Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome

Overview

General Information

Sample URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome
Analysis ID:	1500769
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Form action URLs do not match main URL

HTML body contains low number of good links

HTML page contains hidden javascript code

No HTML title found

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 4924 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4180 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2544,i,12839140376948361460,16293769373542387914,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6516 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: Form action: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml saviyntcloud bakerhughes

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: Number of links: 0

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: Base64 decoded: <?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest AssertionConsumerServiceURL="https://bhge-ofse.saviyntcloud.com/ECM/saml/SSO/alias/SaviyntSP" Destination="https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16ey...

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: HTML title missing

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358	HTTP Parser: No favicon
Source: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml	HTTP Parser: No favicon

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: No <meta name="author".. found

Source: https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49783 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 0MB later: 39MB

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 23.53.114.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/css/sections/errors-v2.css HTTP/1.1Host: login.bakerhughes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/samlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ONtwwWgmvAW9Ctn&MD=OmH9Klcz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/bco/1/fs0tfevy7o2rpptBi357 HTTP/1.1Host: ok7static.oktacdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.bakerhughes.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.bakerhughes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/samlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
Source: global traffic	HTTP traffic detected: GET /fs/bco/1/fs0tfevy7o2rpptBi357 HTTP/1.1Host: ok7static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.bakerhughes.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: login.bakerhughes.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ONtwwWgmvAW9Ctn&MD=OmH9Klcz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: chromecache_67.2.dr

String found in binary or memory: * Facebook [ https://www.facebook.com/Icons8 ] equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: bhge-ofse.saviyntcloud.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: login.bakerhughes.com
Source: global traffic	DNS traffic detected: DNS query: ok7static.oktacdn.com

Source: unknown

HTTP traffic detected: POST /app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml HTTP/1.1Host: login.bakerhughes.comConnection: keep-aliveContent-Length: 862Cache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://bhge-ofse.saviyntcloud.comContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://bhge-ofse.saviyntcloud.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:08:11 GMTServer: nginxContent-Type: text/html;charset=utf-8Content-Length: 1810Vary: Accept-Encodingx-okta-request-id: Zs-Dq4YRsbmO6YLpn_hEwAAABikx-xss-protection: 0content-security-policy: frame-ancestors 'self'referrer-policy: strict-origin-when-cross-originaccept-ch: Sec-CH-UA-Platform-Versioncache-control: no-cache, no-storepragma: no-cacheexpires: 0content-security-policy-report-only: default-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; connect-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com .oktacdn.com .mixpanel.com .mapbox.com .mtls.okta.com bhconnect.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; style-src 'unsafe-inline' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; frame-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com login.okta.com .vidyard.com; img-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com .tiles.mapbox.com .mapbox.com .vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' bhconnect.okta.com login.bakerhughes.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'x-frame-options: SAMEORIGINx-content-type-options: nosniffcontent-language: enStrict-Transport-Security: max-age=315360000; includeSubDomainsset-cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; Path=/; Secure; HttpOnlyset-cookie: t=default; Path=/set-cookie: DT=DI16SriRKWjQp2W1HLhAMMtsw;Version=1;Path=/;Max-Age=63072000;Secure;Expires=Fri, 28 Aug 2026 20:08:11 GMT;HttpOnly;SameSite=NoneConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:08:21 GMTServer: nginxContent-Type: text/html;charset=utf-8Content-Length: 1810Vary: Accept-Encodingx-content-type-options: nosniffx-okta-request-id: Zs-DtWmjwss58rkouV8F6gAABucx-xss-protection: 0content-security-policy: frame-ancestors 'self'referrer-policy: strict-origin-when-cross-originaccept-ch: Sec-CH-UA-Platform-Versioncache-control: no-cache, no-storepragma: no-cacheexpires: 0content-security-policy-report-only: default-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; connect-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com .oktacdn.com .mixpanel.com .mapbox.com .mtls.okta.com bhconnect.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; style-src 'unsafe-inline' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; frame-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com login.okta.com .vidyard.com; img-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com .tiles.mapbox.com .mapbox.com .vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' bhconnect.okta.com login.bakerhughes.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'x-frame-options: SAMEORIGINcontent-language: enStrict-Transport-Security: max-age=315360000; includeSubDomainsset-cookie: JSESSIONID=AA0C6AB0AE8746894F1338E8923DD6E3; Path=/; Secure; HttpOnlyset-cookie: t=default; Path=/Connection: close

Source: chromecache_80.2.dr	String found in binary or memory: https://fengyuanchen.github.io/cropperjs
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nBrXw.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nDrXyi0A.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nErXyi0A.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nFrXyi0A.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nMrXyi0A.woff2)
Source: chromecache_79.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nPrXyi0A.woff2)
Source: chromecache_62.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/FontCustom/fontcustom
Source: chromecache_67.2.dr	String found in binary or memory: https://github.com/icons8
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/14
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/mozdevs/cssremedy/issues/4
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/suitcss/base
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/tailwindcss/tailwindcss/issues/362
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/tailwindcss/tailwindcss/pull/116
Source: chromecache_62.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_67.2.dr	String found in binary or memory: https://icons8.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://icons8.com/contact
Source: chromecache_67.2.dr	String found in binary or memory: https://icons8.com/good-boy-license/
Source: chromecache_67.2.dr	String found in binary or memory: https://icons8.com/line-awesome
Source: chromecache_67.2.dr	String found in binary or memory: https://plus.google.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://twitter.com/icons_8

Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767

Source: unknown	HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.53.114.19:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49783 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@18/45@16/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2544,i,12839140376948361460,16293769373542387914,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2544,i,12839140376948361460,16293769373542387914,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Extra Window Memory Injection	1 Extra Window Memory Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://getbootstrap.com/)	0%	URL Reputation	safe
https://icons8.com/	0%	Avira URL Cloud	safe
https://github.com/mozdevs/cssremedy/issues/14	0%	Avira URL Cloud	safe
https://github.com/FontCustom/fontcustom	0%	Avira URL Cloud	safe
https://plus.google.com/	0%	Avira URL Cloud	safe
https://login.bakerhughes.com/assets/css/sections/errors-v2.css	0%	Avira URL Cloud	safe
https://login.bakerhughes.com/favicon.ico	0%	Avira URL Cloud	safe
https://github.com/twbs/bootstrap/blob/master/LICENSE)	0%	Avira URL Cloud	safe
https://icons8.com/good-boy-license/	0%	Avira URL Cloud	safe
https://github.com/mozdevs/cssremedy/issues/4	0%	Avira URL Cloud	safe
https://github.com/suitcss/base	0%	Avira URL Cloud	safe
https://github.com/tailwindcss/tailwindcss/issues/362	0%	Avira URL Cloud	safe
https://icons8.com/line-awesome	0%	Avira URL Cloud	safe
https://twitter.com/icons_8	0%	Avira URL Cloud	safe
https://github.com/icons8	0%	Avira URL Cloud	safe
https://icons8.com/contact	0%	Avira URL Cloud	safe
https://github.com/tailwindcss/tailwindcss/pull/116	0%	Avira URL Cloud	safe
https://ok7static.oktacdn.com/fs/bco/1/fs0tfevy7o2rpptBi357	0%	Avira URL Cloud	safe
https://fengyuanchen.github.io/cropperjs	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
d3l0l8wekhoecn.cloudfront.net	18.65.39.13	true	false		unknown
www.google.com	172.217.23.100	true	false		unknown
a9d4dea8e2661b2ed.awsglobalaccelerator.com	15.197.151.86	true	false		unknown
login.bakerhughes.com	unknown	unknown	false		unknown
ok7static.oktacdn.com	unknown	unknown	false		unknown
bhge-ofse.saviyntcloud.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://login.bakerhughes.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://login.bakerhughes.com/assets/css/sections/errors-v2.css	false	Avira URL Cloud: safe	unknown
https://login.bakerhughes.com/	false		unknown
https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome	false		unknown
https://bhge-ofse.saviyntcloud.com/ECM/login/index?login=true&idp=http://www.okta.com/exk16eygv62QN1bST358	false		unknown
https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml	false		unknown
https://ok7static.oktacdn.com/fs/bco/1/fs0tfevy7o2rpptBi357	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://icons8.com/good-boy-license/	chromecache_67.2.dr	false	Avira URL Cloud: safe	unknown
https://plus.google.com/	chromecache_67.2.dr	false	Avira URL Cloud: safe	unknown
https://icons8.com/	chromecache_67.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/suitcss/base	chromecache_69.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/mozdevs/cssremedy/issues/4	chromecache_69.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/FontCustom/fontcustom	chromecache_67.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_62.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/mozdevs/cssremedy/issues/14	chromecache_69.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/icons8	chromecache_67.2.dr	false	Avira URL Cloud: safe	unknown
https://getbootstrap.com/)	chromecache_62.2.dr	false	URL Reputation: safe	unknown
https://github.com/tailwindcss/tailwindcss/pull/116	chromecache_69.2.dr	false	Avira URL Cloud: safe	unknown
https://fengyuanchen.github.io/cropperjs	chromecache_80.2.dr	false	Avira URL Cloud: safe	unknown
https://icons8.com/contact	chromecache_67.2.dr	false	Avira URL Cloud: safe	unknown
https://icons8.com/line-awesome	chromecache_67.2.dr	false	Avira URL Cloud: safe	unknown
https://twitter.com/icons_8	chromecache_67.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/tailwindcss/tailwindcss/issues/362	chromecache_69.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
3.161.82.77	unknown	United States		16509	AMAZON-02US	false
142.250.185.68	unknown	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
15.197.151.86	a9d4dea8e2661b2ed.awsglobalaccelerator.com	United States		7430	TANDEMUS	false
18.65.39.13	d3l0l8wekhoecn.cloudfront.net	United States		3	MIT-GATEWAYSUS	false
172.217.23.100	www.google.com	United States		15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1500769
Start date and time:	2024-08-28 22:07:03 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean2.win@18/45@16/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://login.bakerhughes.com/

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.186.142, 142.251.173.84, 34.104.35.123, 104.18.0.128, 104.18.1.128, 142.250.74.202, 199.232.214.172, 192.229.221.95, 142.250.186.131
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, bhge-ofse.saviyntcloud.com.cdn.cloudflare.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input

Output

URL: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml Model: jbxai

{
"brand":["Baker Hughes"],
"contains_trigger_text":false,
"prominent_button_name":"Go to Homepage",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 59

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65461)
Category:	downloaded
Size (bytes):	4413532
Entropy (8bit):	5.626043917614758
Encrypted:	false
SSDEEP:	49152:F6kUQ/hLj+TrBABtl116vfyCNU1dUio/OdWgZ95JHaLntj/8GcnEfBo:ckUGj+T1ABypioWdWgXaBj/8GNJo
MD5:	5C0588D0F699E95EB13484E1124CFB99
SHA1:	7886FA30462F01D0C4568FFDF9A9B0CC8DED9CE2
SHA-256:	3C76EDF830950C6592D9D1DC8A808A56D4E871022F348C6134A14304B3A23A47
SHA-512:	E973249865F1DFC10DFBF9E7ED407927462C70D8D2B805A86E3256DD7879AF5BB04B81E91528C8DF4F82270DCEDC977DE17AB1AE9A084DBD5D845C5F69849735
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/static/js/17.67f8cc71.chunk.js
Preview:	/! For license information please see 17.67f8cc71.chunk.js.LICENSE.txt /.(this["webpackJsonp@saviynt/host"]=this["webpackJsonp@saviynt/host"]\|\|[]).push([[17],[function(e,t,n){"use strict";e.exports=n(1131)},function(e,t,n){e.exports=n(1138)()},function(e,t,n){"use strict";e.exports=n(1290)},function(e,t,n){"use strict";function a(){return(a=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var a in n)Object.prototype.hasOwnProperty.call(n,a)&&(e[a]=n[a])}return e}).apply(this,arguments)}n.d(t,"a",(function(){return a}))},function(e,t,n){(function(e,a){var r;!function(i){var o=t,s=(e&&e.exports,"object"==typeof a&&a);s.global!==s&&s.window;var c="A range\u2019s `stop` value must be greater than or equal to the `start` value.",d="Invalid code point value. Code points range from U+000000 to U+10FFFF.",u=/\\x00([^0123456789]\|$)/g,l={},f=l.hasOwnProperty,p=function(e,t){for(var n=-1,a=e.length;++n<a;)t(e[n],n)},h=l.toString,g=functio

Chrome Cache Entry: 60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1911
Entropy (8bit):	4.893288566361781
Encrypted:	false
SSDEEP:	48:/FOvcF1NuagTB5t4/W7zkg4AFwaR1SBhVouQW7JW1X:9A1vB5K/jxAFwaR1SXVou1JW1X
MD5:	80127BA5C47706686501006723BA83DA
SHA1:	A0AF4ECF251187B0203FF095D16F850CC57A38C1
SHA-256:	07D7429F55979AF1968161A3EB812A39C797F9C3E2F0FD88AECBF1EA741349C1
SHA-512:	13F6A80F4204AB6BF8CDEDD0B9100F63219806EB84FABF03E6E3DE79796AD84B5BEF88E94CDE8701EA7E78A88424955BCE72F7BF4A6767BAC58DB300F572B44F
Malicious:	false
Reputation:	low
URL:	https://login.bakerhughes.com/assets/css/sections/errors-v2.css
Preview:	* {. box-sizing: border-box;.}..body {. background: #f9f9f9;. color: #777;. font-family: proxima-nova,Arial,Helvetica,sans-serif;.}..#header {. display: none;.}..#content {. background: #f9f9f9;.}...hide {. display: none;.}...login-bg-image {. background-position: 50%;. background-repeat: no-repeat;. background-size: cover;. bottom: 0;. left: 0;. position: fixed;. right: 0;. top: 0;. z-index: -5;.}...widget {. background: #fff;. box-shadow: 0 2px 0 rgba(175,175,175,.12);. margin: 100px auto 0;. min-width: 300px;. text-align: center;. width: 400px;.}...widget .container {. border: 1px solid #ddd;. padding: 40px;.}...widget .header img {. margin-bottom: 20px;. max-height: 40px;. max-width: 200px;.}...widget .illustration img {. margin-bottom: 15px;. margin-top: 20px;. max-width: 100px;.}...widget .illustration .error-code {. color: #e34843;. font-size: 72px;. font-weight: 900;.}...widget .content h2 {. color: #5e5e5e;. font-size: 26px;. font-weight: 60

Chrome Cache Entry: 61

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	231
Entropy (8bit):	5.0275248595486595
Encrypted:	false
SSDEEP:	6:YWQEGOpzOTm3gV22OCWmzMnOHMJxB5OHMJjnTqrbEb7D0XjOHML:YJEGtcgemNM55oMtnTqrblzoML
MD5:	4CE05AC4B95272BDCB0903BFA8FB5827
SHA1:	AD653224A6036E4A23EDD022BF4758EB2464569C
SHA-256:	F01044F410F3D2EEE5E6E621A677FB9B4639C274D0195061FF640ED5789AB883
SHA-512:	1E80B71B4E269D1ED0103407DBBE3D048C10E2FA4BB03F4D4D4EA43FC1CF38D33F026BDEE50243B62504FC3B5B3BBF4688CB26F43D69C6D6AAAC636B2E18FDAE
Malicious:	false
Reputation:	low
Preview:	{"name":"ui-track","profiles":["DEFAULT"],"propertySources":[{"source":{"PAM_SERVICES_ENABLED":"false","TASKRUNNERMS_ENABLED":"false","FEATURE_HTTPONLY_ACCESSTOKEN":"false","ES_LOGS_MAX_AGE_IN_DAYS":"7","AUTHMS_ENABLED":"false"}}]}

Chrome Cache Entry: 62

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (26438)
Category:	downloaded
Size (bytes):	26699
Entropy (8bit):	5.160661946362283
Encrypted:	false
SSDEEP:	192:W1IHOtrZRzoyHmUxwxabcxOSqi4LMB6pvrx4PqnFFXoN84Csjq454qHr32eWX:j8ZhoyHj9bcGQMpvTwN8bRiuX
MD5:	206C0F79B0EA46F612CCA8A980FB51F2
SHA1:	212CD218A3BA9B4C5299CEAC05C8BAF62B19BB8C
SHA-256:	DAAFE8915A904934F9BDEDBD9ACD7610C4758D3D47DF0A1C6075D062E5660959
SHA-512:	375F7719C6106BD0CB2773EF245C2A600B09D6778C688DA715F119039EC7AC1CF4A577CE2B70C6DF9DC583A16B337009D6B599E22503FD70CDC23E50122120F3
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/assets/css/bootstrap.purged.css
Preview:	/!. Bootstrap v4.3.1 (https://getbootstrap.com/). * Copyright 2011-2019 The Bootstrap Authors. * Copyright 2011-2019 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},:after,:before{box-sizing:bo

Chrome Cache Entry: 63

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (6249), with no line terminators
Category:	downloaded
Size (bytes):	6249
Entropy (8bit):	5.4767275889044145
Encrypted:	false
SSDEEP:	96:zmg/gyPtwcP3PiPstPryeT5RNFrtbOnv5kGiEiJXew5g0Rnk9vYgLPVEsG2X6Wc:/vP6+DyeT5RE3iJXew5g0+vh9t6Wc
MD5:	74C7E46736195929A1DCADC3E20583B2
SHA1:	4EB49B643CB5CD77C6BC6BC2F1CD99485A8E4988
SHA-256:	E1B7D1EEF6B650AD7DD085CF93C518608D825F0453C4F233960FCBFCA861C107
SHA-512:	FDFBCB03A309BCFB7F4E5F608B67A3DD3069F6535642DD7FDBAEFBEB79F4B7ADE70AF4598C2D31715E543235B198EDE14C65999A9CD63736D61E257BE683DEB0
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/assets/css/rubik-font.min.css
Preview:	<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="ui-version" content="%REACT_APP_GIT_SHA%"/><meta name="release-version" content="%REACT_APP_RELEASE_VERSION%"/><title></title><link rel="manifest" href="/manifest.json"/><link rel="icon" id="favicon" type="image/png" href="/favicon.ico" sizes="16x16"/><link href="https://fonts.googleapis.com/css?family=Rubik:400,500" rel="stylesheet" media="print" onload='this.media="all"'/><link rel="stylesheet" href="/ECMv6/assets/css/rubik-font.min.css"/><link rel="stylesheet" href="/ECMv6/assets/css/tailwind.css"/><link rel="stylesheet" href="/ECMv6/assets/css/line-awesome.min.css" media="print" onload='this.media="all"'/><link rel="stylesheet" href="/ECMv6/assets/css/bootstrap.purged.css" media="print" onload='this.media="all"'/><link rel="stylesheet" href="/ECMv6/assets/css/style.purged.css" media="print" onload='th

Chrome Cache Entry: 64

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	3684285
Entropy (8bit):	5.6716113801092005
Encrypted:	false
SSDEEP:	24576:L1DWVxIO/mph/Jf/KhXuK9PCPuKPuKLk0PLjfBBhbi/6IEeBvEWapHqqs+hdoQC:BaVxIfdEPCrk0PLjfRbi/6+EW6XoQC
MD5:	EBE166C0B8880908EDA9CB32A427FE8F
SHA1:	A5C344FFC8D8EABBA18E65899444BB78B91376C7
SHA-256:	0BB0CF8F2DE39A40AFF4AF775318C4C8EA254B14ABC228228BA94944880C2BC0
SHA-512:	594E001A4C449C2DB51A239A7F8F5FAB844B58921AB0220A9E02C4A49FC6C57AF1145D4C7E488696354100EC000EF20F001489182DC2C92CC5FA4EE713C9AC9F
Malicious:	false
Reputation:	low
Preview:	(this["webpackJsonp@saviynt/host"]=this["webpackJsonp@saviynt/host"]\|\|[]).push([[15],{1003:function(e,t,a){},1041:function(e,t,a){e.exports=a(2100)},109:function(e,t,a){"use strict";a.d(t,"g",(function(){return n})),a.d(t,"f",(function(){return l})),a.d(t,"d",(function(){return i})),a.d(t,"e",(function(){return o})),a.d(t,"a",(function(){return s})),a.d(t,"c",(function(){return r})),a.d(t,"b",(function(){return c})),a.d(t,"l",(function(){return d})),a.d(t,"n",(function(){return C})),a.d(t,"k",(function(){return m})),a.d(t,"m",(function(){return u})),a.d(t,"h",(function(){return p})),a.d(t,"j",(function(){return h})),a.d(t,"i",(function(){return g}));const n="kpiForm/neworupdateKpiFormCode",l="kpiForm/updateKPIAttributes",i="kpiForm/newKPIAttributes",o="kpiForm/REFRESH_HOME_KPI",s="kpiForm/FETCH_FEATURE_NAME_LIST",r="kpiForm/FETCH_FEATURE_NAME_LIST_SUCCESS",c="kpiForm/FETCH_FEATURE_NAME_LIST_FAILURE",d=(e,t)=>{let{codeStr:a,fileName:l}=e;return{type:n,payload:{resourceBody:a,fileName:l,

Chrome Cache Entry: 65

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 68 x 68
Category:	dropped
Size (bytes):	38457
Entropy (8bit):	7.195183027727392
Encrypted:	false
SSDEEP:	768:J+mO/KwKNHM9t2cNMRpAX22zjXa/YsJy/futletxWGEXS1pwID5sxO:J+msKwCHaHNGKX20jK/Vs/GHetYA1pwB
MD5:	D79EB93784D661C8829996FED20BA23E
SHA1:	210D59895100632989A44AA5FAE822764BA82F18
SHA-256:	118CEEC65A796477B7928B4E40DFCC49235CEB5A5B81A88870AEE37B6B04E2BB
SHA-512:	D0BF2C65F066F2296373E9DAB4314ABB6F54F85CE68559A927C131EA2EE9F3E5E0EA3ED7A0AC3ABB95E441A06F5E696E76D3BD2F62B6A0A206048E72BAD5B31B
Malicious:	false
Reputation:	low
Preview:	GIF89aD.D.................................................................................................... !!!"""###$$$%%%&&&'''((()))**+++,,,---...///000111222333444666;;;???CCCGGGJJJLLLNNNOOOPPPQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRSSSSSSSSSSSSSSSTTTTTTTTTUUUVVVWWWXXXYYY[[[\\\^^^aaadddjjjrrrxxx~~~..............................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,....D.D........H......\....#J.H....3j.... C..I...(S.\...0c.)3\._.j..F.".V.8.Z..Gi..)]..S-l..qj....w.i...W...)....v.]t..[...!\|&..ktUd..o"Nj.6.z.p....... 68.#C!.Q.).~Y..#9r..

Chrome Cache Entry: 66

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	569
Entropy (8bit):	4.896633254731508
Encrypted:	false
SSDEEP:	12:Uc11FP/sO6ZRoT6pHAciJkSAx/s6ZmOHc9n+5cMK00k14enEPCedG:3F8OYsKuJXYmOOk4TfenEPCD
MD5:	71D6A57D21337114032CA39B294F3591
SHA1:	ADA1D867672276F16EF4D3B8A46A519FBA8E3D4E
SHA-256:	36B2057EB5EEF261A2CBB8C149DCF3A11EDAA15CCD8E3D462EB34999F5FF8F2A
SHA-512:	BC5F5B55C2741FED993D5D25A36030028C388C8888EA2D1D1F24970AEC4F856CDA366940B99D54FF2D4D9AF16DF8DE39AB847A7BA2BE0B649DE1CE2C9E70A330
Malicious:	false
Reputation:	low
URL:	https://fonts.googleapis.com/icon?family=Material+Icons
Preview:	/* fallback */.@font-face {. font-family: 'Material Icons';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2) format('woff2');.}...material-icons {. font-family: 'Material Icons';. font-weight: normal;. font-style: normal;. font-size: 24px;. line-height: 1;. letter-spacing: normal;. text-transform: none;. display: inline-block;. white-space: nowrap;. word-wrap: normal;. direction: ltr;. -webkit-font-feature-settings: 'liga';. -webkit-font-smoothing: antialiased;.}.

Chrome Cache Entry: 67

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27557)
Category:	downloaded
Size (bytes):	28101
Entropy (8bit):	4.799557763132519
Encrypted:	false
SSDEEP:	384:+cMgnhpiWbEHJMdxefafwiYxM4EOXpJOccGfqVDiivbx0x+FZE:E2ci2yflYxMyZJOccGyVuivbx4+DE
MD5:	4334C8C70998D81BDE3E6765828811A6
SHA1:	DE27D3920885BE830EBA8B77FF1C3B320AFC5B98
SHA-256:	1E8638F605575BD335D49EFA95E165ADF7EF06DDA8E367661AC2517A0A3A96B4
SHA-512:	0340F7A2BB6053B2A8E42003EC0238ACF7CCF815D320D431028C83D1CF3B37A96D9CEB749E5C61828293D35B47FE306C2809D2A76E3FEE77F09D9124B5E5DE76
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/assets/css/line-awesome.min.css
Preview:	/!. Line Awesome 1.1.0 by @icons_8 - https://icons8.com/line-awesome. * License - https://icons8.com/good-boy-license/ (Font: SIL OFL 1.1, CSS: MIT License). . Made with love by Icons8 [ https://icons8.com/ ] using FontCustom [ https://github.com/FontCustom/fontcustom ]. . Contacts:. * [ https://icons8.com/contact ]. . Follow Icon8 on. * Twitter [ https://twitter.com/icons_8 ]. * Facebook [ https://www.facebook.com/Icons8 ]. * Google+ [ https://plus.google.com/+Icons8 ]. * GitHub [ https://github.com/icons8 ]. */.la,.la-stack{display:inline-block}.la-fw,.la-li{text-align:center}@font-face{font-family:LineAwesome;src:url(../fonts/line-awesome.eot?v=1.1.);src:url(../fonts/line-awesome.eot??v=1.1.#iefix) format("embedded-opentype"),url(../fonts/line-awesome.woff2?v=1.1.) format("woff2"),url(../fonts/line-awesome.woff?v=1.1.) format("woff"),url(../fonts/line-awesome.ttf?v=1.1.) format("truetype"),url(../fonts/line-awesome.svg?v=1.1.#fa) format("svg");font-weigh

Chrome Cache Entry: 68

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	306
Entropy (8bit):	4.648623844105592
Encrypted:	false
SSDEEP:	6:3vjkpO/Eqh/bwXLjQLMzmezk7TWKAKjgwr2GV/cgGTO:fYDqJeLQq/KUKV/cDTO
MD5:	2F717775D17BF3A581ACF2903353545F
SHA1:	C2D2CDBA08A79B51C4000AD16D7A72D91A515727
SHA-256:	9A67EEFF859EAEDEECE4420D541ED2577C19FF7599C0FB70CA53681FE20CCF95
SHA-512:	BEA380FCB94811E5C93661342A08B5BFEE89656FC0AC869C5427A216B8B54F47A9509BEC73224E6A7AD0203338A281CA1625CFA30C5E55FB2AEA67278E7A4ECA
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/manifest.json
Preview:	{. "short_name": "React App",. "name": "Create React App Sample",. "icons": [. {. "src": "favicon.ico",. "sizes": "64x64 32x32 24x24 16x16",. "type": "image/x-icon". }. ],. "start_url": ".",. "display": "standalone",. "theme_color": "#000000",. "background_color": "#ffffff".}.

Chrome Cache Entry: 69

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	2558880
Entropy (8bit):	4.937208965579254
Encrypted:	false
SSDEEP:	3072:pCdWjbz9DBua3yI+fywiv54k8Q8jC3Fwt7R4DHVA5j5g5trpxBim0+nExdxrZ9Y/:piS0IiU2EUkIUKiUY
MD5:	B1873CEA5CA06CBCB3D5FA71D8B72924
SHA1:	1008FC738E579EDC5E70E7FDF7A04869D149A259
SHA-256:	FCA4812BA3833470C5DC5870BACB63649694DDE200E64A8FF1BE6D285F2C44BF
SHA-512:	E906B56A788DBD17333D64AEEEB7C559298EB0A8783D33C994F3064DCC0FD5868A130556D286AC6FFDE6DDDEDB2C3785BEECDB7BBAE262D6477968D638B85EA9
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/assets/css/tailwind.css
Preview:	/! normalize.css v8.0.1 \| MIT License \| github.com/necolas/normalize.css /../* Document. ========================================================================== /../. 1. Correct the line height in all browsers.. * 2. Prevent adjustments of font size after orientation changes in iOS.. /..html {. line-height: 1.15; / 1 /. -webkit-text-size-adjust: 100%; / 2 /.}../ Sections. ========================================================================== /../. Remove the margin in all browsers.. /..body {. margin: 0;.}../. Render the `main` element consistently in IE.. /..main {. display: block;.}../. Correct the font size and margin on `h1` elements within `section` and. * `article` contexts in Chrome, Firefox, and Safari.. /..h1 {. font-size: 2em;. margin: 0.67em 0;.}../ Grouping content. ========================================================================== /../. 1. Add the correct box sizing in Firefox.. * 2. Show the overflow in Edge an

Chrome Cache Entry: 70

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 46, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	6507
Entropy (8bit):	7.936919305019708
Encrypted:	false
SSDEEP:	96:vViXTmqxBMSnRM9qVnPhhXManWGoW5ufdqWWbTctoXpB2VgrbACkwDMjR:vVQTZhCqZ3XMarf5kAPQtoZYcrQjR
MD5:	079198E0DCC3F16BFD74913A2F974115
SHA1:	5BAED81FE886A5A7125AD64CC311C5E2DC30E783
SHA-256:	B8895771C0644EF9F321A054357C8AA8591D7D3BEC37FA7B19CC02AFCFCB1174
SHA-512:	E5A5336AEF857EC21E4D1799DF4622CED1313BE1222D0C7F4D8C01E6D9F1AA3EEFE2EBD16D35692709EB984A9D529D3A0EA1366A1E20B8CB1854E28D6E73AD7B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...,...........$....2IDATx..].\|.U./....df....i.Z...(.M....XW..oq.&).W..b.y4i.C....[...............'.........sgB..;.I...9....M&37g...9.snN.I&.tLR.....a..<oHy..ZOs.:...F<_oso\._..L2.#...n..".=...mK.........'.._..lq."3..5.5.e.I&u.U..:....t... ..tn.l......Sz&.dR...y`=.R.u.6Pi.W...."[Y....d...)Q.L2.C..9...m.[...+.Wl..W.]O4\|_Y,\eJ.$.LjW.D.....f.Vt.+r.^..0\....0%m.l6...s9K...s_{.....t.=b........'....;...Y5GD..z.l}X,{n.~....M..nlK.....2...-..X..o/y<t.......5....~......g.sJs.;FE...9J....uA.7.B.cQ.F...&.P9..~n.x.....)....CV..9....4.k.Zz.r...B......26..D#..('.y)tZ..h;s-.....2....y...Ik!wC.?QkX..aLm,0+JJJ.5.3<7.~.A.}.i....yey.....3.3N;...D]......:.e.V4r....Ae..yb.1.../:...JBUmsD.{.7.z_......U./,"....HV#c....hy...v.qV;w=m..O...l....d..i.V....A.'.g'7v..X.(~..\4.....Kf....>....s../......6..w7...\|S...2..F......XxNE42.r......(....lw..,..L......b.A.1....yOq._i.<.`ua\|...J....J..`........'.n....e.%3.(.h..L.2.......K.........y....(....nk:.......W

Chrome Cache Entry: 71

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 68 x 68
Category:	downloaded
Size (bytes):	38457
Entropy (8bit):	7.195183027727392
Encrypted:	false
SSDEEP:	768:J+mO/KwKNHM9t2cNMRpAX22zjXa/YsJy/futletxWGEXS1pwID5sxO:J+msKwCHaHNGKX20jK/Vs/GHetYA1pwB
MD5:	D79EB93784D661C8829996FED20BA23E
SHA1:	210D59895100632989A44AA5FAE822764BA82F18
SHA-256:	118CEEC65A796477B7928B4E40DFCC49235CEB5A5B81A88870AEE37B6B04E2BB
SHA-512:	D0BF2C65F066F2296373E9DAB4314ABB6F54F85CE68559A927C131EA2EE9F3E5E0EA3ED7A0AC3ABB95E441A06F5E696E76D3BD2F62B6A0A206048E72BAD5B31B
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/static/media/dualball68px.d79eb937.gif
Preview:	GIF89aD.D.................................................................................................... !!!"""###$$$%%%&&&'''((()))**+++,,,---...///000111222333444666;;;???CCCGGGJJJLLLNNNOOOPPPQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRSSSSSSSSSSSSSSSTTTTTTTTTUUUVVVWWWXXXYYY[[[\\\^^^aaadddjjjrrrxxx~~~..............................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,....D.D........H......\....#J.H....3j.... C..I...(S.\...0c.)3\._.j..F.".V.8.Z..Gi..)]..S-l..qj....w.i...W...)....v.]t..[...!\|&..ktUd..o"Nj.6.z.p....... 68.#C!.Q.).~Y..#9r..

Chrome Cache Entry: 72

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text
Category:	downloaded
Size (bytes):	40238
Entropy (8bit):	4.982920528670533
Encrypted:	false
SSDEEP:	768:Zknfox+4blc24EwFPcLwm/7nYjFbk3HEiFkcNP8FVoXE87gAFDkNr4zo4FTFQbbb:Qo5blc24EwdcLwm/7YjUHdGcNP88XE8o
MD5:	9656936CC57CE427AF6BAF8F3A9F70B3
SHA1:	0C6FBB7447C6D29D38DC25233B605B5394589EDD
SHA-256:	72751AAD08822469CE439FB18431FD4F50F86A6D37DF879A6F595EC6B3268444
SHA-512:	7FD89339BC6B80ECA7E531C20283315CD3D3625F48D677F79F70B9AC90082BBAEF77307313CBDBE8D3AB2D3380B3A73096EE932583D0F5AD1ED3C10B0BD62BBD
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/assets/css/style.purged.css
Preview:	*,.:after,.:before {. box-sizing: border-box;.}..html {. line-height: 1.15;. -webkit-tap-highlight-color: rgba(0, 0, 0, 0);. font-size: 100%;. -webkit-text-size-adjust: 100%;. font-variant-ligatures: none;. -webkit-font-variant-ligatures: none;. text-rendering: optimizeLegibility;. -moz-osx-font-smoothing: grayscale;. -webkit-font-smoothing: antialiased;. text-shadow: rgba(0, 0, 0, 0.01) 0 0 1px;.}..body,.html {. height: 100%;.}...body,.body {. font-family: Rubik, sans-serif;. font-size: 16px;. font-weight: 400;. line-height: 1.5;. color: #1e1e1e;. text-align: left;. background-color: var(--page-bg);.}...body a {. color: var(--primary-main);. text-decoration: none;. background-color: initial;. cursor: pointer;.}..p {. color: #747474;.}...body a:focus,..body a:hover,.a:not([href]):not([tabindex]):focus,.a:not([href]):not([tabindex]):hover {. color: #0056b3;. text-decoration: none;. transition: all 0.2s;.}..ul {. margin: 0;. padding: 0;.}..ul li {. list-styl

Chrome Cache Entry: 73

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	5430
Entropy (8bit):	2.7209270279774733
Encrypted:	false
SSDEEP:	24:E+As6X5OjYp4bEZVJkeZvwnDK4lBit6ubJdhlcolwptQutJt9LSWtF4alXlAXmBQ:Gs6XwjHbqkeKVlA9/zv3urGVu1gmykQ
MD5:	449C9DD651DB589388B721EB2496F5B0
SHA1:	64F3B213A89A00F7B0940271576ECC72280236F7
SHA-256:	F9E86FB363A05F75AB3B525439D46BF4911D4CD4AE94C656C0198206374002AA
SHA-512:	410C701B5050A6D039EE82C6D1B1B596983622E35256A2628A108B20E03D8B0CC85D2033292D5E13ACE0199FFFBB34DBFE9DF82EA4161285082837056A06F2DC
Malicious:	false
Reputation:	low
Preview:	............ .h...&... .... .........(....... ..... .................................y)..y)..y).Lz)..z)..z)..z)..z)..z)..y(.Vx)..x)..........z+..y)..y)..y)..z)..z)..z)..z)..z)..z)..z)..z)..y)..y)..y)..z+..z..z..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..y)..{..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..y(..y).Vz)..z)..z)..z)..z)..z(.Py)..x(..y).Pz)..z)..z)..z)..z)..z).Lz)..z)..z)..z)..z)..y)..v+..\|'..s'..\|..y). z)..z)..z)..z)..z)..z)..z)..z)..z)..y).Pz)..s'..........z'..z..z).Qz)..z)..z)..z)..z)..z)..z)..z)..y(..y)..................z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..................z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z(.Lz)..y'..........s&..{)..y).Pz)..z)..z)..z)..z)..z)..z)..z)..z)..y)..\|..s'..w'..},..y)..z)..z)..z)..z)..z)..y).Lz)..z)..z)..z)..z)..y(.Px(..y)..y).Lz)..z)..z)..z)..z)..y).Vx)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..w)..{*..y)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..x(..y(..z+..z)..z)..z)..z)..z)..z)

Chrome Cache Entry: 74

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	65838
Entropy (8bit):	0.28903159550363
Encrypted:	false
SSDEEP:	48:LHSLcllEiocGwV9PBo+Sl2Yg/Mg9e9y9EsWmV:LHSLU1PPPu+Sl2YgEMHWc
MD5:	D1AD95EC42BD1F77E99C98727A2742F8
SHA1:	A3FF8BC557B5C7DA32F8C035FA9E7AEC718E331A
SHA-256:	9226E77677EC685D913D214CD168E41FFCAF67930C929E48604145F4017FA482
SHA-512:	8B810C92596797E01A87B8C5D4712758F8FEA2D5C5B0F869DA8C2711B08277E4FD0A2B9765501BC08B814366691FBC6AE4B6FA98B1A27A4D731DD768342A1154
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR..............>a... .IDATx..@...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 75

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65461)
Category:	dropped
Size (bytes):	4413532
Entropy (8bit):	5.626043917614758
Encrypted:	false
SSDEEP:	49152:F6kUQ/hLj+TrBABtl116vfyCNU1dUio/OdWgZ95JHaLntj/8GcnEfBo:ckUGj+T1ABypioWdWgXaBj/8GNJo
MD5:	5C0588D0F699E95EB13484E1124CFB99
SHA1:	7886FA30462F01D0C4568FFDF9A9B0CC8DED9CE2
SHA-256:	3C76EDF830950C6592D9D1DC8A808A56D4E871022F348C6134A14304B3A23A47
SHA-512:	E973249865F1DFC10DFBF9E7ED407927462C70D8D2B805A86E3256DD7879AF5BB04B81E91528C8DF4F82270DCEDC977DE17AB1AE9A084DBD5D845C5F69849735
Malicious:	false
Reputation:	low
Preview:	/! For license information please see 17.67f8cc71.chunk.js.LICENSE.txt /.(this["webpackJsonp@saviynt/host"]=this["webpackJsonp@saviynt/host"]\|\|[]).push([[17],[function(e,t,n){"use strict";e.exports=n(1131)},function(e,t,n){e.exports=n(1138)()},function(e,t,n){"use strict";e.exports=n(1290)},function(e,t,n){"use strict";function a(){return(a=Object.assign?Object.assign.bind():function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var a in n)Object.prototype.hasOwnProperty.call(n,a)&&(e[a]=n[a])}return e}).apply(this,arguments)}n.d(t,"a",(function(){return a}))},function(e,t,n){(function(e,a){var r;!function(i){var o=t,s=(e&&e.exports,"object"==typeof a&&a);s.global!==s&&s.window;var c="A range\u2019s `stop` value must be greater than or equal to the `start` value.",d="Invalid code point value. Code points range from U+000000 to U+10FFFF.",u=/\\x00([^0123456789]\|$)/g,l={},f=l.hasOwnProperty,p=function(e,t){for(var n=-1,a=e.length;++n<a;)t(e[n],n)},h=l.toString,g=functio

Chrome Cache Entry: 76

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	533255
Entropy (8bit):	5.17307559682415
Encrypted:	false
SSDEEP:	12288:I2KYOWc4N3Ao/jop8eDHvglEC1z+jmi3wlbztAdtrdciVfDPe3dM9aajU6fxHRMn:I2KYOWc4N3Ao/jop8eD4l1+jmi3wlbzd
MD5:	DD8176D7F4124BDC4311A5DB92324AC5
SHA1:	5DB91D80F8AF98F3370D091D20523CFCDA519D76
SHA-256:	0C6E5D494BF5D9D2591DB8E58FF88C0724DC4EB047F23B413B2C69F2BE6630D3
SHA-512:	906F8EA2312EEC031D69F28C711950E14221BE1EA4A45C9ED489634237E3D864623AF8C25BB4EEEC7FE7D7F3F0AAFC5C7AE5CAFB84E10FD2335F8BA2BF6EFC86
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/static/css/main.c4d2e049.chunk.css
Preview:	@import url(https://fonts.googleapis.com/css?family=Rubik:400,500);div.MuiDrawer-modal{z-index:1300!important}.advance-filter-modal{height:100%}.advance-filter-modal .advanced-filter-panel .footer{position:absolute;width:100%;bottom:0;display:flex;justify-content:flex-end;min-height:67px;box-shadow:0 -2px 4px 0 rgba(0,0,0,.12);align-items:center;padding-right:40px}.advance-filter-modal .advanced-filter-panel .footer .reset{color:var(--primary-main);font-size:12px;font-weight:500;margin-right:27px}.advanced-filter-panel .scrollbar:hover{overflow-y:scroll}.advanced-filter-panel{height:100%;position:relative;max-width:26.125rem}.advanced-filter-panel .MuiAutocomplete-tag{display:none}.advanced-filter-panel .filter-body{padding:5px 36px;height:77%!important}.advanced-filter-panel .label-div-advfil{font-weight:500;font-size:12px;color:#000;margin-bottom:0}.advanced-filter-panel .section-title{margin:0;font-size:18px;font-weight:700;color:#000}.advanced-filter-panel .advfilter-title{font-siz

Chrome Cache Entry: 77

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	2.7209270279774733
Encrypted:	false
SSDEEP:	24:E+As6X5OjYp4bEZVJkeZvwnDK4lBit6ubJdhlcolwptQutJt9LSWtF4alXlAXmBQ:Gs6XwjHbqkeKVlA9/zv3urGVu1gmykQ
MD5:	449C9DD651DB589388B721EB2496F5B0
SHA1:	64F3B213A89A00F7B0940271576ECC72280236F7
SHA-256:	F9E86FB363A05F75AB3B525439D46BF4911D4CD4AE94C656C0198206374002AA
SHA-512:	410C701B5050A6D039EE82C6D1B1B596983622E35256A2628A108B20E03D8B0CC85D2033292D5E13ACE0199FFFBB34DBFE9DF82EA4161285082837056A06F2DC
Malicious:	false
Reputation:	low
URL:	https://login.bakerhughes.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... .................................y)..y)..y).Lz)..z)..z)..z)..z)..z)..y(.Vx)..x)..........z+..y)..y)..y)..z)..z)..z)..z)..z)..z)..z)..z)..y)..y)..y)..z+..z..z..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..y)..{..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..y(..y).Vz)..z)..z)..z)..z)..z(.Py)..x(..y).Pz)..z)..z)..z)..z)..z).Lz)..z)..z)..z)..z)..y)..v+..\|'..s'..\|..y). z)..z)..z)..z)..z)..z)..z)..z)..z)..y).Pz)..s'..........z'..z..z).Qz)..z)..z)..z)..z)..z)..z)..z)..y(..y)..................z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..................z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z(.Lz)..y'..........s&..{)..y).Pz)..z)..z)..z)..z)..z)..z)..z)..z)..y)..\|..s'..w'..},..y)..z)..z)..z)..z)..z)..y).Lz)..z)..z)..z)..z)..y(.Px(..y)..y).Lz)..z)..z)..z)..z)..y).Vx)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..w)..{*..y)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..z)..x(..y(..z+..z)..z)..z)..z)..z)..z)

Chrome Cache Entry: 78

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	65838
Entropy (8bit):	0.28903159550363
Encrypted:	false
SSDEEP:	48:LHSLcllEiocGwV9PBo+Sl2Yg/Mg9e9y9EsWmV:LHSLU1PPPu+Sl2YgEMHWc
MD5:	D1AD95EC42BD1F77E99C98727A2742F8
SHA1:	A3FF8BC557B5C7DA32F8C035FA9E7AEC718E331A
SHA-256:	9226E77677EC685D913D214CD168E41FFCAF67930C929E48604145F4017FA482
SHA-512:	8B810C92596797E01A87B8C5D4712758F8FEA2D5C5B0F869DA8C2711B08277E4FD0A2B9765501BC08B814366691FBC6AE4B6FA98B1A27A4D731DD768342A1154
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/favicon.ico
Preview:	.PNG........IHDR..............>a... .IDATx..@...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 79

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (634)
Category:	downloaded
Size (bytes):	4722
Entropy (8bit):	5.3898358598245
Encrypted:	false
SSDEEP:	96:dQOLP50ZZ8DCK9cHoQOLYRwQOLEFZSQOLOQOLnVc+uJQOL+NdQOgP50ZZ8DCK9ck:DVCl+sGxUfE/VClxs5+/fvK
MD5:	F84C637018CCC6E6C79B562EEDBF99E3
SHA1:	5393C5C46C8F3C6A91F9730D0F802F6F1B6478D0
SHA-256:	DDC39A60AEA4C25F0544D490086B056B68288AEEC90D7DAAADF1F9A66EC98A1B
SHA-512:	E15405867D0EEA235B73024F16E72CEA477E451C279F57DEB9E8A0FCA4FD6284CE3BE530991F329CBFD8E628C1617F0762B528864CDEED06B302508BD9A73D21
Malicious:	false
Reputation:	low
URL:	"https://fonts.googleapis.com/css?family=Rubik:400,500"
Preview:	/* arabic /.@font-face {. font-family: 'Rubik';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nErXyi0A.woff2) format('woff2');. unicode-range: U+0600-06FF, U+0750-077F, U+0870-088E, U+0890-0891, U+0898-08E1, U+08E3-08FF, U+200C-200E, U+2010-2011, U+204F, U+2E41, U+FB50-FDFF, U+FE70-FE74, U+FE76-FEFC, U+102E0-102FB, U+10E60-10E7E, U+10EFD-10EFF, U+1EE00-1EE03, U+1EE05-1EE1F, U+1EE21-1EE22, U+1EE24, U+1EE27, U+1EE29-1EE32, U+1EE34-1EE37, U+1EE39, U+1EE3B, U+1EE42, U+1EE47, U+1EE49, U+1EE4B, U+1EE4D-1EE4F, U+1EE51-1EE52, U+1EE54, U+1EE57, U+1EE59, U+1EE5B, U+1EE5D, U+1EE5F, U+1EE61-1EE62, U+1EE64, U+1EE67-1EE6A, U+1EE6C-1EE72, U+1EE74-1EE77, U+1EE79-1EE7C, U+1EE7E, U+1EE80-1EE89, U+1EE8B-1EE9B, U+1EEA1-1EEA3, U+1EEA5-1EEA9, U+1EEAB-1EEBB, U+1EEF0-1EEF1;.}./ cyrillic-ext */.@font-face {. font-family: 'Rubik';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/rubik/v28/iJWKBXyIfDnIV7nMrXyi0A.woff2

Chrome Cache Entry: 80

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (40888)
Category:	downloaded
Size (bytes):	44665
Entropy (8bit):	5.029044755613601
Encrypted:	false
SSDEEP:	768:Zy4WEXxatgDxV67Erb6tif65WJ1mXAA0rEb6CzOZbw7/:Zy4WEBatgVV6zsf65WCXki6Yus/
MD5:	8D80CE061F9B8BB8C660C7BEC7ECA883
SHA1:	B7E25FAD179F0EA09B909765B168B9A5BD4EB47E
SHA-256:	72FCA1994ACF53C454EE45DFD407A8C8979B2502BC1B1435A126FABA9B9DE6C1
SHA-512:	470D7D75F9F200FA3F24C1EE2F79CF011D94FA056A699E0169702D6365170C166D3B41E1187D31FA736B451DBAF6EF5E37CCCE5C91A9E7BC0D087226B57EF1DE
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/static/css/17.59fb86f4.chunk.css
Preview:	@charset "UTF-8";.Dropdown-root{position:relative}.Dropdown-control{position:relative;overflow:hidden;background-color:#fff;border:1px solid #ccc;border-radius:2px;box-sizing:border-box;color:#333;cursor:default;outline:none;padding:8px 52px 8px 10px;transition:all .2s ease}.Dropdown-control:hover{box-shadow:0 1px 0 rgba(0,0,0,.06)}.Dropdown-arrow{border-color:#999 transparent transparent;border-style:solid;border-width:5px 5px 0;content:" ";display:block;height:0;margin-top:-ceil(2.5);position:absolute;right:10px;top:14px;width:0}.is-open .Dropdown-arrow{border-color:transparent transparent #999;border-width:0 5px 5px}.Dropdown-menu{background-color:#fff;border:1px solid #ccc;box-shadow:0 1px 0 rgba(0,0,0,.06);box-sizing:border-box;margin-top:-1px;max-height:200px;overflow-y:auto;position:absolute;top:100%;width:100%;z-index:1000;-webkit-overflow-scrolling:touch}.Dropdown-menu .Dropdown-group>.Dropdown-title{padding:8px 10px;color:#333;font-weight:700;text-transform:capitalize}.Dropdo

Chrome Cache Entry: 81

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (6249), with no line terminators
Category:	downloaded
Size (bytes):	6249
Entropy (8bit):	5.4767275889044145
Encrypted:	false
SSDEEP:	96:zmg/gyPtwcP3PiPstPryeT5RNFrtbOnv5kGiEiJXew5g0Rnk9vYgLPVEsG2X6Wc:/vP6+DyeT5RE3iJXew5g0+vh9t6Wc
MD5:	74C7E46736195929A1DCADC3E20583B2
SHA1:	4EB49B643CB5CD77C6BC6BC2F1CD99485A8E4988
SHA-256:	E1B7D1EEF6B650AD7DD085CF93C518608D825F0453C4F233960FCBFCA861C107
SHA-512:	FDFBCB03A309BCFB7F4E5F608B67A3DD3069F6535642DD7FDBAEFBEB79F4B7ADE70AF4598C2D31715E543235B198EDE14C65999A9CD63736D61E257BE683DEB0
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome
Preview:	<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="ui-version" content="%REACT_APP_GIT_SHA%"/><meta name="release-version" content="%REACT_APP_RELEASE_VERSION%"/><title></title><link rel="manifest" href="/manifest.json"/><link rel="icon" id="favicon" type="image/png" href="/favicon.ico" sizes="16x16"/><link href="https://fonts.googleapis.com/css?family=Rubik:400,500" rel="stylesheet" media="print" onload='this.media="all"'/><link rel="stylesheet" href="/ECMv6/assets/css/rubik-font.min.css"/><link rel="stylesheet" href="/ECMv6/assets/css/tailwind.css"/><link rel="stylesheet" href="/ECMv6/assets/css/line-awesome.min.css" media="print" onload='this.media="all"'/><link rel="stylesheet" href="/ECMv6/assets/css/bootstrap.purged.css" media="print" onload='this.media="all"'/><link rel="stylesheet" href="/ECMv6/assets/css/style.purged.css" media="print" onload='th

Chrome Cache Entry: 82

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	231
Entropy (8bit):	5.0275248595486595
Encrypted:	false
SSDEEP:	6:YWQEGOpzOTm3gV22OCWmzMnOHMJxB5OHMJjnTqrbEb7D0XjOHML:YJEGtcgemNM55oMtnTqrblzoML
MD5:	4CE05AC4B95272BDCB0903BFA8FB5827
SHA1:	AD653224A6036E4A23EDD022BF4758EB2464569C
SHA-256:	F01044F410F3D2EEE5E6E621A677FB9B4639C274D0195061FF640ED5789AB883
SHA-512:	1E80B71B4E269D1ED0103407DBBE3D048C10E2FA4BB03F4D4D4EA43FC1CF38D33F026BDEE50243B62504FC3B5B3BBF4688CB26F43D69C6D6AAAC636B2E18FDAE
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/api/config/ui-track?v=0.0009069752545964871
Preview:	{"name":"ui-track","profiles":["DEFAULT"],"propertySources":[{"source":{"PAM_SERVICES_ENABLED":"false","TASKRUNNERMS_ENABLED":"false","FEATURE_HTTPONLY_ACCESSTOKEN":"false","ES_LOGS_MAX_AGE_IN_DAYS":"7","AUTHMS_ENABLED":"false"}}]}

Chrome Cache Entry: 83

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	3684285
Entropy (8bit):	5.6716113801092005
Encrypted:	false
SSDEEP:	24576:L1DWVxIO/mph/Jf/KhXuK9PCPuKPuKLk0PLjfBBhbi/6IEeBvEWapHqqs+hdoQC:BaVxIfdEPCrk0PLjfRbi/6+EW6XoQC
MD5:	EBE166C0B8880908EDA9CB32A427FE8F
SHA1:	A5C344FFC8D8EABBA18E65899444BB78B91376C7
SHA-256:	0BB0CF8F2DE39A40AFF4AF775318C4C8EA254B14ABC228228BA94944880C2BC0
SHA-512:	594E001A4C449C2DB51A239A7F8F5FAB844B58921AB0220A9E02C4A49FC6C57AF1145D4C7E488696354100EC000EF20F001489182DC2C92CC5FA4EE713C9AC9F
Malicious:	false
Reputation:	low
URL:	https://bhge-ofse.saviyntcloud.com/ECMv6/static/js/main.ac9b2c32.chunk.js
Preview:	(this["webpackJsonp@saviynt/host"]=this["webpackJsonp@saviynt/host"]\|\|[]).push([[15],{1003:function(e,t,a){},1041:function(e,t,a){e.exports=a(2100)},109:function(e,t,a){"use strict";a.d(t,"g",(function(){return n})),a.d(t,"f",(function(){return l})),a.d(t,"d",(function(){return i})),a.d(t,"e",(function(){return o})),a.d(t,"a",(function(){return s})),a.d(t,"c",(function(){return r})),a.d(t,"b",(function(){return c})),a.d(t,"l",(function(){return d})),a.d(t,"n",(function(){return C})),a.d(t,"k",(function(){return m})),a.d(t,"m",(function(){return u})),a.d(t,"h",(function(){return p})),a.d(t,"j",(function(){return h})),a.d(t,"i",(function(){return g}));const n="kpiForm/neworupdateKpiFormCode",l="kpiForm/updateKPIAttributes",i="kpiForm/newKPIAttributes",o="kpiForm/REFRESH_HOME_KPI",s="kpiForm/FETCH_FEATURE_NAME_LIST",r="kpiForm/FETCH_FEATURE_NAME_LIST_SUCCESS",c="kpiForm/FETCH_FEATURE_NAME_LIST_FAILURE",d=(e,t)=>{let{codeStr:a,fileName:l}=e;return{type:n,payload:{resourceBody:a,fileName:l,

Chrome Cache Entry: 84

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 300 x 46, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	6507
Entropy (8bit):	7.936919305019708
Encrypted:	false
SSDEEP:	96:vViXTmqxBMSnRM9qVnPhhXManWGoW5ufdqWWbTctoXpB2VgrbACkwDMjR:vVQTZhCqZ3XMarf5kAPQtoZYcrQjR
MD5:	079198E0DCC3F16BFD74913A2F974115
SHA1:	5BAED81FE886A5A7125AD64CC311C5E2DC30E783
SHA-256:	B8895771C0644EF9F321A054357C8AA8591D7D3BEC37FA7B19CC02AFCFCB1174
SHA-512:	E5A5336AEF857EC21E4D1799DF4622CED1313BE1222D0C7F4D8C01E6D9F1AA3EEFE2EBD16D35692709EB984A9D529D3A0EA1366A1E20B8CB1854E28D6E73AD7B
Malicious:	false
Reputation:	low
URL:	https://ok7static.oktacdn.com/fs/bco/1/fs0tfevy7o2rpptBi357
Preview:	.PNG........IHDR...,...........$....2IDATx..].\|.U./....df....i.Z...(.M....XW..oq.&).W..b.y4i.C....[...............'.........sgB..;.I...9....M&37g...9.snN.I&.tLR.....a..<oHy..ZOs.:...F<_oso\._..L2.#...n..".=...mK.........'.._..lq."3..5.5.e.I&u.U..:....t... ..tn.l......Sz&.dR...y`=.R.u.6Pi.W...."[Y....d...)Q.L2.C..9...m.[...+.Wl..W.]O4\|_Y,\eJ.$.LjW.D.....f.Vt.+r.^..0\....0%m.l6...s9K...s_{.....t.=b........'....;...Y5GD..z.l}X,{n.~....M..nlK.....2...-..X..o/y<t.......5....~......g.sJs.;FE...9J....uA.7.B.cQ.F...&.P9..~n.x.....)....CV..9....4.k.Zz.r...B......26..D#..('.y)tZ..h;s-.....2....y...Ik!wC.?QkX..aLm,0+JJJ.5.3<7.~.A.}.i....yey.....3.3N;...D]......:.e.V4r....Ae..yb.1.../:...JBUmsD.{.7.z_......U./,"....HV#c....hy...v.qV;w=m..O...l....d..i.V....A.'.g'7v..X.(~..\4.....Kf....>....s../......6..w7...\|S...2..F......XxNE42.r......(....lw..,..L......b.A.1....yOq._i.<.`ua\|...J....J..`........'.n....e.%3.(.h..L.2.......K.........y....(....nk:.......W

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2024 22:07:48.141813993 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 28, 2024 22:07:57.751085997 CEST	49675	443	192.168.2.4	173.222.162.32
Aug 28, 2024 22:08:02.315079927 CEST	49747	443	192.168.2.4	172.217.23.100
Aug 28, 2024 22:08:02.315104008 CEST	443	49747	172.217.23.100	192.168.2.4
Aug 28, 2024 22:08:02.315237999 CEST	49747	443	192.168.2.4	172.217.23.100
Aug 28, 2024 22:08:02.318365097 CEST	49747	443	192.168.2.4	172.217.23.100
Aug 28, 2024 22:08:02.318381071 CEST	443	49747	172.217.23.100	192.168.2.4
Aug 28, 2024 22:08:02.997246981 CEST	443	49747	172.217.23.100	192.168.2.4
Aug 28, 2024 22:08:03.002665997 CEST	49747	443	192.168.2.4	172.217.23.100
Aug 28, 2024 22:08:03.002679110 CEST	443	49747	172.217.23.100	192.168.2.4
Aug 28, 2024 22:08:03.003532887 CEST	443	49747	172.217.23.100	192.168.2.4
Aug 28, 2024 22:08:03.003623962 CEST	49747	443	192.168.2.4	172.217.23.100
Aug 28, 2024 22:08:03.009516001 CEST	49747	443	192.168.2.4	172.217.23.100
Aug 28, 2024 22:08:03.009573936 CEST	443	49747	172.217.23.100	192.168.2.4
Aug 28, 2024 22:08:03.063514948 CEST	49747	443	192.168.2.4	172.217.23.100
Aug 28, 2024 22:08:03.063527107 CEST	443	49747	172.217.23.100	192.168.2.4
Aug 28, 2024 22:08:03.109091043 CEST	49747	443	192.168.2.4	172.217.23.100
Aug 28, 2024 22:08:03.351907015 CEST	49752	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:03.351931095 CEST	443	49752	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:03.352085114 CEST	49752	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:03.354707956 CEST	49752	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:03.354718924 CEST	443	49752	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:03.980307102 CEST	443	49752	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:03.980392933 CEST	49752	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:04.198210001 CEST	49752	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:04.198223114 CEST	443	49752	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:04.198945045 CEST	443	49752	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:04.236578941 CEST	49752	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:04.284501076 CEST	443	49752	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:04.412394047 CEST	443	49752	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:04.412506104 CEST	443	49752	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:04.412601948 CEST	49752	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:04.412622929 CEST	443	49752	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:04.412640095 CEST	49752	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:04.412647963 CEST	443	49752	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:04.451338053 CEST	49753	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:04.451364994 CEST	443	49753	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:04.451550007 CEST	49753	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:04.451875925 CEST	49753	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:04.451886892 CEST	443	49753	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:05.070441008 CEST	443	49753	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:05.070501089 CEST	49753	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:05.076291084 CEST	49753	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:05.076297045 CEST	443	49753	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:05.076525927 CEST	443	49753	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:05.087574959 CEST	49753	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:05.132502079 CEST	443	49753	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:05.330483913 CEST	443	49753	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:05.330530882 CEST	443	49753	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:05.330593109 CEST	49753	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:05.333908081 CEST	49753	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:05.333919048 CEST	443	49753	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:05.333936930 CEST	49753	443	192.168.2.4	23.53.114.19
Aug 28, 2024 22:08:05.333942890 CEST	443	49753	23.53.114.19	192.168.2.4
Aug 28, 2024 22:08:10.701200008 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:10.701227903 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:10.701628923 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:10.702764034 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:10.702773094 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:10.864305973 CEST	49768	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:10.864335060 CEST	443	49768	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:10.865277052 CEST	49769	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:10.865308046 CEST	443	49769	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:10.865343094 CEST	49768	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:10.865680933 CEST	49769	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:10.865984917 CEST	49768	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:10.866005898 CEST	443	49768	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:10.866348982 CEST	49769	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:10.866359949 CEST	443	49769	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.503479958 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:11.505141973 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:11.509145021 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:11.509162903 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:11.509417057 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:11.565560102 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:11.603861094 CEST	443	49768	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.606595993 CEST	443	49769	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.637192965 CEST	49768	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.637203932 CEST	443	49768	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.638150930 CEST	443	49768	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.639534950 CEST	49769	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.639547110 CEST	49768	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.639555931 CEST	443	49769	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.640542030 CEST	443	49769	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.641136885 CEST	49769	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.729152918 CEST	49768	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.729218006 CEST	443	49768	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.739597082 CEST	49769	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.739706039 CEST	443	49769	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.740003109 CEST	49768	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.740003109 CEST	49768	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.740019083 CEST	443	49768	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.780497074 CEST	443	49768	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.781927109 CEST	49768	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.798387051 CEST	49769	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.798407078 CEST	443	49769	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.844039917 CEST	49769	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.948076010 CEST	443	49768	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.948118925 CEST	443	49768	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.948141098 CEST	443	49768	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.948163986 CEST	49768	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.948219061 CEST	49768	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.949959993 CEST	49768	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:11.949976921 CEST	443	49768	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:11.973968029 CEST	49769	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:12.020493031 CEST	443	49769	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:12.151525974 CEST	443	49769	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:12.151544094 CEST	443	49769	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:12.151587009 CEST	443	49769	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:12.151609898 CEST	49769	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:12.151648045 CEST	49769	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:12.152760983 CEST	49769	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:12.152774096 CEST	443	49769	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:12.153553963 CEST	49773	443	192.168.2.4	18.65.39.13
Aug 28, 2024 22:08:12.153613091 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:12.153673887 CEST	49773	443	192.168.2.4	18.65.39.13
Aug 28, 2024 22:08:12.154460907 CEST	49773	443	192.168.2.4	18.65.39.13
Aug 28, 2024 22:08:12.154479980 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:12.267076015 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:12.312489986 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:12.522806883 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:12.522830963 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:12.522840023 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:12.522885084 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:12.522887945 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:12.522911072 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:12.522918940 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:12.522939920 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:12.522955894 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:12.522955894 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:12.522984028 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:12.523133039 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:12.523188114 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:12.523195028 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:12.523325920 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:12.523370028 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:12.851422071 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:12.852257967 CEST	49773	443	192.168.2.4	18.65.39.13
Aug 28, 2024 22:08:12.852297068 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:12.853189945 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:12.853312969 CEST	49773	443	192.168.2.4	18.65.39.13
Aug 28, 2024 22:08:12.854289055 CEST	49773	443	192.168.2.4	18.65.39.13
Aug 28, 2024 22:08:12.854348898 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:12.854487896 CEST	49773	443	192.168.2.4	18.65.39.13
Aug 28, 2024 22:08:12.900499105 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:12.905653954 CEST	49773	443	192.168.2.4	18.65.39.13
Aug 28, 2024 22:08:12.905673981 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:12.914072990 CEST	443	49747	172.217.23.100	192.168.2.4
Aug 28, 2024 22:08:12.914119005 CEST	443	49747	172.217.23.100	192.168.2.4
Aug 28, 2024 22:08:12.914346933 CEST	49747	443	192.168.2.4	172.217.23.100
Aug 28, 2024 22:08:12.951482058 CEST	49773	443	192.168.2.4	18.65.39.13
Aug 28, 2024 22:08:13.013653040 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:13.013672113 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:13.013685942 CEST	49767	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:13.013691902 CEST	443	49767	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:13.727457047 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:13.727475882 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:13.727480888 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:13.727555990 CEST	49773	443	192.168.2.4	18.65.39.13
Aug 28, 2024 22:08:13.727596045 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:13.727920055 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:13.727968931 CEST	49773	443	192.168.2.4	18.65.39.13
Aug 28, 2024 22:08:13.728535891 CEST	49773	443	192.168.2.4	18.65.39.13
Aug 28, 2024 22:08:13.728555918 CEST	443	49773	18.65.39.13	192.168.2.4
Aug 28, 2024 22:08:13.737714052 CEST	49747	443	192.168.2.4	172.217.23.100
Aug 28, 2024 22:08:13.737736940 CEST	443	49747	172.217.23.100	192.168.2.4
Aug 28, 2024 22:08:13.738169909 CEST	49777	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:13.738209963 CEST	443	49777	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:13.740865946 CEST	49777	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:13.741558075 CEST	49777	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:13.741569996 CEST	443	49777	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:13.763731003 CEST	49778	443	192.168.2.4	3.161.82.77
Aug 28, 2024 22:08:13.763766050 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:13.763823032 CEST	49778	443	192.168.2.4	3.161.82.77
Aug 28, 2024 22:08:13.764050961 CEST	49778	443	192.168.2.4	3.161.82.77
Aug 28, 2024 22:08:13.764061928 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:14.492444992 CEST	443	49777	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:14.492964983 CEST	49777	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:14.492986917 CEST	443	49777	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:14.493285894 CEST	443	49777	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:14.494281054 CEST	49777	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:14.494333982 CEST	443	49777	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:14.495069027 CEST	49777	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:14.540499926 CEST	443	49777	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:14.557184935 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:14.568219900 CEST	49778	443	192.168.2.4	3.161.82.77
Aug 28, 2024 22:08:14.568269014 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:14.569190979 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:14.569262981 CEST	49778	443	192.168.2.4	3.161.82.77
Aug 28, 2024 22:08:14.571686983 CEST	49778	443	192.168.2.4	3.161.82.77
Aug 28, 2024 22:08:14.571738005 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:14.572052002 CEST	49778	443	192.168.2.4	3.161.82.77
Aug 28, 2024 22:08:14.572061062 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:14.611843109 CEST	49778	443	192.168.2.4	3.161.82.77
Aug 28, 2024 22:08:14.672024965 CEST	443	49777	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:14.672043085 CEST	443	49777	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:14.672087908 CEST	443	49777	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:14.672096968 CEST	49777	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:14.672133923 CEST	49777	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:14.676738024 CEST	49777	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:14.676749945 CEST	443	49777	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:14.822917938 CEST	49780	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:14.822949886 CEST	443	49780	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:14.823009968 CEST	49780	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:14.823734045 CEST	49780	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:14.823745012 CEST	443	49780	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:14.848700047 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:14.849292994 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:14.849335909 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:14.849349976 CEST	49778	443	192.168.2.4	3.161.82.77
Aug 28, 2024 22:08:14.849375010 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:14.849411964 CEST	49778	443	192.168.2.4	3.161.82.77
Aug 28, 2024 22:08:14.849419117 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:14.849440098 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:14.849481106 CEST	49778	443	192.168.2.4	3.161.82.77
Aug 28, 2024 22:08:14.850970030 CEST	49778	443	192.168.2.4	3.161.82.77
Aug 28, 2024 22:08:14.850984097 CEST	443	49778	3.161.82.77	192.168.2.4
Aug 28, 2024 22:08:15.535375118 CEST	443	49780	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:15.535734892 CEST	49780	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:15.535752058 CEST	443	49780	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:15.536786079 CEST	443	49780	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:15.536847115 CEST	49780	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:15.537252903 CEST	49780	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:15.537309885 CEST	443	49780	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:15.537529945 CEST	49780	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:15.537535906 CEST	443	49780	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:15.581140995 CEST	49780	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:15.711998940 CEST	443	49780	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:15.712022066 CEST	443	49780	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:15.712080956 CEST	443	49780	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:15.712107897 CEST	49780	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:15.712789059 CEST	49780	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:15.713028908 CEST	49780	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:15.713042021 CEST	443	49780	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:20.588852882 CEST	49781	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:20.588881016 CEST	443	49781	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:20.588963985 CEST	49781	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:20.589124918 CEST	49782	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:20.589131117 CEST	443	49782	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:20.589339018 CEST	49781	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:20.589349031 CEST	443	49781	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:20.589374065 CEST	49782	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:20.589776993 CEST	49782	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:20.589786053 CEST	443	49782	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:21.276504993 CEST	443	49782	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:21.276937962 CEST	49782	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:21.276951075 CEST	443	49782	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:21.277231932 CEST	443	49782	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:21.277631044 CEST	49782	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:21.277681112 CEST	443	49782	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:21.277853012 CEST	49782	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:21.307293892 CEST	443	49781	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:21.307558060 CEST	49781	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:21.307565928 CEST	443	49781	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:21.307857990 CEST	443	49781	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:21.308319092 CEST	49781	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:21.308381081 CEST	443	49781	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:21.320502043 CEST	443	49782	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:21.361915112 CEST	49781	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:21.508130074 CEST	443	49782	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:21.508145094 CEST	443	49782	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:21.508186102 CEST	443	49782	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:21.508213043 CEST	49782	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:21.508271933 CEST	49782	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:21.748016119 CEST	49782	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:08:21.748029947 CEST	443	49782	15.197.151.86	192.168.2.4
Aug 28, 2024 22:08:49.569062948 CEST	49783	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:49.569096088 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:49.569233894 CEST	49783	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:49.569608927 CEST	49783	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:49.569621086 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.346852064 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.346919060 CEST	49783	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:50.351092100 CEST	49783	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:50.351099968 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.351298094 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.359899998 CEST	49783	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:50.404494047 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.758693933 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.758713961 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.758728027 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.758977890 CEST	49783	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:50.759001970 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.759119034 CEST	49783	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:50.760040045 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.760081053 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.760113001 CEST	49783	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:50.760117054 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.760142088 CEST	49783	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:50.760360956 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.760559082 CEST	49783	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:50.764260054 CEST	49783	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:50.764260054 CEST	49783	443	192.168.2.4	20.114.59.183
Aug 28, 2024 22:08:50.764275074 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:08:50.764281988 CEST	443	49783	20.114.59.183	192.168.2.4
Aug 28, 2024 22:09:02.367140055 CEST	49785	443	192.168.2.4	142.250.185.68
Aug 28, 2024 22:09:02.367173910 CEST	443	49785	142.250.185.68	192.168.2.4
Aug 28, 2024 22:09:02.367233992 CEST	49785	443	192.168.2.4	142.250.185.68
Aug 28, 2024 22:09:02.368060112 CEST	49785	443	192.168.2.4	142.250.185.68
Aug 28, 2024 22:09:02.368078947 CEST	443	49785	142.250.185.68	192.168.2.4
Aug 28, 2024 22:09:03.023133993 CEST	443	49785	142.250.185.68	192.168.2.4
Aug 28, 2024 22:09:03.023435116 CEST	49785	443	192.168.2.4	142.250.185.68
Aug 28, 2024 22:09:03.023471117 CEST	443	49785	142.250.185.68	192.168.2.4
Aug 28, 2024 22:09:03.023767948 CEST	443	49785	142.250.185.68	192.168.2.4
Aug 28, 2024 22:09:03.024101019 CEST	49785	443	192.168.2.4	142.250.185.68
Aug 28, 2024 22:09:03.024162054 CEST	443	49785	142.250.185.68	192.168.2.4
Aug 28, 2024 22:09:03.078147888 CEST	49785	443	192.168.2.4	142.250.185.68
Aug 28, 2024 22:09:04.578452110 CEST	49723	80	192.168.2.4	93.184.221.240
Aug 28, 2024 22:09:04.578716040 CEST	49724	80	192.168.2.4	93.184.221.240
Aug 28, 2024 22:09:04.584733009 CEST	80	49723	93.184.221.240	192.168.2.4
Aug 28, 2024 22:09:04.584836960 CEST	49723	80	192.168.2.4	93.184.221.240
Aug 28, 2024 22:09:04.584947109 CEST	80	49724	93.184.221.240	192.168.2.4
Aug 28, 2024 22:09:04.584990978 CEST	49724	80	192.168.2.4	93.184.221.240
Aug 28, 2024 22:09:06.312479019 CEST	49781	443	192.168.2.4	15.197.151.86
Aug 28, 2024 22:09:06.312500954 CEST	443	49781	15.197.151.86	192.168.2.4
Aug 28, 2024 22:09:12.924122095 CEST	443	49785	142.250.185.68	192.168.2.4
Aug 28, 2024 22:09:12.924176931 CEST	443	49785	142.250.185.68	192.168.2.4
Aug 28, 2024 22:09:12.924227953 CEST	49785	443	192.168.2.4	142.250.185.68
Aug 28, 2024 22:09:14.772841930 CEST	49785	443	192.168.2.4	142.250.185.68
Aug 28, 2024 22:09:14.772891045 CEST	443	49785	142.250.185.68	192.168.2.4
Aug 28, 2024 22:09:21.367824078 CEST	443	49781	15.197.151.86	192.168.2.4
Aug 28, 2024 22:09:21.367888927 CEST	443	49781	15.197.151.86	192.168.2.4
Aug 28, 2024 22:09:21.367938995 CEST	49781	443	192.168.2.4	15.197.151.86

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 28, 2024 22:07:58.332592010 CEST	53	63953	1.1.1.1	192.168.2.4
Aug 28, 2024 22:07:58.386246920 CEST	53	62024	1.1.1.1	192.168.2.4
Aug 28, 2024 22:07:59.353426933 CEST	53	54036	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:00.273691893 CEST	62229	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:00.273989916 CEST	53413	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:01.739895105 CEST	53	53051	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:02.304773092 CEST	60385	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:02.305469036 CEST	64067	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:02.311970949 CEST	53	60385	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:02.312602997 CEST	53	64067	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:02.888887882 CEST	53	49199	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:05.289407969 CEST	51196	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:05.289938927 CEST	49657	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:10.696573019 CEST	61036	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:10.697114944 CEST	62415	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:10.781639099 CEST	53	61036	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:10.974411011 CEST	53	62415	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:11.975116968 CEST	61333	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:11.975440979 CEST	60407	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:12.005939960 CEST	53	60407	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:12.152327061 CEST	53	61333	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:13.740804911 CEST	51028	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:13.741123915 CEST	64944	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:13.751152039 CEST	53	51028	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:13.763305902 CEST	53	64944	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:14.690084934 CEST	49693	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:14.690711975 CEST	61598	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:08:14.791356087 CEST	53	61598	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:14.821508884 CEST	53	49693	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:16.148623943 CEST	138	138	192.168.2.4	192.168.2.255
Aug 28, 2024 22:08:16.881701946 CEST	53	49710	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:35.889719009 CEST	53	63701	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:57.840495110 CEST	53	58797	1.1.1.1	192.168.2.4
Aug 28, 2024 22:08:58.560878038 CEST	53	52596	1.1.1.1	192.168.2.4
Aug 28, 2024 22:09:02.356801033 CEST	49797	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:09:02.357264996 CEST	49359	53	192.168.2.4	1.1.1.1
Aug 28, 2024 22:09:02.364111900 CEST	53	49359	1.1.1.1	192.168.2.4
Aug 28, 2024 22:09:02.364649057 CEST	53	49797	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Aug 28, 2024 22:08:10.974710941 CEST	192.168.2.4	1.1.1.1	c2e3	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 28, 2024 22:08:00.273691893 CEST	192.168.2.4	1.1.1.1	0xe7b4	Standard query (0)	bhge-ofse.saviyntcloud.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:00.273989916 CEST	192.168.2.4	1.1.1.1	0x4455	Standard query (0)	bhge-ofse.saviyntcloud.com	65	IN (0x0001)	false
Aug 28, 2024 22:08:02.304773092 CEST	192.168.2.4	1.1.1.1	0x40ba	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:02.305469036 CEST	192.168.2.4	1.1.1.1	0x75da	Standard query (0)	www.google.com	65	IN (0x0001)	false
Aug 28, 2024 22:08:05.289407969 CEST	192.168.2.4	1.1.1.1	0x95e0	Standard query (0)	bhge-ofse.saviyntcloud.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:05.289938927 CEST	192.168.2.4	1.1.1.1	0xc076	Standard query (0)	bhge-ofse.saviyntcloud.com	65	IN (0x0001)	false
Aug 28, 2024 22:08:10.696573019 CEST	192.168.2.4	1.1.1.1	0x162d	Standard query (0)	login.bakerhughes.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:10.697114944 CEST	192.168.2.4	1.1.1.1	0xf551	Standard query (0)	login.bakerhughes.com	65	IN (0x0001)	false
Aug 28, 2024 22:08:11.975116968 CEST	192.168.2.4	1.1.1.1	0x43fe	Standard query (0)	ok7static.oktacdn.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:11.975440979 CEST	192.168.2.4	1.1.1.1	0x50af	Standard query (0)	ok7static.oktacdn.com	65	IN (0x0001)	false
Aug 28, 2024 22:08:13.740804911 CEST	192.168.2.4	1.1.1.1	0xbb20	Standard query (0)	ok7static.oktacdn.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:13.741123915 CEST	192.168.2.4	1.1.1.1	0xe1d0	Standard query (0)	ok7static.oktacdn.com	65	IN (0x0001)	false
Aug 28, 2024 22:08:14.690084934 CEST	192.168.2.4	1.1.1.1	0x145a	Standard query (0)	login.bakerhughes.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:14.690711975 CEST	192.168.2.4	1.1.1.1	0x310	Standard query (0)	login.bakerhughes.com	65	IN (0x0001)	false
Aug 28, 2024 22:09:02.356801033 CEST	192.168.2.4	1.1.1.1	0xcccb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:09:02.357264996 CEST	192.168.2.4	1.1.1.1	0xd677	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 28, 2024 22:08:00.293016911 CEST	1.1.1.1	192.168.2.4	0xe7b4	No error (0)	bhge-ofse.saviyntcloud.com	bhge-ofse.saviyntcloud.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:00.293987036 CEST	1.1.1.1	192.168.2.4	0x4455	No error (0)	bhge-ofse.saviyntcloud.com	bhge-ofse.saviyntcloud.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:02.311970949 CEST	1.1.1.1	192.168.2.4	0x40ba	No error (0)	www.google.com		172.217.23.100	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:02.312602997 CEST	1.1.1.1	192.168.2.4	0x75da	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 28, 2024 22:08:05.308758020 CEST	1.1.1.1	192.168.2.4	0x95e0	No error (0)	bhge-ofse.saviyntcloud.com	bhge-ofse.saviyntcloud.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:05.311955929 CEST	1.1.1.1	192.168.2.4	0xc076	No error (0)	bhge-ofse.saviyntcloud.com	bhge-ofse.saviyntcloud.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:10.781639099 CEST	1.1.1.1	192.168.2.4	0x162d	No error (0)	login.bakerhughes.com	bhconnect.customdomains.okta.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:10.781639099 CEST	1.1.1.1	192.168.2.4	0x162d	No error (0)	bhconnect.customdomains.okta.com	ok7-custom-crtrs.okta.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:10.781639099 CEST	1.1.1.1	192.168.2.4	0x162d	No error (0)	ok7-custom-crtrs.okta.com	ok7-custom-crtrs.oktaedge.okta.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:10.781639099 CEST	1.1.1.1	192.168.2.4	0x162d	No error (0)	ok7-custom-crtrs.oktaedge.okta.com	a9d4dea8e2661b2ed.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:10.781639099 CEST	1.1.1.1	192.168.2.4	0x162d	No error (0)	a9d4dea8e2661b2ed.awsglobalaccelerator.com		15.197.151.86	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:10.781639099 CEST	1.1.1.1	192.168.2.4	0x162d	No error (0)	a9d4dea8e2661b2ed.awsglobalaccelerator.com		3.33.152.248	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:10.974411011 CEST	1.1.1.1	192.168.2.4	0xf551	No error (0)	login.bakerhughes.com	bhconnect.customdomains.okta.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:10.974411011 CEST	1.1.1.1	192.168.2.4	0xf551	No error (0)	bhconnect.customdomains.okta.com	ok7-custom-crtrs.okta.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:10.974411011 CEST	1.1.1.1	192.168.2.4	0xf551	No error (0)	ok7-custom-crtrs.okta.com	ok7-custom-crtrs.oktaedge.okta.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:10.974411011 CEST	1.1.1.1	192.168.2.4	0xf551	No error (0)	ok7-custom-crtrs.oktaedge.okta.com	a9d4dea8e2661b2ed.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:12.005939960 CEST	1.1.1.1	192.168.2.4	0x50af	No error (0)	ok7static.oktacdn.com	d3l0l8wekhoecn.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:12.152327061 CEST	1.1.1.1	192.168.2.4	0x43fe	No error (0)	ok7static.oktacdn.com	d3l0l8wekhoecn.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:12.152327061 CEST	1.1.1.1	192.168.2.4	0x43fe	No error (0)	d3l0l8wekhoecn.cloudfront.net		18.65.39.13	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:12.152327061 CEST	1.1.1.1	192.168.2.4	0x43fe	No error (0)	d3l0l8wekhoecn.cloudfront.net		18.65.39.11	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:12.152327061 CEST	1.1.1.1	192.168.2.4	0x43fe	No error (0)	d3l0l8wekhoecn.cloudfront.net		18.65.39.5	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:12.152327061 CEST	1.1.1.1	192.168.2.4	0x43fe	No error (0)	d3l0l8wekhoecn.cloudfront.net		18.65.39.46	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:13.751152039 CEST	1.1.1.1	192.168.2.4	0xbb20	No error (0)	ok7static.oktacdn.com	d3l0l8wekhoecn.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:13.751152039 CEST	1.1.1.1	192.168.2.4	0xbb20	No error (0)	d3l0l8wekhoecn.cloudfront.net		3.161.82.77	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:13.751152039 CEST	1.1.1.1	192.168.2.4	0xbb20	No error (0)	d3l0l8wekhoecn.cloudfront.net		3.161.82.47	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:13.751152039 CEST	1.1.1.1	192.168.2.4	0xbb20	No error (0)	d3l0l8wekhoecn.cloudfront.net		3.161.82.15	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:13.751152039 CEST	1.1.1.1	192.168.2.4	0xbb20	No error (0)	d3l0l8wekhoecn.cloudfront.net		3.161.82.2	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:13.763305902 CEST	1.1.1.1	192.168.2.4	0xe1d0	No error (0)	ok7static.oktacdn.com	d3l0l8wekhoecn.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:14.791356087 CEST	1.1.1.1	192.168.2.4	0x310	No error (0)	login.bakerhughes.com	bhconnect.customdomains.okta.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:14.791356087 CEST	1.1.1.1	192.168.2.4	0x310	No error (0)	bhconnect.customdomains.okta.com	ok7-custom-crtrs.okta.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:14.791356087 CEST	1.1.1.1	192.168.2.4	0x310	No error (0)	ok7-custom-crtrs.okta.com	ok7-custom-crtrs.oktaedge.okta.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:14.791356087 CEST	1.1.1.1	192.168.2.4	0x310	No error (0)	ok7-custom-crtrs.oktaedge.okta.com	a9d4dea8e2661b2ed.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:14.821508884 CEST	1.1.1.1	192.168.2.4	0x145a	No error (0)	login.bakerhughes.com	bhconnect.customdomains.okta.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:14.821508884 CEST	1.1.1.1	192.168.2.4	0x145a	No error (0)	bhconnect.customdomains.okta.com	ok7-custom-crtrs.okta.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:14.821508884 CEST	1.1.1.1	192.168.2.4	0x145a	No error (0)	ok7-custom-crtrs.okta.com	ok7-custom-crtrs.oktaedge.okta.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:14.821508884 CEST	1.1.1.1	192.168.2.4	0x145a	No error (0)	ok7-custom-crtrs.oktaedge.okta.com	a9d4dea8e2661b2ed.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 28, 2024 22:08:14.821508884 CEST	1.1.1.1	192.168.2.4	0x145a	No error (0)	a9d4dea8e2661b2ed.awsglobalaccelerator.com		15.197.151.86	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:08:14.821508884 CEST	1.1.1.1	192.168.2.4	0x145a	No error (0)	a9d4dea8e2661b2ed.awsglobalaccelerator.com		3.33.152.248	A (IP address)	IN (0x0001)	false
Aug 28, 2024 22:09:02.364111900 CEST	1.1.1.1	192.168.2.4	0xd677	No error (0)	www.google.com			65	IN (0x0001)	false
Aug 28, 2024 22:09:02.364649057 CEST	1.1.1.1	192.168.2.4	0xcccb	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

https:

login.bakerhughes.com

ok7static.oktacdn.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49752	23.53.114.19	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 20:08:04 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-28 20:08:04 UTC	495	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=221304 Date: Wed, 28 Aug 2024 20:08:04 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49753	23.53.114.19	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 20:08:05 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-08-28 20:08:05 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=221349 Date: Wed, 28 Aug 2024 20:08:05 GMT Content-Length: 55 Connection: close X-CID: 2
2024-08-28 20:08:05 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49768	15.197.151.86	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-28 20:08:11 UTC	917	OUT	POST /app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml HTTP/1.1 Host: login.bakerhughes.com Connection: keep-alive Content-Length: 862 Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 Origin: https://bhge-ofse.saviyntcloud.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://bhge-ofse.saviyntcloud.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 20:08:11 UTC	862	OUT	Data Raw: 53 41 4d 4c 52 65 71 75 65 73 74 3d 50 44 39 34 62 57 77 67 64 6d 56 79 63 32 6c 76 62 6a 30 69 4d 53 34 77 49 69 42 6c 62 6d 4e 76 5a 47 6c 75 5a 7a 30 69 56 56 52 47 4c 54 67 69 50 7a 34 4b 50 48 4e 68 62 57 77 79 63 44 70 42 64 58 52 6f 62 6c 4a 6c 63 58 56 6c 63 33 51 67 51 58 4e 7a 5a 58 4a 30 61 57 39 75 51 32 39 75 63 33 56 74 5a 58 4a 54 5a 58 4a 32 61 57 4e 6c 56 56 4a 4d 50 53 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 4a 6f 5a 32 55 74 62 32 5a 7a 5a 53 35 7a 59 58 5a 70 65 57 35 30 59 32 78 76 64 57 51 75 59 32 39 74 4c 30 56 44 54 53 39 7a 59 57 31 73 4c 31 4e 54 54 79 39 68 62 47 6c 68 63 79 39 54 59 58 5a 70 65 57 35 30 55 31 41 69 49 45 52 6c 63 33 52 70 62 6d 46 30 61 57 39 75 50 53 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 78 76 5a 32 6c 75 4c 6d 4a Data Ascii: SAMLRequest=PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNhbWwycDpBdXRoblJlcXVlc3QgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwczovL2JoZ2Utb2ZzZS5zYXZpeW50Y2xvdWQuY29tL0VDTS9zYW1sL1NTTy9hbGlhcy9TYXZpeW50U1AiIERlc3RpbmF0aW9uPSJodHRwczovL2xvZ2luLmJ
2024-08-28 20:08:11 UTC	1973	IN	HTTP/1.1 403 Forbidden Date: Wed, 28 Aug 2024 20:08:11 GMT Server: nginx Content-Type: text/html;charset=utf-8 Content-Length: 1810 Vary: Accept-Encoding x-okta-request-id: Zs-Dq4YRsbmO6YLpn_hEwAAABik x-xss-protection: 0 content-security-policy: frame-ancestors 'self' referrer-policy: strict-origin-when-cross-origin accept-ch: Sec-CH-UA-Platform-Version cache-control: no-cache, no-store pragma: no-cache expires: 0 content-security-policy-report-only: default-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; connect-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com .oktacdn.com .mixpanel.com .mapbox.com .mtls.okta.com bhconnect.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; style-src 'unsafe-inline' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; frame-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com login.okta.com .vidyard.com; img-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com .tiles.mapbox.com .mapbox.com .vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' bhconnect.okta. [TRUNCATED] x-frame-options: SAMEORIGIN x-content-type-options: nosniff content-language: en Strict-Transport-Security: max-age=315360000; includeSubDomains set-cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; Path=/; Secure; HttpOnly set-cookie: t=default; Path=/ set-cookie: DT=DI16SriRKWjQp2W1HLhAMMtsw;Version=1;Path=/;Max-Age=63072000;Secure;Expires=Fri, 28 Aug 2026 20:08:11 GMT;HttpOnly;SameSite=None Connection: close
2024-08-28 20:08:11 UTC	1810	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 22 20 2f 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 61 6b 65 72 20 48 75 67 68 65 73 20 2d 20 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 Data Ascii: <html><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="robots" content="none" /> <title>Baker Hughes - Access Forbidden</title

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49769	15.197.151.86	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-28 20:08:11 UTC	786	OUT	GET /assets/css/sections/errors-v2.css HTTP/1.1 Host: login.bakerhughes.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
2024-08-28 20:08:12 UTC	558	IN	HTTP/1.1 200 OK Date: Wed, 28 Aug 2024 20:08:12 GMT Server: nginx Content-Type: text/css Content-Length: 1911 Vary: Accept-Encoding Last-Modified: Thu, 03 Nov 2022 21:54:24 GMT ETag: "80127ba5c47706686501006723ba83da" x-amz-meta-sha1sum: a0af4ecf251187b0203ff095d16f850cc57a38c1 Expires: Thu, 28 Aug 2025 20:08:12 GMT Cache-Control: max-age=31536000 Cache-Control: public,max-age=31536000,s-maxage=1814400 Strict-Transport-Security: max-age=315360000; includeSubDomains Access-Control-Allow-Origin: * Accept-Ranges: bytes Connection: close
2024-08-28 20:08:12 UTC	1911	IN	Data Raw: 2a 20 7b 0a 20 20 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 7d 0a 0a 62 6f 64 79 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 39 66 39 66 39 3b 0a 20 20 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 70 72 6f 78 69 6d 61 2d 6e 6f 76 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 0a 23 68 65 61 64 65 72 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 7d 0a 0a 23 63 6f 6e 74 65 6e 74 20 7b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 39 66 39 66 39 3b 0a 7d 0a 0a 2e 68 69 64 65 20 7b 0a 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 7d 0a 0a 2e 6c 6f 67 69 6e 2d 62 67 2d 69 6d 61 67 65 20 7b 0a 20 20 62 61 63 Data Ascii: * { box-sizing: border-box;}body { background: #f9f9f9; color: #777; font-family: proxima-nova,Arial,Helvetica,sans-serif;}#header { display: none;}#content { background: #f9f9f9;}.hide { display: none;}.login-bg-image { bac

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49767	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 20:08:12 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ONtwwWgmvAW9Ctn&MD=OmH9Klcz HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-28 20:08:12 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 2a49b84d-8f42-46b6-a16a-53d3094bcc3d MS-RequestId: a6b358d8-d0e0-4012-b7d5-9e164e120341 MS-CV: c7LPhTWf8061UK+Q.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 28 Aug 2024 20:08:11 GMT Connection: close Content-Length: 24490
2024-08-28 20:08:12 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-08-28 20:08:12 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49773	18.65.39.13	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-28 20:08:12 UTC	615	OUT	GET /fs/bco/1/fs0tfevy7o2rpptBi357 HTTP/1.1 Host: ok7static.oktacdn.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.bakerhughes.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 20:08:13 UTC	670	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 6507 Connection: close Date: Wed, 28 Aug 2024 20:08:13 GMT Server: nginx Last-Modified: Sat, 24 Jun 2023 02:57:08 GMT ETag: "079198e0dcc3f16bfd74913a2f974115" Expires: Thu, 28 Aug 2025 20:08:13 GMT Cache-Control: max-age=31536000 Cache-Control: public,max-age=31536000,s-maxage=1814400 Strict-Transport-Security: max-age=315360000; includeSubDomains Access-Control-Allow-Origin: * Accept-Ranges: bytes X-Cache: Miss from cloudfront Via: 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) X-Amz-Cf-Pop: AMS1-P1 X-Amz-Cf-Id: L_J2TTgNWvtvrB5d9a0Ew04wnbO18tCjnqK-BUEa0XUA4cE6J958zg==
2024-08-28 20:08:13 UTC	6507	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 00 2e 08 06 00 00 00 92 c2 24 ca 00 00 19 32 49 44 41 54 78 da ed 5d 0b 7c 13 55 d6 2f 0f df 9f 0a da 64 66 d2 2e b4 99 69 92 5a 01 a5 ae 28 82 4d da c2 ae df fa 58 57 fb ad 6f 71 95 26 29 ef 57 93 02 62 04 79 34 69 cb 43 c1 f5 c1 fa 5b 17 f0 81 ae 8b e0 2a 92 94 97 82 f8 fa f4 fb d6 27 ee aa eb ca e2 fb 09 08 94 ce 9e 73 67 42 93 99 3b 93 49 d2 07 94 39 bf df f9 a5 4d 26 33 37 67 ce fd cf 39 e7 9e 73 6e 4e 8e 49 26 99 74 4c 52 e9 da d0 c9 ee 8d 61 d6 d3 3c 6f 48 79 ac e1 5a 4f 73 e4 3a f7 c6 a6 f3 46 3c 5f 6f 73 6f 5c fa 5f a6 84 4c 32 c9 a4 23 82 00 a0 6e f3 c4 22 eb 3d b1 f0 be ca 6d 4b c4 ca 17 17 13 1e f1 d2 dd a2 27 1a d9 5f 1e 8b 6c 71 c7 22 33 2e 8e 35 0e 35 a5 65 92 49 26 75 09 55 Data Ascii: PNGIHDR,.$2IDATx]\|U/df.iZ(MXWoq&)Wby4iC[*'sgB;I9M&37g9snNI&tLRa<oHyZOs:F<_oso\_L2#n"=mK'_lq"3.55eI&uU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49777	15.197.151.86	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-28 20:08:14 UTC	810	OUT	GET /favicon.ico HTTP/1.1 Host: login.bakerhughes.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://login.bakerhughes.com/app/bhconnect_bakerhughesbeaconentitlementsystem_1/exk16eygv62QN1bST358/sso/saml Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
2024-08-28 20:08:14 UTC	368	IN	HTTP/1.1 200 OK Date: Wed, 28 Aug 2024 20:08:14 GMT Server: nginx Content-Type: image/x-icon Content-Length: 5430 accept-ranges: bytes etag: W/"5430-1724179624000" last-modified: Tue, 20 Aug 2024 18:47:04 GMT x-content-type-options: nosniff Strict-Transport-Security: max-age=315360000; includeSubDomains X-Robots-Tag: noindex,nofollow Connection: close
2024-08-28 20:08:14 UTC	5430	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 29 00 00 79 29 00 0a 79 29 00 4c 7a 29 00 a9 7a 29 00 df 7a 29 00 fb 7a 29 00 fb 7a 29 00 df 7a 29 00 a8 79 28 00 56 78 29 00 0b 78 29 00 00 00 00 00 00 00 00 00 00 7a 2b 00 00 79 29 00 00 79 29 00 1c 79 29 00 99 7a 29 00 ec 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ee 79 29 00 95 79 29 00 1d 79 29 00 00 7a 2b 00 00 7a 2a 00 00 7a 2a 00 1e 7a 29 00 b0 7a 29 00 fe 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a Data Ascii: h& ( y)y)y)Lz)z)z)z)z)z)y(Vx)x)z+y)y)y)z)z)z)z)z)z)z)z)y)y)y)z+zzz)z)z)z)z)z)z)z)z)z)z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49778	3.161.82.77	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-28 20:08:14 UTC	374	OUT	GET /fs/bco/1/fs0tfevy7o2rpptBi357 HTTP/1.1 Host: ok7static.oktacdn.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-08-28 20:08:14 UTC	679	IN	HTTP/1.1 200 OK Content-Type: image/png Content-Length: 6507 Connection: close Date: Wed, 28 Aug 2024 20:08:13 GMT Server: nginx Last-Modified: Sat, 24 Jun 2023 02:57:08 GMT ETag: "079198e0dcc3f16bfd74913a2f974115" Expires: Thu, 28 Aug 2025 20:08:13 GMT Cache-Control: max-age=31536000 Cache-Control: public,max-age=31536000,s-maxage=1814400 Strict-Transport-Security: max-age=315360000; includeSubDomains Access-Control-Allow-Origin: * Accept-Ranges: bytes X-Cache: Hit from cloudfront Via: 1.1 38dab0d877593711162f7409f4fc8fca.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA56-P10 X-Amz-Cf-Id: h5hv-AtKWlvDI06OErrZmc1q1W8QiRo6xnf-zfKMgMfBrcwhz3edUQ== Age: 1
2024-08-28 20:08:14 UTC	6507	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 2c 00 00 00 2e 08 06 00 00 00 92 c2 24 ca 00 00 19 32 49 44 41 54 78 da ed 5d 0b 7c 13 55 d6 2f 0f df 9f 0a da 64 66 d2 2e b4 99 69 92 5a 01 a5 ae 28 82 4d da c2 ae df fa 58 57 fb ad 6f 71 95 26 29 ef 57 93 02 62 04 79 34 69 cb 43 c1 f5 c1 fa 5b 17 f0 81 ae 8b e0 2a 92 94 97 82 f8 fa f4 fb d6 27 ee aa eb ca e2 fb 09 08 94 ce 9e 73 67 42 93 99 3b 93 49 d2 07 94 39 bf df f9 a5 4d 26 33 37 67 ce fd cf 39 e7 9e 73 6e 4e 8e 49 26 99 74 4c 52 e9 da d0 c9 ee 8d 61 d6 d3 3c 6f 48 79 ac e1 5a 4f 73 e4 3a f7 c6 a6 f3 46 3c 5f 6f 73 6f 5c fa 5f a6 84 4c 32 c9 a4 23 82 00 a0 6e f3 c4 22 eb 3d b1 f0 be ca 6d 4b c4 ca 17 17 13 1e f1 d2 dd a2 27 1a d9 5f 1e 8b 6c 71 c7 22 33 2e 8e 35 0e 35 a5 65 92 49 26 75 09 55 Data Ascii: PNGIHDR,.$2IDATx]\|U/df.iZ(MXWoq&)Wby4iC[*'sgB;I9M&37g9snNI&tLRa<oHyZOs:F<_oso\_L2#n"=mK'_lq"3.55eI&uU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49780	15.197.151.86	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-28 20:08:15 UTC	450	OUT	GET /favicon.ico HTTP/1.1 Host: login.bakerhughes.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
2024-08-28 20:08:15 UTC	368	IN	HTTP/1.1 200 OK Date: Wed, 28 Aug 2024 20:08:15 GMT Server: nginx Content-Type: image/x-icon Content-Length: 5430 accept-ranges: bytes etag: W/"5430-1724179624000" last-modified: Tue, 20 Aug 2024 18:47:04 GMT x-content-type-options: nosniff Strict-Transport-Security: max-age=315360000; includeSubDomains X-Robots-Tag: noindex,nofollow Connection: close
2024-08-28 20:08:15 UTC	5430	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 13 0b 00 00 13 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 29 00 00 79 29 00 0a 79 29 00 4c 7a 29 00 a9 7a 29 00 df 7a 29 00 fb 7a 29 00 fb 7a 29 00 df 7a 29 00 a8 79 28 00 56 78 29 00 0b 78 29 00 00 00 00 00 00 00 00 00 00 7a 2b 00 00 79 29 00 00 79 29 00 1c 79 29 00 99 7a 29 00 ec 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ee 79 29 00 95 79 29 00 1d 79 29 00 00 7a 2b 00 00 7a 2a 00 00 7a 2a 00 1e 7a 29 00 b0 7a 29 00 fe 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a 29 00 ff 7a Data Ascii: h& ( y)y)y)Lz)z)z)z)z)z)y(Vx)x)z+y)y)y)z)z)z)z)z)z)z)z)y)y)y)z+zzz)z)z)z)z)z)z)z)z)z)z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49782	15.197.151.86	443	4180	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-28 20:08:21 UTC	776	OUT	GET / HTTP/1.1 Host: login.bakerhughes.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=45C0275FE00578BE1A3E14891D3762EE; t=default; DT=DI16SriRKWjQp2W1HLhAMMtsw
2024-08-28 20:08:21 UTC	1829	IN	HTTP/1.1 403 Forbidden Date: Wed, 28 Aug 2024 20:08:21 GMT Server: nginx Content-Type: text/html;charset=utf-8 Content-Length: 1810 Vary: Accept-Encoding x-content-type-options: nosniff x-okta-request-id: Zs-DtWmjwss58rkouV8F6gAABuc x-xss-protection: 0 content-security-policy: frame-ancestors 'self' referrer-policy: strict-origin-when-cross-origin accept-ch: Sec-CH-UA-Platform-Version cache-control: no-cache, no-store pragma: no-cache expires: 0 content-security-policy-report-only: default-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; connect-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com .oktacdn.com .mixpanel.com .mapbox.com .mtls.okta.com bhconnect.kerberos.okta.com https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; style-src 'unsafe-inline' 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com; frame-src 'self' bhconnect.okta.com bhconnect-admin.okta.com login.bakerhughes.com login.okta.com .vidyard.com; img-src 'self' bhconnect.okta.com login.bakerhughes.com .oktacdn.com .tiles.mapbox.com .mapbox.com .vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' bhconnect.okta. [TRUNCATED] x-frame-options: SAMEORIGIN content-language: en Strict-Transport-Security: max-age=315360000; includeSubDomains set-cookie: JSESSIONID=AA0C6AB0AE8746894F1338E8923DD6E3; Path=/; Secure; HttpOnly set-cookie: t=default; Path=/ Connection: close
2024-08-28 20:08:21 UTC	1810	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6e 65 22 20 2f 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 42 61 6b 65 72 20 48 75 67 68 65 73 20 2d 20 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 Data Ascii: <html><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="robots" content="none" /> <title>Baker Hughes - Access Forbidden</title

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49783	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-08-28 20:08:50 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ONtwwWgmvAW9Ctn&MD=OmH9Klcz HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-08-28 20:08:50 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: aa6777ee-2ba5-4db4-a502-ac7717e46191 MS-RequestId: b0d5d892-9698-4781-afb8-ad0884c7d2a5 MS-CV: ppwl05kJ0EOkw8BX.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 28 Aug 2024 20:08:50 GMT Connection: close Content-Length: 30005
2024-08-28 20:08:50 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-08-28 20:08:50 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 4924, Parent PID: 3568

General

Target ID:	0
Start time:	16:07:52
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 4180, Parent PID: 4924

General

Target ID:	2
Start time:	16:07:56
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2544,i,12839140376948361460,16293769373542387914,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6516, Parent PID: 3568

General

Target ID:	3
Start time:	16:07:59
Start date:	28/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://bhge-ofse.saviyntcloud.com/ECMv6/request/requestHome"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly