Windows Analysis Report
https://u8411862.ct.sendgrid.net/ls/click?upn=u001.L4PK-2B0-2BuGt9pUFq-2FA3Op7Q-2F-2F9qb88t-2BRGAR6VDZa-2FLvCRsA1Ac7AajOPJIbQO7IP307a6xjNpvY8ZU7zRp9oyg-3D-3DE1Fg_CPebASiKsSpOAa3SLW44RsJxX9ZLglP0y4de2rxHefrHjZqY5SRIy9wKYZ9ERHf3zKK6o7ixiO4r4HIIwwj5RfSWrFWq-2FUbkZI-2FrBFl28oYsoQhEIuqeOt-2BjCiFlWuLC4rDo

Overview

General Information

Sample URL:	https://u8411862.ct.sendgrid.net/ls/click?upn=u001.L4PK-2B0-2BuGt9pUFq-2FA3Op7Q-2F-2F9qb88t-2BRGAR6VDZa-2FLvCRsA1Ac7AajOPJIbQO7IP307a6xjNpvY8ZU7zRp9oyg-3D-3DE1Fg_CPebASiKsSpOAa3SLW44RsJxX9ZLglP0y4de2r
Analysis ID:	1558832

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Signatures

HTML body contains low number of good links

Source: https://imsoidc.bentley.com/connect/authorize?client_id=user-management&redirect_uri=https%3A%2F%2Fusermanagement.bentley.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20user-management%20bentley-admin-api%20notification-service-20%20entitlement-search-service-2576%20ulas-product-information-2727%20agreements-2354&response_mode=form_post&nonce=638676432446464491.YmFkZmFhY2UtYmU1NC00ZjY3LThhZGYtODBlMDJhZWQwYTczZTY4NTEwYjAtM2NmMi00MmViLTgyOGItNGVkNjMwNjQyMmVh&state=CfDJ8MKYeJ71b-9CueOVG07N9ivkk654DnU8_ToBsp41vINZlG9-FkWmB2bVtsDDqCROMDooA8OXWbIHfICL5YcfgafGkgdX0oSCqxq1DyINzkAzwKKoUWJIoZ_gTgT9xBqv6lUUVaYDK7EnzpCNRSk4nvcFJrI9G87rZjJIFk-wEi4euqVyY3y8kLKPpfP0m-dl0FBXHnImlxu7HVzxJj42A0Y_bMqLlgOIwxo4Kgi2G0C9SMI4ImjoWWajJn2SQAffb3ckBanhbjwwl9gu8CsZ6ZbDUTRj-exnF-xSf4z-T0_2onDJH6_0_dGbZs-YtdB2pg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.6.0.0	HTTP Parser: Number of links: 0
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: Number of links: 1

HTML page contains hidden javascript code

Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping

HTTP Parser: Base64 decoded: badfaace-be54-4f67-8adf-80e02aed0a73e68510b0-3cf2-42eb-828b-4ed6306422ea

HTML title does not match URL

Source: https://imsoidc.bentley.com/connect/authorize?client_id=user-management&redirect_uri=https%3A%2F%2Fusermanagement.bentley.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20user-management%20bentley-admin-api%20notification-service-20%20entitlement-search-service-2576%20ulas-product-information-2727%20agreements-2354&response_mode=form_post&nonce=638676432446464491.YmFkZmFhY2UtYmU1NC00ZjY3LThhZGYtODBlMDJhZWQwYTczZTY4NTEwYjAtM2NmMi00MmViLTgyOGItNGVkNjMwNjQyMmVh&state=CfDJ8MKYeJ71b-9CueOVG07N9ivkk654DnU8_ToBsp41vINZlG9-FkWmB2bVtsDDqCROMDooA8OXWbIHfICL5YcfgafGkgdX0oSCqxq1DyINzkAzwKKoUWJIoZ_gTgT9xBqv6lUUVaYDK7EnzpCNRSk4nvcFJrI9G87rZjJIFk-wEi4euqVyY3y8kLKPpfP0m-dl0FBXHnImlxu7HVzxJj42A0Y_bMqLlgOIwxo4Kgi2G0C9SMI4ImjoWWajJn2SQAffb3ckBanhbjwwl9gu8CsZ6ZbDUTRj-exnF-xSf4z-T0_2onDJH6_0_dGbZs-YtdB2pg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.6.0.0	HTTP Parser: Title: Sign In does not match URL
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: Title: Sign In does not match URL

Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping

HTTP Parser: <input type="password" .../> found

Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: No favicon
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: No favicon

Source: https://imsoidc.bentley.com/connect/authorize?client_id=user-management&redirect_uri=https%3A%2F%2Fusermanagement.bentley.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20user-management%20bentley-admin-api%20notification-service-20%20entitlement-search-service-2576%20ulas-product-information-2727%20agreements-2354&response_mode=form_post&nonce=638676432446464491.YmFkZmFhY2UtYmU1NC00ZjY3LThhZGYtODBlMDJhZWQwYTczZTY4NTEwYjAtM2NmMi00MmViLTgyOGItNGVkNjMwNjQyMmVh&state=CfDJ8MKYeJ71b-9CueOVG07N9ivkk654DnU8_ToBsp41vINZlG9-FkWmB2bVtsDDqCROMDooA8OXWbIHfICL5YcfgafGkgdX0oSCqxq1DyINzkAzwKKoUWJIoZ_gTgT9xBqv6lUUVaYDK7EnzpCNRSk4nvcFJrI9G87rZjJIFk-wEi4euqVyY3y8kLKPpfP0m-dl0FBXHnImlxu7HVzxJj42A0Y_bMqLlgOIwxo4Kgi2G0C9SMI4ImjoWWajJn2SQAffb3ckBanhbjwwl9gu8CsZ6ZbDUTRj-exnF-xSf4z-T0_2onDJH6_0_dGbZs-YtdB2pg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.6.0.0	HTTP Parser: No <meta name="author".. found
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: No <meta name="author".. found
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: No <meta name="author".. found

Source: https://imsoidc.bentley.com/connect/authorize?client_id=user-management&redirect_uri=https%3A%2F%2Fusermanagement.bentley.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20user-management%20bentley-admin-api%20notification-service-20%20entitlement-search-service-2576%20ulas-product-information-2727%20agreements-2354&response_mode=form_post&nonce=638676432446464491.YmFkZmFhY2UtYmU1NC00ZjY3LThhZGYtODBlMDJhZWQwYTczZTY4NTEwYjAtM2NmMi00MmViLTgyOGItNGVkNjMwNjQyMmVh&state=CfDJ8MKYeJ71b-9CueOVG07N9ivkk654DnU8_ToBsp41vINZlG9-FkWmB2bVtsDDqCROMDooA8OXWbIHfICL5YcfgafGkgdX0oSCqxq1DyINzkAzwKKoUWJIoZ_gTgT9xBqv6lUUVaYDK7EnzpCNRSk4nvcFJrI9G87rZjJIFk-wEi4euqVyY3y8kLKPpfP0m-dl0FBXHnImlxu7HVzxJj42A0Y_bMqLlgOIwxo4Kgi2G0C9SMI4ImjoWWajJn2SQAffb3ckBanhbjwwl9gu8CsZ6ZbDUTRj-exnF-xSf4z-T0_2onDJH6_0_dGbZs-YtdB2pg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.6.0.0	HTTP Parser: No <meta name="copyright".. found
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: No <meta name="copyright".. found
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:64189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:64190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:64191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:64192 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212

Source: global traffic	DNS traffic detected: DNS query: u8411862.ct.sendgrid.net
Source: global traffic	DNS traffic detected: DNS query: usermanagement.bentley.com
Source: global traffic	DNS traffic detected: DNS query: imsoidc.bentley.com
Source: global traffic	DNS traffic detected: DNS query: connect-cdn.bentley.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 64211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64183
Source: unknown	Network traffic detected: HTTP traffic on port 64209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64185
Source: unknown	Network traffic detected: HTTP traffic on port 64205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64210
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64194
Source: unknown	Network traffic detected: HTTP traffic on port 64208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64196
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64190
Source: unknown	Network traffic detected: HTTP traffic on port 64189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64188
Source: unknown	Network traffic detected: HTTP traffic on port 64192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 64199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64208
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64207
Source: unknown	Network traffic detected: HTTP traffic on port 64190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64200
Source: unknown	Network traffic detected: HTTP traffic on port 64194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 64198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64205

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:64189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:64190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:64191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:64192 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@23/6@16/162

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1960,i,3742538601927572042,17691553218836612508,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u8411862.ct.sendgrid.net/ls/click?upn=u001.L4PK-2B0-2BuGt9pUFq-2FA3Op7Q-2F-2F9qb88t-2BRGAR6VDZa-2FLvCRsA1Ac7AajOPJIbQO7IP307a6xjNpvY8ZU7zRp9oyg-3D-3DE1Fg_CPebASiKsSpOAa3SLW44RsJxX9ZLglP0y4de2rxHefrHjZqY5SRIy9wKYZ9ERHf3zKK6o7ixiO4r4HIIwwj5RfSWrFWq-2FUbkZI-2FrBFl28oYsoQhEIuqeOt-2BjCiFlWuLC4rDomVqHzNhdvSab-2F-2Fw8d5IAtmQQI0BdCul9u12mfWcV4mFdLlsTdv9empaAUbuFjvZWnyaUm8GOERw44MojSA-3D-3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1960,i,3742538601927572042,17691553218836612508,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
108.177.15.84	unknown	United States	15169	GOOGLEUS	false
142.250.185.106	unknown	United States	15169	GOOGLEUS	false
167.89.115.66	u8411862.ct.sendgrid.net	United States	11377	SENDGRIDUS	false
142.250.185.202	unknown	United States	15169	GOOGLEUS	false
3.64.183.67	unknown	United States	16509	AMAZON-02US	false
216.58.206.46	unknown	United States	15169	GOOGLEUS	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
20.105.232.11	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.59.10.51	prod.ims.bentley.proofidcloud.com	United States	16509	AMAZON-02US	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
152.199.21.175	sni1gl.wpc.nucdn.net	United States	15133	EDGECASTUS	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
prod.ims.bentley.proofidcloud.com	52.59.10.51	true
www.google.com	142.250.184.228	true
u8411862.ct.sendgrid.net	167.89.115.66	true
sni1gl.wpc.nucdn.net	152.199.21.175	true
imsoidc.bentley.com	unknown	unknown
connect-cdn.bentley.com	unknown	unknown
usermanagement.bentley.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	false		unknown
https://imsoidc.bentley.com/connect/authorize?client_id=user-management&redirect_uri=https%3A%2F%2Fusermanagement.bentley.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20user-management%20bentley-admin-api%20notification-service-20%20entitlement-search-service-2576%20ulas-product-information-2727%20agreements-2354&response_mode=form_post&nonce=638676432446464491.YmFkZmFhY2UtYmU1NC00ZjY3LThhZGYtODBlMDJhZWQwYTczZTY4NTEwYjAtM2NmMi00MmViLTgyOGItNGVkNjMwNjQyMmVh&state=CfDJ8MKYeJ71b-9CueOVG07N9ivkk654DnU8_ToBsp41vINZlG9-FkWmB2bVtsDDqCROMDooA8OXWbIHfICL5YcfgafGkgdX0oSCqxq1DyINzkAzwKKoUWJIoZ_gTgT9xBqv6lUUVaYDK7EnzpCNRSk4nvcFJrI9G87rZjJIFk-wEi4euqVyY3y8kLKPpfP0m-dl0FBXHnImlxu7HVzxJj42A0Y_bMqLlgOIwxo4Kgi2G0C9SMI4ImjoWWajJn2SQAffb3ckBanhbjwwl9gu8CsZ6ZbDUTRj-exnF-xSf4z-T0_2onDJH6_0_dGbZs-YtdB2pg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.6.0.0	false		unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 19:00:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	15E3F4FA32F57500F9560346EA39A85F	48E6A5BE76C8DE6592283FCC33587AEB9643DFF1	3BA26FC72DE1980D7A23127C9EB83E42B03B763E92CFBB4FDD1A3F99A5AFAF63
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 19:00:42 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	CD22B6F695FE40B717FD29548A49A469	805F89491F5BD2B85E8B4B1C2DC0D168CDD05340	91F4EEC03C553A3ADABB1CE49A0CC8F5F348AE4A6A0A438B948F234B5E6B4D11
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	7FB6EBE3189BC6ABA30A198703BFA792	2890FF0F4B75840BD2E3174FD62F0A733D4B3F6E	867F0F57CD832F128533377F8B8CC2CFE47B13D73FABB06034340D3075ECC004
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 19:00:42 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	FB7089B925841ED8B33099A51500AA37	AB4157B4D99BD622B29F0F850B191BB2940DDEE2	F3AD1BFD0584C8A19EC18E378FD228B8B4A25D2699A1DA474DF6773C9C1E0E3E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 19:00:42 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	413206C6F118AA4ED4961EAA894950E8	BE8B90BAB80DB1780BE6F2D2A9D412BB5A31CB31	40737AF05C25841A4748EE1DFFDBB607C407E246C4431FF1724CAEF7432A30D2
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 19:00:42 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0AF934537EF87E9A77F48D8189BA92D7	5D3FC4090DBD449B313FDDC25C6D9F9C15DF8DC2	7DD04B03A0894915D58273D7642EEE6275E7D48C087646F4FDF2753F1FEBEC16

HTML body contains low number of good links

Source: https://imsoidc.bentley.com/connect/authorize?client_id=user-management&redirect_uri=https%3A%2F%2Fusermanagement.bentley.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20user-management%20bentley-admin-api%20notification-service-20%20entitlement-search-service-2576%20ulas-product-information-2727%20agreements-2354&response_mode=form_post&nonce=638676432446464491.YmFkZmFhY2UtYmU1NC00ZjY3LThhZGYtODBlMDJhZWQwYTczZTY4NTEwYjAtM2NmMi00MmViLTgyOGItNGVkNjMwNjQyMmVh&state=CfDJ8MKYeJ71b-9CueOVG07N9ivkk654DnU8_ToBsp41vINZlG9-FkWmB2bVtsDDqCROMDooA8OXWbIHfICL5YcfgafGkgdX0oSCqxq1DyINzkAzwKKoUWJIoZ_gTgT9xBqv6lUUVaYDK7EnzpCNRSk4nvcFJrI9G87rZjJIFk-wEi4euqVyY3y8kLKPpfP0m-dl0FBXHnImlxu7HVzxJj42A0Y_bMqLlgOIwxo4Kgi2G0C9SMI4ImjoWWajJn2SQAffb3ckBanhbjwwl9gu8CsZ6ZbDUTRj-exnF-xSf4z-T0_2onDJH6_0_dGbZs-YtdB2pg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.6.0.0	HTTP Parser: Number of links: 0
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: Number of links: 1

HTML page contains hidden javascript code

Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping

HTTP Parser: Base64 decoded: badfaace-be54-4f67-8adf-80e02aed0a73e68510b0-3cf2-42eb-828b-4ed6306422ea

HTML title does not match URL

Source: https://imsoidc.bentley.com/connect/authorize?client_id=user-management&redirect_uri=https%3A%2F%2Fusermanagement.bentley.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20user-management%20bentley-admin-api%20notification-service-20%20entitlement-search-service-2576%20ulas-product-information-2727%20agreements-2354&response_mode=form_post&nonce=638676432446464491.YmFkZmFhY2UtYmU1NC00ZjY3LThhZGYtODBlMDJhZWQwYTczZTY4NTEwYjAtM2NmMi00MmViLTgyOGItNGVkNjMwNjQyMmVh&state=CfDJ8MKYeJ71b-9CueOVG07N9ivkk654DnU8_ToBsp41vINZlG9-FkWmB2bVtsDDqCROMDooA8OXWbIHfICL5YcfgafGkgdX0oSCqxq1DyINzkAzwKKoUWJIoZ_gTgT9xBqv6lUUVaYDK7EnzpCNRSk4nvcFJrI9G87rZjJIFk-wEi4euqVyY3y8kLKPpfP0m-dl0FBXHnImlxu7HVzxJj42A0Y_bMqLlgOIwxo4Kgi2G0C9SMI4ImjoWWajJn2SQAffb3ckBanhbjwwl9gu8CsZ6ZbDUTRj-exnF-xSf4z-T0_2onDJH6_0_dGbZs-YtdB2pg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.6.0.0	HTTP Parser: Title: Sign In does not match URL
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: Title: Sign In does not match URL

Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping

HTTP Parser: <input type="password" .../> found

Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: No favicon
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: No favicon

Source: https://imsoidc.bentley.com/connect/authorize?client_id=user-management&redirect_uri=https%3A%2F%2Fusermanagement.bentley.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20user-management%20bentley-admin-api%20notification-service-20%20entitlement-search-service-2576%20ulas-product-information-2727%20agreements-2354&response_mode=form_post&nonce=638676432446464491.YmFkZmFhY2UtYmU1NC00ZjY3LThhZGYtODBlMDJhZWQwYTczZTY4NTEwYjAtM2NmMi00MmViLTgyOGItNGVkNjMwNjQyMmVh&state=CfDJ8MKYeJ71b-9CueOVG07N9ivkk654DnU8_ToBsp41vINZlG9-FkWmB2bVtsDDqCROMDooA8OXWbIHfICL5YcfgafGkgdX0oSCqxq1DyINzkAzwKKoUWJIoZ_gTgT9xBqv6lUUVaYDK7EnzpCNRSk4nvcFJrI9G87rZjJIFk-wEi4euqVyY3y8kLKPpfP0m-dl0FBXHnImlxu7HVzxJj42A0Y_bMqLlgOIwxo4Kgi2G0C9SMI4ImjoWWajJn2SQAffb3ckBanhbjwwl9gu8CsZ6ZbDUTRj-exnF-xSf4z-T0_2onDJH6_0_dGbZs-YtdB2pg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.6.0.0	HTTP Parser: No <meta name="author".. found
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: No <meta name="author".. found
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: No <meta name="author".. found

Source: https://imsoidc.bentley.com/connect/authorize?client_id=user-management&redirect_uri=https%3A%2F%2Fusermanagement.bentley.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20user-management%20bentley-admin-api%20notification-service-20%20entitlement-search-service-2576%20ulas-product-information-2727%20agreements-2354&response_mode=form_post&nonce=638676432446464491.YmFkZmFhY2UtYmU1NC00ZjY3LThhZGYtODBlMDJhZWQwYTczZTY4NTEwYjAtM2NmMi00MmViLTgyOGItNGVkNjMwNjQyMmVh&state=CfDJ8MKYeJ71b-9CueOVG07N9ivkk654DnU8_ToBsp41vINZlG9-FkWmB2bVtsDDqCROMDooA8OXWbIHfICL5YcfgafGkgdX0oSCqxq1DyINzkAzwKKoUWJIoZ_gTgT9xBqv6lUUVaYDK7EnzpCNRSk4nvcFJrI9G87rZjJIFk-wEi4euqVyY3y8kLKPpfP0m-dl0FBXHnImlxu7HVzxJj42A0Y_bMqLlgOIwxo4Kgi2G0C9SMI4ImjoWWajJn2SQAffb3ckBanhbjwwl9gu8CsZ6ZbDUTRj-exnF-xSf4z-T0_2onDJH6_0_dGbZs-YtdB2pg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.6.0.0	HTTP Parser: No <meta name="copyright".. found
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: No <meta name="copyright".. found
Source: https://imsoidc.bentley.com/as/gMxxa/resume/as/authorization.ping	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:64189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:64190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:64191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:64192 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:64181 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212

Source: global traffic	DNS traffic detected: DNS query: u8411862.ct.sendgrid.net
Source: global traffic	DNS traffic detected: DNS query: usermanagement.bentley.com
Source: global traffic	DNS traffic detected: DNS query: imsoidc.bentley.com
Source: global traffic	DNS traffic detected: DNS query: connect-cdn.bentley.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 64211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64183
Source: unknown	Network traffic detected: HTTP traffic on port 64209 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64185
Source: unknown	Network traffic detected: HTTP traffic on port 64205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64210
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64194
Source: unknown	Network traffic detected: HTTP traffic on port 64208 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64196
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64190
Source: unknown	Network traffic detected: HTTP traffic on port 64189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64188
Source: unknown	Network traffic detected: HTTP traffic on port 64192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64203 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 64199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 64188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64208
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64207
Source: unknown	Network traffic detected: HTTP traffic on port 64190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64209
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64200
Source: unknown	Network traffic detected: HTTP traffic on port 64194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64202
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64203
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64206
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 64198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 64205

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:64189 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:64190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:64191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:64192 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@23/6@16/162

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1960,i,3742538601927572042,17691553218836612508,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://u8411862.ct.sendgrid.net/ls/click?upn=u001.L4PK-2B0-2BuGt9pUFq-2FA3Op7Q-2F-2F9qb88t-2BRGAR6VDZa-2FLvCRsA1Ac7AajOPJIbQO7IP307a6xjNpvY8ZU7zRp9oyg-3D-3DE1Fg_CPebASiKsSpOAa3SLW44RsJxX9ZLglP0y4de2rxHefrHjZqY5SRIy9wKYZ9ERHf3zKK6o7ixiO4r4HIIwwj5RfSWrFWq-2FUbkZI-2FrBFl28oYsoQhEIuqeOt-2BjCiFlWuLC4rDomVqHzNhdvSab-2F-2Fw8d5IAtmQQI0BdCul9u12mfWcV4mFdLlsTdv9empaAUbuFjvZWnyaUm8GOERw44MojSA-3D-3D"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1960,i,3742538601927572042,17691553218836612508,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

ID:	1558832
Product:	CloudBasic
Start time:	21:00:14
Start date:	19.11.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs