Windows Analysis Report
https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome

Overview

General Information

Sample URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome
Analysis ID:	1500769
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Form action URLs do not match main URL

HTML body contains low number of good links

HTML page contains hidden javascript code

No HTML title found

Classification

Signatures

Form action URLs do not match main URL

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: Form action: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml saviyntcloud bakerhughes

HTML body contains low number of good links

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: Base64 decoded: <?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest AssertionConsumerServiceURL="https://bhge-ofse.saviyntcloud.com/ECM/saml/SSO/alias/SaviyntSP" Destination="https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16ey...

No HTML title found

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: HTML title missing

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358	HTTP Parser: No favicon
Source: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml	HTTP Parser: No favicon

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: No <meta name="author".. found

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49783 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 39MB

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/css/sections/errors-v2.css HTTP/1.1Host: login.bakerhughes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/samlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ONtwwWgmvAW9Ctn&MD=OmH9Klcz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/bco/1/fs0tfevy7o2rpptBi357 HTTP/1.1Host: ok7static.oktacdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.bakerhughes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.bakerhughes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/samlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
Source: global traffic	HTTP traffic detected: GET /fs/bco/1/fs0tfevy7o2rpptBi357 HTTP/1.1Host: ok7static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.bakerhughes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: login.bakerhughes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ONtwwWgmvAW9Ctn&MD=OmH9Klcz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: chromecache_67.2.dr

String found in binary or memory: * Facebook [ https://www.facebook.com/Icons8 ] equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: bhge-ofse.saviyntcloud.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.bakerhughes.com
Source: global traffic	DNS traffic detected: DNS query: ok7static.oktacdn.com

Source: unknown

HTTP traffic detected: POST /app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml HTTP/1.1Host: login.bakerhughes.comConnection: keep-aliveContent-Length: 862Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://bhge-ofse.saviyntcloud.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://bhge-ofse.saviyntcloud.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:08:11 GMTServer: nginxContent-Type: text/html;charset=utf-8Content-Length: 1810Vary: Accept-Encodingx-okta-request-id: Zs-Dq4YRsbmO6YLpn_hEwAAABikx-xss-protection: 0content-security-policy: frame-ancestors 'self'referrer-policy: strict-origin-when-cross-originaccept-ch: Sec-CH-UA-Platform-Versioncache-control: no-cache, no-storepragma: no-cacheexpires: 0content-security-policy-report-only: default-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; connect-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com .oktacdn.com .mixpanel.com .mapbox.com .mtls.okta.com bhconnect.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; style-src 'unsafe-inline' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; frame-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com login.okta.com .vidyard.com; img-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com .tiles.mapbox.com .mapbox.com .vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' bhconnect.okta.com login.bakerhughes.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'x-frame-options: SAMEORIGINx-content-type-options: nosniffcontent-language: enStrict-Transport-Security: max-age=315360000; includeSubDomainsset-cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; Path=/; Secure; HttpOnlyset-cookie: t=default; Path=/set-cookie: DT=DI16SriRKWjQp2W1HLhAMMtsw;Version=1;Path=/;Max-Age=63072000;Secure;Expires=Fri, 28 Aug 2026 20:08:11 GMT;HttpOnly;SameSite=NoneConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:08:21 GMTServer: nginxContent-Type: text/html;charset=utf-8Content-Length: 1810Vary: Accept-Encodingx-content-type-options: nosniffx-okta-request-id: Zs-DtWmjwss58rkouV8F6gAABucx-xss-protection: 0content-security-policy: frame-ancestors 'self'referrer-policy: strict-origin-when-cross-originaccept-ch: Sec-CH-UA-Platform-Versioncache-control: no-cache, no-storepragma: no-cacheexpires: 0content-security-policy-report-only: default-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; connect-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com .oktacdn.com .mixpanel.com .mapbox.com .mtls.okta.com bhconnect.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; style-src 'unsafe-inline' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; frame-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com login.okta.com .vidyard.com; img-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com .tiles.mapbox.com .mapbox.com .vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' bhconnect.okta.com login.bakerhughes.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'x-frame-options: SAMEORIGINcontent-language: enStrict-Transport-Security: max-age=315360000; includeSubDomainsset-cookie: JSESSIONID=AA0C6AB0AE8746894F1338E8923DD6E3; Path=/; Secure; HttpOnlyset-cookie: t=default; Path=/Connection: close

Source: chromecache_80.2.dr	String found in binary or memory: https://fengyuanchen.github.io/cropperjs
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nDrXyi0A.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nErXyi0A.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nFrXyi0A.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nMrXyi0A.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nPrXyi0A.woff2)
Source: chromecache_62.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/FontCustom/fontcustom
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/icons8
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/14
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/4
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/suitcss/base
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/tailwindcss/tailwindcss/issues/362
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/tailwindcss/tailwindcss/pull/116
Source: chromecache_62.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_67.2.dr	String found in binary or memory: https://icons8.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://icons8.com/contact
Source: chromecache_67.2.dr	String found in binary or memory: https://icons8.com/good-boy-license/
Source: chromecache_67.2.dr	String found in binary or memory: https://icons8.com/line-awesome
Source: chromecache_67.2.dr	String found in binary or memory: https://plus.google.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://twitter.com/icons_8

Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: unknown	HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49783 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@18/45@16/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2544,i,12839140376948361460,16293769373542387914,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2544,i,12839140376948361460,16293769373542387914,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.161.82.77	unknown	United States	16509	AMAZON-02US	false
142.250.185.68	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
15.197.151.86	a9d4dea8e2661b2ed.awsglobalaccelerator.com	United States	7430	TANDEMUS	false
18.65.39.13	d3l0l8wekhoecn.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
172.217.23.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
d3l0l8wekhoecn.cloudfront.net	18.65.39.13	true
www.google.com	172.217.23.100	true
a9d4dea8e2661b2ed.awsglobalaccelerator.com	15.197.151.86	true
login.bakerhughes.com	unknown	unknown
ok7static.oktacdn.com	unknown	unknown
bhge-ofse.saviyntcloud.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://login.bakerhughes.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://login.bakerhughes.com/assets/css/sections/errors-v2.css	false	Avira URL Cloud: safe	unknown
https://login.bakerhughes.com/	false		unknown
https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome	false		unknown
https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358	false		unknown
https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml	false		unknown
https://ok7static.oktacdn.com/fs/bco/1/fs0tfevy7o2rpptBi357	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 59	ASCII text, with very long lines (65461)	5C0588D0F699E95EB13484E1124CFB99	7886FA30462F01D0C4568FFDF9A9B0CC8DED9CE2	3C76EDF830950C6592D9D1DC8A808A56D4E871022F348C6134A14304B3A23A47
Chrome Cache Entry: 60	ASCII text	80127BA5C47706686501006723BA83DA	A0AF4ECF251187B0203FF095D16F850CC57A38C1	07D7429F55979AF1968161A3EB812A39C797F9C3E2F0FD88AECBF1EA741349C1
Chrome Cache Entry: 61	JSON data	4CE05AC4B95272BDCB0903BFA8FB5827	AD653224A6036E4A23EDD022BF4758EB2464569C	F01044F410F3D2EEE5E6E621A677FB9B4639C274D0195061FF640ED5789AB883
Chrome Cache Entry: 62	ASCII text, with very long lines (26438)	206C0F79B0EA46F612CCA8A980FB51F2	212CD218A3BA9B4C5299CEAC05C8BAF62B19BB8C	DAAFE8915A904934F9BDEDBD9ACD7610C4758D3D47DF0A1C6075D062E5660959
Chrome Cache Entry: 63	HTML document, ASCII text, with very long lines (6249), with no line terminators	74C7E46736195929A1DCADC3E20583B2	4EB49B643CB5CD77C6BC6BC2F1CD99485A8E4988	E1B7D1EEF6B650AD7DD085CF93C518608D825F0453C4F233960FCBFCA861C107
Chrome Cache Entry: 64	ASCII text, with very long lines (65536), with no line terminators	EBE166C0B8880908EDA9CB32A427FE8F	A5C344FFC8D8EABBA18E65899444BB78B91376C7	0BB0CF8F2DE39A40AFF4AF775318C4C8EA254B14ABC228228BA94944880C2BC0
Chrome Cache Entry: 65	GIF image data, version 89a, 68 x 68	D79EB93784D661C8829996FED20BA23E	210D59895100632989A44AA5FAE822764BA82F18	118CEEC65A796477B7928B4E40DFCC49235CEB5A5B81A88870AEE37B6B04E2BB
Chrome Cache Entry: 66	ASCII text	71D6A57D21337114032CA39B294F3591	ADA1D867672276F16EF4D3B8A46A519FBA8E3D4E	36B2057EB5EEF261A2CBB8C149DCF3A11EDAA15CCD8E3D462EB34999F5FF8F2A
Chrome Cache Entry: 67	ASCII text, with very long lines (27557)	4334C8C70998D81BDE3E6765828811A6	DE27D3920885BE830EBA8B77FF1C3B320AFC5B98	1E8638F605575BD335D49EFA95E165ADF7EF06DDA8E367661AC2517A0A3A96B4
Chrome Cache Entry: 68	JSON data	2F717775D17BF3A581ACF2903353545F	C2D2CDBA08A79B51C4000AD16D7A72D91A515727	9A67EEFF859EAEDEECE4420D541ED2577C19FF7599C0FB70CA53681FE20CCF95
Chrome Cache Entry: 69	ASCII text	B1873CEA5CA06CBCB3D5FA71D8B72924	1008FC738E579EDC5E70E7FDF7A04869D149A259	FCA4812BA3833470C5DC5870BACB63649694DDE200E64A8FF1BE6D285F2C44BF
Chrome Cache Entry: 70	PNG image data, 300 x 46, 8-bit/color RGBA, non-interlaced	079198E0DCC3F16BFD74913A2F974115	5BAED81FE886A5A7125AD64CC311C5E2DC30E783	B8895771C0644EF9F321A054357C8AA8591D7D3BEC37FA7B19CC02AFCFCB1174
Chrome Cache Entry: 71	GIF image data, version 89a, 68 x 68	D79EB93784D661C8829996FED20BA23E	210D59895100632989A44AA5FAE822764BA82F18	118CEEC65A796477B7928B4E40DFCC49235CEB5A5B81A88870AEE37B6B04E2BB
Chrome Cache Entry: 72	Unicode text, UTF-8 text	9656936CC57CE427AF6BAF8F3A9F70B3	0C6FBB7447C6D29D38DC25233B605B5394589EDD	72751AAD08822469CE439FB18431FD4F50F86A6D37DF879A6F595EC6B3268444
Chrome Cache Entry: 73	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	449C9DD651DB589388B721EB2496F5B0	64F3B213A89A00F7B0940271576ECC72280236F7	F9E86FB363A05F75AB3B525439D46BF4911D4CD4AE94C656C0198206374002AA
Chrome Cache Entry: 74	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	D1AD95EC42BD1F77E99C98727A2742F8	A3FF8BC557B5C7DA32F8C035FA9E7AEC718E331A	9226E77677EC685D913D214CD168E41FFCAF67930C929E48604145F4017FA482
Chrome Cache Entry: 75	ASCII text, with very long lines (65461)	5C0588D0F699E95EB13484E1124CFB99	7886FA30462F01D0C4568FFDF9A9B0CC8DED9CE2	3C76EDF830950C6592D9D1DC8A808A56D4E871022F348C6134A14304B3A23A47
Chrome Cache Entry: 76	ASCII text, with very long lines (65536), with no line terminators	DD8176D7F4124BDC4311A5DB92324AC5	5DB91D80F8AF98F3370D091D20523CFCDA519D76	0C6E5D494BF5D9D2591DB8E58FF88C0724DC4EB047F23B413B2C69F2BE6630D3
Chrome Cache Entry: 77	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	449C9DD651DB589388B721EB2496F5B0	64F3B213A89A00F7B0940271576ECC72280236F7	F9E86FB363A05F75AB3B525439D46BF4911D4CD4AE94C656C0198206374002AA
Chrome Cache Entry: 78	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	D1AD95EC42BD1F77E99C98727A2742F8	A3FF8BC557B5C7DA32F8C035FA9E7AEC718E331A	9226E77677EC685D913D214CD168E41FFCAF67930C929E48604145F4017FA482
Chrome Cache Entry: 79	ASCII text, with very long lines (634)	F84C637018CCC6E6C79B562EEDBF99E3	5393C5C46C8F3C6A91F9730D0F802F6F1B6478D0	DDC39A60AEA4C25F0544D490086B056B68288AEEC90D7DAAADF1F9A66EC98A1B
Chrome Cache Entry: 80	Unicode text, UTF-8 text, with very long lines (40888)	8D80CE061F9B8BB8C660C7BEC7ECA883	B7E25FAD179F0EA09B909765B168B9A5BD4EB47E	72FCA1994ACF53C454EE45DFD407A8C8979B2502BC1B1435A126FABA9B9DE6C1
Chrome Cache Entry: 81	HTML document, ASCII text, with very long lines (6249), with no line terminators	74C7E46736195929A1DCADC3E20583B2	4EB49B643CB5CD77C6BC6BC2F1CD99485A8E4988	E1B7D1EEF6B650AD7DD085CF93C518608D825F0453C4F233960FCBFCA861C107
Chrome Cache Entry: 82	JSON data	4CE05AC4B95272BDCB0903BFA8FB5827	AD653224A6036E4A23EDD022BF4758EB2464569C	F01044F410F3D2EEE5E6E621A677FB9B4639C274D0195061FF640ED5789AB883
Chrome Cache Entry: 83	ASCII text, with very long lines (65536), with no line terminators	EBE166C0B8880908EDA9CB32A427FE8F	A5C344FFC8D8EABBA18E65899444BB78B91376C7	0BB0CF8F2DE39A40AFF4AF775318C4C8EA254B14ABC228228BA94944880C2BC0
Chrome Cache Entry: 84	PNG image data, 300 x 46, 8-bit/color RGBA, non-interlaced	079198E0DCC3F16BFD74913A2F974115	5BAED81FE886A5A7125AD64CC311C5E2DC30E783	B8895771C0644EF9F321A054357C8AA8591D7D3BEC37FA7B19CC02AFCFCB1174

Form action URLs do not match main URL

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: Form action: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml saviyntcloud bakerhughes

HTML body contains low number of good links

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

No HTML title found

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: HTML title missing

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358	HTTP Parser: No favicon
Source: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml	HTTP Parser: No favicon

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: No <meta name="author".. found

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49783 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 39MB

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/css/sections/errors-v2.css HTTP/1.1Host: login.bakerhughes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/samlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ONtwwWgmvAW9Ctn&MD=OmH9Klcz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/bco/1/fs0tfevy7o2rpptBi357 HTTP/1.1Host: ok7static.oktacdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.bakerhughes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.bakerhughes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/samlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
Source: global traffic	HTTP traffic detected: GET /fs/bco/1/fs0tfevy7o2rpptBi357 HTTP/1.1Host: ok7static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.bakerhughes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: login.bakerhughes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ONtwwWgmvAW9Ctn&MD=OmH9Klcz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: chromecache_67.2.dr

String found in binary or memory: * Facebook [ https://www.facebook.com/Icons8 ] equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: bhge-ofse.saviyntcloud.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.bakerhughes.com
Source: global traffic	DNS traffic detected: DNS query: ok7static.oktacdn.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:08:11 GMTServer: nginxContent-Type: text/html;charset=utf-8Content-Length: 1810Vary: Accept-Encodingx-okta-request-id: Zs-Dq4YRsbmO6YLpn_hEwAAABikx-xss-protection: 0content-security-policy: frame-ancestors 'self'referrer-policy: strict-origin-when-cross-originaccept-ch: Sec-CH-UA-Platform-Versioncache-control: no-cache, no-storepragma: no-cacheexpires: 0content-security-policy-report-only: default-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; connect-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com .oktacdn.com .mixpanel.com .mapbox.com .mtls.okta.com bhconnect.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; style-src 'unsafe-inline' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; frame-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com login.okta.com .vidyard.com; img-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com .tiles.mapbox.com .mapbox.com .vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' bhconnect.okta.com login.bakerhughes.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'x-frame-options: SAMEORIGINx-content-type-options: nosniffcontent-language: enStrict-Transport-Security: max-age=315360000; includeSubDomainsset-cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; Path=/; Secure; HttpOnlyset-cookie: t=default; Path=/set-cookie: DT=DI16SriRKWjQp2W1HLhAMMtsw;Version=1;Path=/;Max-Age=63072000;Secure;Expires=Fri, 28 Aug 2026 20:08:11 GMT;HttpOnly;SameSite=NoneConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:08:21 GMTServer: nginxContent-Type: text/html;charset=utf-8Content-Length: 1810Vary: Accept-Encodingx-content-type-options: nosniffx-okta-request-id: Zs-DtWmjwss58rkouV8F6gAABucx-xss-protection: 0content-security-policy: frame-ancestors 'self'referrer-policy: strict-origin-when-cross-originaccept-ch: Sec-CH-UA-Platform-Versioncache-control: no-cache, no-storepragma: no-cacheexpires: 0content-security-policy-report-only: default-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; connect-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com .oktacdn.com .mixpanel.com .mapbox.com .mtls.okta.com bhconnect.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; style-src 'unsafe-inline' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; frame-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com login.okta.com .vidyard.com; img-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com .tiles.mapbox.com .mapbox.com .vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' bhconnect.okta.com login.bakerhughes.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'x-frame-options: SAMEORIGINcontent-language: enStrict-Transport-Security: max-age=315360000; includeSubDomainsset-cookie: JSESSIONID=AA0C6AB0AE8746894F1338E8923DD6E3; Path=/; Secure; HttpOnlyset-cookie: t=default; Path=/Connection: close

Source: chromecache_80.2.dr	String found in binary or memory: https://fengyuanchen.github.io/cropperjs
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nDrXyi0A.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nErXyi0A.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nFrXyi0A.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nMrXyi0A.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nPrXyi0A.woff2)
Source: chromecache_62.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/FontCustom/fontcustom
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/icons8
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/14
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/4
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/suitcss/base
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/tailwindcss/tailwindcss/issues/362
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/tailwindcss/tailwindcss/pull/116
Source: chromecache_62.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_67.2.dr	String found in binary or memory: https://icons8.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://icons8.com/contact
Source: chromecache_67.2.dr	String found in binary or memory: https://icons8.com/good-boy-license/
Source: chromecache_67.2.dr	String found in binary or memory: https://icons8.com/line-awesome
Source: chromecache_67.2.dr	String found in binary or memory: https://plus.google.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://twitter.com/icons_8

Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: unknown	HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49783 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@18/45@16/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2544,i,12839140376948361460,16293769373542387914,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2544,i,12839140376948361460,16293769373542387914,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1500769
Product:	CloudBasic
Start time:	22:07:03
Start date:	28.08.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome