com
SNC
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
google.com
  • 142.250.186.142
whitelisted
crl.microsoft.com
  • 23.32.238.107
  • 23.32.238.112
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
aka.bentley.com
  • 20.105.216.25
whitelisted
communities.bentley.com
  • 89.106.200.1
whitelisted
www.bing.com
  • 104.126.37.170
  • 104.126.37.171
  • 104.126.37.155
  • 104.126.37.153
  • 104.126.37.162
  • 104.126.37.161
  • 104.126.37.160
  • 104.126.37.139
  • 104.126.37.137
whitelisted
bentleysystems.service-now.com
  • 149.96.243.108
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.64
  • 20.190.159.4
  • 20.190.159.73
  • 40.126.31.67
  • 20.190.159.68
  • 20.190.159.0
  • 40.126.31.73
  • 40.126.31.71
  • 40.126.32.138
  • 20.190.160.17
  • 20.190.160.14
  • 40.126.32.76
  • 40.126.32.72
  • 20.190.160.22
  • 40.126.32.68
  • 40.126.32.74
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Setup_Viewx64_24.00.00.122 (1).exe