Edit tour

Windows Analysis Report
https://global.americanexpress.com/help?inav=iNUtlContact&extlink=us-em-serv-footer-helpcenter

Overview

General Information

Sample URL:	https://global.americanexpress.com/help?inav=iNUtlContact&extlink=us-em-serv-footer-helpcenter
Analysis ID:	1426758
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body with high number of embedded images detected

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://global.americanexpress.com/help?inav=iNUtlContact&extlink=us-em-serv-footer-helpcenter MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1948,i,17101978054004084476,12410038309744272020,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://global.americanexpress.com/help?inav=iNUtlContact&extlink=us-em-serv-footer-helpcenter

HTTP Parser: Total embedded image size: 15606

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.18:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.18:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.18:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.18:49705 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.79.187.180
Source: unknown	TCP traffic detected without corresponding DNS query: 23.76.32.107
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknown	TCP traffic detected without corresponding DNS query: 52.165.165.26

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=s+M7GxcDtlbET9Y&MD=DFrtxrWu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=s+M7GxcDtlbET9Y&MD=DFrtxrWu HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1713274301023 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: https://global.americanexpress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1713274301023 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: https://global.americanexpress.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=14639981717196152352028843229767243559
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.0.0&d_fieldgroup=A&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&mid=14483685490011032432048978651132711855&ts=1713274302100 HTTP/1.1Host: omns.americanexpress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: https://global.americanexpress.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: TS0114bdae=0144d4a839586b141b989af62e52371e6fc307f9d3a5061f1757c48d9180280c953015a6c6dc95d5b236407f09d657189c894cb579; agent-id=75ae5b53-68cf-4749-8f79-9c43a50fd031; bm_sz=6F6A31595189F7CEAF8A71424DC072A4~YAAQT2gBF03jz8qOAQAA+PQa5xdLqqvmjQo3qql/RSrk+NqgjmVtGRIpJ5fdyCwxL0VXYKaP3pbR9g9uEQWh5UXeVA9Y7V1m7P4NNPA2wKeGfYWBW+KWNGyMZxqUZSy9uAImtIyhIACEkuWppPtqSOdH4vOm1jvnIpZNwdjJ40gWe4OdNk+2mZF9LZGpSPN5W63KHWQIvJ4iH5vJLvoAaS+w4fiJUQj52oL6gxC2RBjBKPwxow2vambX2wX+CPZjRLt4NZMtr+f2bbmARnFCo/v3eRsPyS0JH12rulCjsr5LIQPNrvwt3MBukJtjlim+A82Bo9I2DgrIS9B1+gITDv42IX5px8tCUDTbVR2J6Yk61l/LMCVXt34MUCVLH7mYt71W1ejDyL4Ow4Ls~3293761~4342328; rxVisitor=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A; dtLatC=509; dtSa=-; dtCookie=v_4_srv_104_sn_D31AC96E3DF032551F710E6D44416A15_app-3Af32f70c4a19cb7f4_1_ol_0_perc_100000_mul_1_rcs-3Acss_0; _abck=AD827B41E34AB180244EB157C2E73EBF~0~YAAQUGgBFxym8NWOAQAAohcb5wu2ZGB60GcxQTa+6qpnA6FyqN4LrC5qrO0RImU4BIA5aiW5kpMSaiSyndfm39JpVX1S9C5VrOKKlePm9qqeBP9bYW6Iy7qKpBsP3xUYB36lvGG30+nKugXF2BlliLDzfCwaXSu1mXM8QrQC/1pLZU9IMUL+Xd7YLjPlWK7R8OkqushCcrWmU0Z8UNvySw6H36ckn7kVb74EibUOlgNgtg3l8YqVIigkF1WhtKEz6PsqbZ8oa/aADoHU3xYQBLcjAXjQkb8zA7V6/swvOTxG9IFfROLdI5inH5Ekc1pUAyTn1mvUZihn7Z+D5+RQBw6w7sE/nU7wgoFoU8sLmvC19Zmav3geNzaUhXZ5j7rF/R3U84iksSTiDDNRG6kw2MqWYlSBD4zoUiPFl9c7ypAI~-1~-1~-1; rxvt=1713276099040\|1713274290940; dtPC=$274290934_630h-vCCRUAIBSCBAUJCNRSUGTAFBDWCRAFKQA-0e0; s_pers=%20s_tslv%3D1713274301817%7C1776346301817%3B; s_sess=%20s_tp%3D1568%3B%20s_ppv%3Dus%25257Coneamex%25257Cser%25257Chelp%252C58%252C58%252C907%3B%20omn_extlink%3Dus-em-serv-footer-helpcenter%3B%20omn_inav%3DiNUtlContact%3B; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C14483685490011032432048978651132711855%7CMCAAMLH-1713879102%7C7%7CMCAAMB-1713879102%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1713281502s%7CNONE%7CvVersion%7C5.0.0
Source: global traffic	HTTP traffic detected: GET /id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1713274301023 HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=14639981717196152352028843229767243559
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s6959995791769?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A31%3A42%202%20-120&mid=14483685490011032432048978651132711855&aamlh=7&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7Chelp&g=https%3A%2F%2Fglobal.americanexpress.com%2Fhelp%3Finav%3DiNUtlContact%26extlink%3Dus-em-serv-footer-helpcenter%26extlink%3Dus-em-serv-footer-helpcenter%26&c.&visitorCheck=VisitorAPI%20Present&cm.&ssf=1&.cm&omn.&lob=ser&country=us&language=en&extlink=us-em-serv-footer-helpcenter&inav=iNUtlContact&.omn&.c&h.&architecture=x86&bitness=64&platformVersion=10.0.0&.h&cc=USD&server=global.americanexpress.com&v0=extlink%3Dus-em-serv-footer-helpcenter&events=event140%2Cevent45&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&h1=us%7Coneamex%7Cser&c3=en&c4=US&c6=D%3Dv6&v8=iNUtlContact&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c19=US%7Coneamex%7Cser&v21=US%3ALegacy%20Non-Search&c24=US%7Coneamex%7Cser&v27=US&c30=US%7Coneamex%7Cser&c31=US&c38=US%7Coneamex%7Cser&c43=New%20Visitor&c44=D%3Dv44&v45=prospect&c46=DLS%20Navigation&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c50=non-authenticated&c56=oneamex%3Adesktop&v60=1280&v61=landscape&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v71=us%7Coneamex%7Cser%7Chelp&v72=n%2Fa&v74=us%7Coneamex%7Cser%7Chelp&c75=Launch&v75=14483685490011032432048978651132711855&v94=D%3Dagent-id&v140=UCM%3A%20en-US%7C%20docEle%3A%20en-US%7C&v142=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: TS0114bdae=0144d4a839586b141b989af62e52371e6fc307f9d3a5061f1757c48d9180280c953015a6c6dc95d5b236407f09d657189c894cb579; agent-id=75ae5b53-68cf-4749-8f79-9c43a50fd031; bm_sz=6F6A31595189F7CEAF8A71424DC072A4~YAAQT2gBF03jz8qOAQAA+PQa5xdLqqvmjQo3qql/RSrk+NqgjmVtGRIpJ5fdyCwxL0VXYKaP3pbR9g9uEQWh5UXeVA9Y7V1m7P4NNPA2wKeGfYWBW+KWNGyMZxqUZSy9uAImtIyhIACEkuWppPtqSOdH4vOm1jvnIpZNwdjJ40gWe4OdNk+2mZF9LZGpSPN5W63KHWQIvJ4iH5vJLvoAaS+w4fiJUQj52oL6gxC2RBjBKPwxow2vambX2wX+CPZjRLt4NZMtr+f2bbmARnFCo/v3eRsPyS0JH12rulCjsr5LIQPNrvwt3MBukJtjlim+A82Bo9I2DgrIS9B1+gITDv42IX5px8tCUDTbVR2J6Yk61l/LMCVXt34MUCVLH7mYt71W1ejDyL4Ow4Ls~3293761~4342328; rxVisitor=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A; dtLatC=509; dtSa=-; dtCookie=v_4_srv_104_sn_D31AC96E3DF032551F710E6D44416A15_app-3Af32f70c4a19cb7f4_1_ol_0_perc_100000_mul_1_rcs-3Acss_0; _ab
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.0.0&d_fieldgroup=A&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&mid=14483685490011032432048978651132711855&ts=1713274302100 HTTP/1.1Host: omns.americanexpress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: TS0114bdae=0144d4a839586b141b989af62e52371e6fc307f9d3a5061f1757c48d9180280c953015a6c6dc95d5b236407f09d657189c894cb579; agent-id=75ae5b53-68cf-4749-8f79-9c43a50fd031; bm_sz=6F6A31595189F7CEAF8A71424DC072A4~YAAQT2gBF03jz8qOAQAA+PQa5xdLqqvmjQo3qql/RSrk+NqgjmVtGRIpJ5fdyCwxL0VXYKaP3pbR9g9uEQWh5UXeVA9Y7V1m7P4NNPA2wKeGfYWBW+KWNGyMZxqUZSy9uAImtIyhIACEkuWppPtqSOdH4vOm1jvnIpZNwdjJ40gWe4OdNk+2mZF9LZGpSPN5W63KHWQIvJ4iH5vJLvoAaS+w4fiJUQj52oL6gxC2RBjBKPwxow2vambX2wX+CPZjRLt4NZMtr+f2bbmARnFCo/v3eRsPyS0JH12rulCjsr5LIQPNrvwt3MBukJtjlim+A82Bo9I2DgrIS9B1+gITDv42IX5px8tCUDTbVR2J6Yk61l/LMCVXt34MUCVLH7mYt71W1ejDyL4Ow4Ls~3293761~4342328; rxVisitor=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A; dtLatC=509; dtSa=-; dtCookie=v_4_srv_104_sn_D31AC96E3DF032551F710E6D44416A15_app-3Af32f70c4a19cb7f4_1_ol_0_perc_100000_mul_1_rcs-3Acss_0; _abck=AD827B41E34AB180244EB157C2E73EBF~0~YAAQUGgBFxym8NWOAQAAohcb5wu2ZGB60GcxQTa+6qpnA6FyqN4LrC5qrO0RImU4BIA5aiW5kpMSaiSyndfm39JpVX1S9C5VrOKKlePm9qqeBP9bYW6Iy7qKpBsP3xUYB36lvGG30+nKugXF2BlliLDzfCwaXSu1mXM8QrQC/1pLZU9IMUL+Xd7YLjPlWK7R8OkqushCcrWmU0Z8UNvySw6H36ckn7kVb74EibUOlgNgtg3l8YqVIigkF1WhtKEz6PsqbZ8oa/aADoHU3xYQBLcjAXjQkb8zA7V6/swvOTxG9IFfROLdI5inH5Ekc1pUAyTn1mvUZihn7Z+D5+RQBw6w7sE/nU7wgoFoU8sLmvC19Zmav3geNzaUhXZ5j7rF/R3U84iksSTiDDNRG6kw2MqWYlSBD4zoUiPFl9c7ypAI~-1~-1~-1; rxvt=1713276099040\|1713274290940; dtPC=$274290934_630h-vCCRUAIBSCBAUJCNRSUGTAFBDWCRAFKQA-0e0; s_pers=%20s_tslv%3D1713274301817%7C1776346301817%3B; s_sess=%20s_tp%3D1568%3B%20s_ppv%3Dus%25257Coneamex%25257Cser%25257Chelp%252C58%252C58%252C907%3B%20omn_extlink%3Dus-em-serv-footer-helpcenter%3B%20omn_inav%3DiNUtlContact%3B; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; s_ecid=MCMID%7C14483685490011032432048978651132711855; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C14483685490011032432048978651132711855%7CMCAAMLH-1713879102%7C7%7CMCAAMB-1713879102%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1713281502s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.0.0
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s6959995791769?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A31%3A42%202%20-120&mid=14483685490011032432048978651132711855&aamlh=7&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7Chelp&g=https%3A%2F%2Fglobal.americanexpress.com%2Fhelp%3Finav%3DiNUtlContact%26extlink%3Dus-em-serv-footer-helpcenter%26extlink%3Dus-em-serv-footer-helpcenter%26&c.&visitorCheck=VisitorAPI%20Present&cm.&ssf=1&.cm&omn.&lob=ser&country=us&language=en&extlink=us-em-serv-footer-helpcenter&inav=iNUtlContact&.omn&.c&h.&architecture=x86&bitness=64&platformVersion=10.0.0&.h&cc=USD&server=global.americanexpress.com&v0=extlink%3Dus-em-serv-footer-helpcenter&events=event140%2Cevent45&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&h1=us%7Coneamex%7Cser&c3=en&c4=US&c6=D%3Dv6&v8=iNUtlContact&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c19=US%7Coneamex%7Cser&v21=US%3ALegacy%20Non-Search&c24=US%7Coneamex%7Cser&v27=US&c30=US%7Coneamex%7Cser&c31=US&c38=US%7Coneamex%7Cser&c43=New%20Visitor&c44=D%3Dv44&v45=prospect&c46=DLS%20Navigation&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c50=non-authenticated&c56=oneamex%3Adesktop&v60=1280&v61=landscape&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v71=us%7Coneamex%7Cser%7Chelp&v72=n%2Fa&v74=us%7Coneamex%7Cser%7Chelp&c75=Launch&v75=14483685490011032432048978651132711855&v94=D%3Dagent-id&v140=UCM%3A%20en-US%7C%20docEle%3A%20en-US%7C&v142=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: TS0114bdae=0144d4a839586b141b989af62e52371e6fc307f9d3a5061f1757c48d9180280c953015a6c6dc95d5b236407f09d657189c894cb579; agent-id=75ae5b53-68cf-4749-8f79-9c43a50fd031; bm_sz=6F6A31595189F7CEAF8A71424DC072A4~YAAQT2gBF03jz8qOAQAA+PQa5xdLqqvmjQo3qql/RSrk+NqgjmVtGRIpJ5fdyCwxL0VXYKaP3pbR9g9uEQWh5UXeVA9Y7V1m7P4NNPA2wKeGfYWBW+KWNGyMZxqUZSy9uAImtIyhIACEkuWppPtqSOdH4vOm1jvnIpZNwdjJ40gWe4OdNk+2mZF9LZGpSPN5W63KHWQIvJ4iH5vJLvoAaS+w4fiJUQj52oL6gxC2RBjBKPwxow2vambX2wX+CPZjRLt4NZMtr+f2bbmARnFCo/v3eRsPyS0JH12rulCjsr5LIQPNrvwt3MBukJtjlim+A82Bo9I2DgrIS9B1+gITDv42IX5px8tCUDTbVR2J6Yk61l/LMCVXt34MUCVLH7mYt71W1ejDyL4Ow4Ls~3293761~4342328; rxVisitor=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A; dtLatC=509; dtSa=-; dtCookie=v_4_srv_104_sn_D31AC96E3DF032551F710E6D44416A15_app-3Af32f70c4a19cb7f4_1_ol_0_perc_100000_mul_1_rcs-3Acss_0; _abck=AD827B41E34AB180244EB157C2E73EBF~0~YAAQUGgBFxym8NWOAQAAohcb5wu2ZGB60GcxQTa+6qpnA6FyqN4LrC5qrO0RImU4BIA5aiW5kpMSaiSyndfm39JpVX1S9C5VrOKKlePm9qqeBP9bYW6Iy7qKpBsP3xUYB36lvGG30+nKugXF2BlliLDzfCwaXSu1m
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s67650161295375?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A31%3A42%202%20-120&mid=14483685490011032432048978651132711855&aamlh=7&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7Chelp&g=https%3A%2F%2Fglobal.americanexpress.com%2Fhelp%3Finav%3DiNUtlContact%26extlink%3Dus-em-serv-footer-helpcenter&c.&cm.&ssf=1&.cm&omn.&identifier=axp-myca-route-config&element=credo-rampup&lob=ser&detail=ineligible&.omn&.c&cc=USD&events=event141&c3=en&c4=US&v4=axp-myca-route-config&v5=us%3E%3Eaxp-myca-route-config%3E%3Eimpression%3E%3Ecredo-rampup%3E%3Eineligible&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c21=axp-myca-route-config&c22=us%3E%3Eaxp-myca-route-config%3E%3Eimpression%3E%3Ecredo-rampup%3E%3Eineligible&v27=US&c44=D%3Dv44&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c56=oneamex%3Adesktop&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7Chelp&v75=14483685490011032432048978651132711855&pe=lnk_o&pev2=Dynamic%20Page%20Action&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: TS0114bdae=0144d4a839586b141b989af62e52371e6fc307f9d3a5061f1757c48d9180280c953015a6c6dc95d5b236407f09d657189c894cb579; agent-id=75ae5b53-68cf-4749-8f79-9c43a50fd031; bm_sz=6F6A31595189F7CEAF8A71424DC072A4~YAAQT2gBF03jz8qOAQAA+PQa5xdLqqvmjQo3qql/RSrk+NqgjmVtGRIpJ5fdyCwxL0VXYKaP3pbR9g9uEQWh5UXeVA9Y7V1m7P4NNPA2wKeGfYWBW+KWNGyMZxqUZSy9uAImtIyhIACEkuWppPtqSOdH4vOm1jvnIpZNwdjJ40gWe4OdNk+2mZF9LZGpSPN5W63KHWQIvJ4iH5vJLvoAaS+w4fiJUQj52oL6gxC2RBjBKPwxow2vambX2wX+CPZjRLt4NZMtr+f2bbmARnFCo/v3eRsPyS0JH12rulCjsr5LIQPNrvwt3MBukJtjlim+A82Bo9I2DgrIS9B1+gITDv42IX5px8tCUDTbVR2J6Yk61l/LMCVXt34MUCVLH7mYt71W1ejDyL4Ow4Ls~3293761~4342328; rxVisitor=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A; dtLatC=509; dtSa=-; dtCookie=v_4_srv_104_sn_D31AC96E3DF032551F710E6D44416A15_app-3Af32f70c4a19cb7f4_1_ol_0_perc_100000_mul_1_rcs-3Acss_0; _abck=AD827B41E34AB180244EB157C2E73EBF~0~YAAQUGgBFxym8NWOAQAAohcb5wu2ZGB60GcxQTa+6qpnA6FyqN4LrC5qrO0RImU4BIA5aiW5kpMSaiSyndfm39JpVX1S9C5VrOKKlePm9qqeBP9bYW6Iy7qKpBsP3xUYB36lvGG30+nKugXF2BlliLDzfCwaXSu1mXM8QrQC/1pLZU9IMUL+Xd7YLjPlWK7R8OkqushCcrWmU0Z8UNvySw6H36ckn7kVb74EibUOlgNgtg3l8YqVIigkF1WhtKEz6PsqbZ8oa/aADoHU3xYQBLcjAXjQkb8zA7V6/swvOTxG9IFfROLdI5inH5Ekc1pUAyTn1mvUZihn7Z+D5+RQBw6w7sE/nU7wgoFoU8sLmvC19Zmav3geNzaUhXZ5j7rF/R3U84iksSTiDDNRG6kw2MqWYlSBD4zoUi
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s67650161295375?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A31%3A42%202%20-120&mid=14483685490011032432048978651132711855&aamlh=7&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7Chelp&g=https%3A%2F%2Fglobal.americanexpress.com%2Fhelp%3Finav%3DiNUtlContact%26extlink%3Dus-em-serv-footer-helpcenter&c.&cm.&ssf=1&.cm&omn.&identifier=axp-myca-route-config&element=credo-rampup&lob=ser&detail=ineligible&.omn&.c&cc=USD&events=event141&c3=en&c4=US&v4=axp-myca-route-config&v5=us%3E%3Eaxp-myca-route-config%3E%3Eimpression%3E%3Ecredo-rampup%3E%3Eineligible&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c21=axp-myca-route-config&c22=us%3E%3Eaxp-myca-route-config%3E%3Eimpression%3E%3Ecredo-rampup%3E%3Eineligible&v27=US&c44=D%3Dv44&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c56=oneamex%3Adesktop&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7Chelp&v75=14483685490011032432048978651132711855&pe=lnk_o&pev2=Dynamic%20Page%20Action&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: TS0114bdae=0144d4a839586b141b989af62e52371e6fc307f9d3a5061f1757c48d9180280c953015a6c6dc95d5b236407f09d657189c894cb579; agent-id=75ae5b53-68cf-4749-8f79-9c43a50fd031; bm_sz=6F6A31595189F7CEAF8A71424DC072A4~YAAQT2gBF03jz8qOAQAA+PQa5xdLqqvmjQo3qql/RSrk+NqgjmVtGRIpJ5fdyCwxL0VXYKaP3pbR9g9uEQWh5UXeVA9Y7V1m7P4NNPA2wKeGfYWBW+KWNGyMZxqUZSy9uAImtIyhIACEkuWppPtqSOdH4vOm1jvnIpZNwdjJ40gWe4OdNk+2mZF9LZGpSPN5W63KHWQIvJ4iH5vJLvoAaS+w4fiJUQj52oL6gxC2RBjBKPwxow2vambX2wX+CPZjRLt4NZMtr+f2bbmARnFCo/v3eRsPyS0JH12rulCjsr5LIQPNrvwt3MBukJtjlim+A82Bo9I2DgrIS9B1+gITDv42IX5px8tCUDTbVR2J6Yk61l/LMCVXt34MUCVLH7mYt71W1ejDyL4Ow4Ls~3293761~4342328; rxVisitor=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A; dtLatC=509; dtSa=-; dtCookie=v_4_srv_104_sn_D31AC96E3DF032551F710E6D44416A15_app-3Af32f70c4a19cb7f4_1_ol_0_perc_100000_mul_1_rcs-3Acss_0; _abck=AD827B41E34AB180244EB157C2E73EBF~0~YAAQUGgBFxym8NWOAQAAohcb5wu2ZGB60GcxQTa+6qpnA6FyqN4LrC5qrO0RImU4BIA5aiW5kpMSaiSyndfm39JpVX1S9C5VrOKKlePm9qqeBP9bYW6Iy7qKpBsP3xUYB36lvGG30+nKugXF2BlliLDzfCwaXSu1mXM8QrQC/1pLZU9IMUL+Xd7YLjPlWK7R8OkqushCcrWmU0Z8UNvySw6H36ckn7kVb74EibUOlgNgtg3l8YqVIigkF1WhtKEz6PsqbZ8oa/aADoHU3xYQBLcjAXjQkb8zA7V6/swvOTxG9IFfROLdI5inH5Ekc1pUAyTn1mvUZihn7Z+D5+RQBw6w7sE/nU7wgoFoU8sLmvC19Zmav3geNzaUhXZ5j7rF/R3U84iksSTiDDNRG6kw2MqWYlSBD4zoUiPFl9c7ypAI~-1~-1~-1; rxvt=1713276099040\|1713274290940; dtPC=$274290934_630h-vCCRUAIBSCBAUJCNRSUGTAFBDWCRAFKQA-0e0; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; s_ecid=MCMID%7C144836854900110324320489
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiSocsBCIWgzQEI3L3NAQjpxc0BCJHKzQEIucrNAQis0c0BCInTzQEI29PNAQj2080BCNLWzQEIp9jNAQjp2M0BCPnA1BUYwcvMARi50s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiSocsBCIWgzQEI3L3NAQjpxc0BCJHKzQEIucrNAQis0c0BCInTzQEI29PNAQj2080BCNLWzQEIp9jNAQjp2M0BCPnA1BUYwcvMARi50s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtTk0GNv7-bAGIjCutrdc__jP0Ewy3i-m2egggo-7ZmryQzEGXexmB4-11OBM3nprFLRWxeudB_gRK98yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiSocsBCIWgzQEI3L3NAQjpxc0BCJHKzQEIucrNAQis0c0BCInTzQEI29PNAQj2080BCNLWzQEIp9jNAQjp2M0BCPnA1BUYwcvMARi50s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-16-13; NID=513=HiYTcYVFE12zfZ5RF4UZiNIh43EgTh3zpY5SDtyZHLD4cR6h-fHb5eXqkaLQaQss9tPU_nAzWqJ-r8tm2nzuwJVuJgSg8m80omXLQLI9kC-mLI67INlpFzc2Xm6nACmdJHvvKlrhu1n0my3amXjvrdO281LsrYSdSQJKKM41sZY
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtTk0GNv7-bAGIjDiFp97vxk7IW7qwjFYYBhxwkHmojLuIhALKDnO0DQ2z_YXRZ4ybx5vwHqH-UJyuSIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-16-13; NID=513=ggn58Oi5KKSghXHMWIYnjVKSl7PEG1cKs3hmIzSRQ1Tn7Ea15F50Zfg1_H_HHMd7_w5NryrE4_eTvXY49r5G-ejab8dhmje4SCAwDOesgz5bjWCTGZWonX8-SeCEBBb32Xu0tJ7bttTzafiejNdUEbMwb3nwPE4IF65UK62RK3A
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtTk0GNv7-bAGIjAB5ca-1h2npjbKyRJrY0x7oVX9EvE_hx3CS29R-qtGI7R0K5dKFNaff9s5a-f5vCUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-16-13; NID=513=KR6K9V6ZtjZf1vKqUgOCyawpR6eIS5pHtrHBKK9hd2Rn181bbOmhSJTXvOXsy0He6WiQB6xc2uxrxNpsVJc7iR0T1Sq2l-jZJtKYV9vxzkzWvlEx8rLgeFKLa2eT8r9bC8N6WSS2AirqkYi_QNeD-iS3ZnAW1KNqcfFonpYaKoQ
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiSocsBCIWgzQEI3L3NAQjpxc0BCJHKzQEIucrNAQis0c0BCInTzQEI29PNAQj2080BCNLWzQEIp9jNAQjp2M0BCPnA1BUYwcvMARi50s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-16-13; NID=513=KR6K9V6ZtjZf1vKqUgOCyawpR6eIS5pHtrHBKK9hd2Rn181bbOmhSJTXvOXsy0He6WiQB6xc2uxrxNpsVJc7iR0T1Sq2l-jZJtKYV9vxzkzWvlEx8rLgeFKLa2eT8r9bC8N6WSS2AirqkYi_QNeD-iS3ZnAW1KNqcfFonpYaKoQ
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiSocsBCIWgzQEI3L3NAQjpxc0BCJHKzQEIucrNAQis0c0BCInTzQEI29PNAQj2080BCNLWzQEIp9jNAQjp2M0BCPnA1BUYwcvMARi50s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-16-13; NID=513=KR6K9V6ZtjZf1vKqUgOCyawpR6eIS5pHtrHBKK9hd2Rn181bbOmhSJTXvOXsy0He6WiQB6xc2uxrxNpsVJc7iR0T1Sq2l-jZJtKYV9vxzkzWvlEx8rLgeFKLa2eT8r9bC8N6WSS2AirqkYi_QNeD-iS3ZnAW1KNqcfFonpYaKoQ

Source: unknown

DNS traffic detected: queries for: global.americanexpress.com

Source: chromecache_282.1.dr, chromecache_157.1.dr, chromecache_222.1.dr	String found in binary or memory: http://feross.org
Source: chromecache_247.1.dr, chromecache_223.1.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_245.1.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_237.1.dr, chromecache_248.1.dr	String found in binary or memory: https://americanexpress.com/en-us/banking/business/checking/accounts/
Source: chromecache_230.1.dr	String found in binary or memory: https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-4454a9ef97c1c8cd89
Source: chromecache_230.1.dr	String found in binary or memory: https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-bea3c9697c62409967
Source: chromecache_230.1.dr	String found in binary or memory: https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-c5299abd23ef05bd6d
Source: chromecache_230.1.dr	String found in binary or memory: https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-f424e4c1e880782914
Source: chromecache_230.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/333b39a46679/launch-df6a13efe609-staging.min.js
Source: chromecache_230.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/61650f53735f/launch-77374eae9c9b-staging.min.js
Source: chromecache_230.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/66bfa1f1c370/launch-a84bcfcd9f88-staging.min.js
Source: chromecache_230.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/6ea2f89ca33d/launch-25c1ded7854b-staging.min.js
Source: chromecache_230.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/6ea2f89ca33d/launch-ffeccfbfebd3.min.js
Source: chromecache_230.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/8e98299b4e37/launch-186af9da7404-staging.min.js
Source: chromecache_230.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/8e98299b4e37/launch-f60a62d583bd.min.js
Source: chromecache_230.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/8fe231718838/launch-5a77dcd96b5f-staging.min.js
Source: chromecache_230.1.dr	String found in binary or memory: https://cdaas-dev.americanexpress.com/cdaas/api/axpi/omniture/launch/1.4.9/launch-688f678fbf27-stagi
Source: chromecache_163.1.dr	String found in binary or memory: https://cdaas-dev.americanexpress.com/one/axp-script-supplier/5.1.5/script-supplier.js
Source: chromecache_282.1.dr, chromecache_157.1.dr, chromecache_222.1.dr	String found in binary or memory: https://feross.org/opensource
Source: chromecache_240.1.dr	String found in binary or memory: https://github.com/facebook/regenerator/blob/main/LICENSE
Source: chromecache_244.1.dr, chromecache_284.1.dr, chromecache_222.1.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_237.1.dr, chromecache_248.1.dr	String found in binary or memory: https://global.americanexpress.com/banking/dashboard
Source: chromecache_237.1.dr, chromecache_248.1.dr	String found in binary or memory: https://global.americanexpress.com/card-benefits/view-all?opaqueAccountId=
Source: chromecache_237.1.dr, chromecache_248.1.dr	String found in binary or memory: https://global.americanexpress.com/customer/profile
Source: chromecache_237.1.dr, chromecache_248.1.dr	String found in binary or memory: https://global.americanexpress.com/dashboard
Source: chromecache_237.1.dr, chromecache_248.1.dr	String found in binary or memory: https://global.americanexpress.com/overview
Source: chromecache_258.1.dr, chromecache_151.1.dr	String found in binary or memory: https://global.americanexpress.com/payments/pay
Source: chromecache_216.1.dr	String found in binary or memory: https://iwmapapi.americanexpress.com/beacon
Source: chromecache_245.1.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_245.1.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_245.1.dr	String found in binary or memory: https://openjsf.org/
Source: chromecache_230.1.dr	String found in binary or memory: https://qwww.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/intranet/1.4.1/launch-80e343e58fb8
Source: chromecache_230.1.dr	String found in binary or memory: https://qwww.aexp-static.com/cdaas/api/axpi/omniture/launch/1.4.9/launch-688f678fbf27-staging.min.js
Source: chromecache_163.1.dr	String found in binary or memory: https://qwww.aexp-static.com/cdaas/one/axp-script-supplier/5.1.5/script-supplier.js
Source: chromecache_282.1.dr, chromecache_222.1.dr	String found in binary or memory: https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE
Source: chromecache_240.1.dr	String found in binary or memory: https://ucmapi.americanexpress.com/api/consent/ext/record/
Source: chromecache_240.1.dr	String found in binary or memory: https://ucmapi.americanexpress.com/api/consent/management/
Source: chromecache_163.1.dr	String found in binary or memory: https://ucmapi.americanexpress.com/api/consent/management/report/error
Source: chromecache_240.1.dr	String found in binary or memory: https://ucmapi.americanexpress.com/api/v1/geo_location/check
Source: chromecache_230.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/intranet/1.4.1/launch-355955701c68.
Source: chromecache_275.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/api/axpi/omniture/launch/1.4.9/dcb19cbd6cbf/b4385da1798a/74e098123
Source: chromecache_230.1.dr, chromecache_287.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/api/axpi/omniture/launch/1.4.9/launch-b363d6c28b7c.min.js
Source: chromecache_269.1.dr, chromecache_221.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/dxt-vendor-shared-scripts/adobe-wrapper/1.6.6/adobe-wrapper.js
Source: chromecache_191.1.dr, chromecache_140.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one/axp-chat-bootstrap/1.5.1/chatTaggingBootStrap.js
Source: chromecache_196.1.dr, chromecache_289.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one/axp-chat-router/1.1.5/chatWrapper.js
Source: chromecache_163.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one/axp-script-supplier/5.1.5/script-supplier.js
Source: chromecache_252.1.dr, chromecache_156.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one/dxt-script-supplier-helper/1.2.0/dxt-script-supplier-helper.js
Source: chromecache_152.1.dr, chromecache_232.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one/one-stream-data-handler/0.1.2/oneStream.js
Source: chromecache_290.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/
Source: chromecache_243.1.dr, chromecache_285.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/qualtricsIntercept.js
Source: chromecache_153.1.dr, chromecache_169.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/user-consent-management/ucm/v1.13.0/UCM.js
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/be/fr/legal/politique-cookie.html?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/be/nl/legal/cookiebeleid.html?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/content/dam/amex/us/company/Privacy/California_Privacy_Notice.pdf
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/cz-cz/spolecnost/pravni/centrum-ochrany-osobnich-udaju/o-souborech-c
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/da-dk/selskab/legal/privatlivspolitik/angaende-cookies?showoverlay=f
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/de-at/firma/legal/datenschutz-center/cookie-informationen?showoverla
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/en-ca/company/legal/privacy-centre/about-cookies/?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/en-ca/company/legal/privacy-centre/privacy-statement/?showoverlay=fa
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/en-cz/company/legal/privacy-centre/about-cookies/?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/en-hu/company/legal/privacy-centre/about-cookies/?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/about-cookies/?showoverlay=false
Source: chromecache_237.1.dr, chromecache_248.1.dr	String found in binary or memory: https://www.americanexpress.com/en-us/banking/personal/savings/dashboard
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/es/legal/informacion-sobre-los-cookies.html?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/fi/legal/yksityisyys/cookies/index.html?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/fr-ca/societes/legale/centre-de-confidentialite/a-propos-des-cookies
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/fr-ca/societes/legale/centre-de-confidentialite/declaration-de-confi
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/fr/legal/about-cookies.html?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/germany/legal/about_cookies.shtml?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/hu-hu/ceg/jogi/adatvedelem/a-sutikrol/index.html?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/icc/cookies.html?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/italy/legal/about_cookies.shtml?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/nl/about-cookies.html?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/no/legal/personvern/cookies/index.html?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/pl-pl/firma/prawny/centrum-prywatnosci/o-ciasteczkach/?showoverlay=f
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/se/legal/sekretess/cookies/index.html?showoverlay=false
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/uk/legal/about-cookies.shtml?showoverlay=false
Source: chromecache_258.1.dr, chromecache_151.1.dr	String found in binary or memory: https://www.americanexpress.com/us/credit-cards/
Source: chromecache_258.1.dr, chromecache_151.1.dr	String found in binary or memory: https://www.americanexpress.com/us/merchant/merchant-home.html
Source: chromecache_240.1.dr	String found in binary or memory: https://www.americanexpress.com/us/privacy-center/
Source: chromecache_258.1.dr, chromecache_151.1.dr	String found in binary or memory: https://www.americanexpress.com/us/small-business/
Source: chromecache_141.1.dr, chromecache_233.1.dr	String found in binary or memory: https://www.dynatrace.com/company/trust-center/customers/reports/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49693
Source: unknown	Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900

Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.18:49693 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.18:49697 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.18:49698 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.18:49705 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@15/230@52/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://global.americanexpress.com/help?inav=iNUtlContact&extlink=us-em-serv-footer-helpcenter
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1948,i,17101978054004084476,12410038309744272020,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1948,i,17101978054004084476,12410038309744272020,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://global.americanexpress.com/help?inav=iNUtlContact&extlink=us-em-serv-footer-helpcenter	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
americanexpress.com.ssl.d2.sc.omtrdc.net	0%	Virustotal	Browse
commerce.ss-omtrdc.net	0%	Virustotal	Browse
sp100500b5.guided.ss-omtrdc.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://openjsf.org/	0%	URL Reputation	safe
http://jedwatson.github.io/classnames	0%	URL Reputation	safe
https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com	52.4.85.254	true	false		high
www.google.com	64.233.177.103	true	false		high
americanexpress.com.ssl.d2.sc.omtrdc.net	63.140.38.236	true	false	0%, Virustotal, Browse	unknown
commerce.ss-omtrdc.net	192.243.240.8	true	false	0%, Virustotal, Browse	unknown
sp100500b5.guided.ss-omtrdc.net	unknown	unknown	false	0%, Virustotal, Browse	unknown
graph.americanexpress.com	unknown	unknown	false		high
assets.adobedtm.com	unknown	unknown	false		high
siteintercept.qualtrics.com	unknown	unknown	false		high
dynatracepsg.americanexpress.com	unknown	unknown	false		high
mycaoneslinger.americanexpress.com	unknown	unknown	false		high
iwmapapi.americanexpress.com	unknown	unknown	false		high
inbound.americanexpress.com	unknown	unknown	false		high
apigw.americanexpress.com	unknown	unknown	false		high
omns.americanexpress.com	unknown	unknown	false		high
one-xp.americanexpress.com	unknown	unknown	false		high
functions.americanexpress.com	unknown	unknown	false		high
global.americanexpress.com	unknown	unknown	false		high
dpm.demdex.net	unknown	unknown	false		high
www.aexp-static.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/async/newtab_promos	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtTk0GNv7-bAGIjAB5ca-1h2npjbKyRJrY0x7oVX9EvE_hx3CS29R-qtGI7R0K5dKFNaff9s5a-f5vCUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtTk0GNv7-bAGIjCutrdc__jP0Ewy3i-m2egggo-7ZmryQzEGXexmB4-11OBM3nprFLRWxeudB_gRK98yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/async/ddljson?async=ntp:2	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtTk0GNv7-bAGIjDiFp97vxk7IW7qwjFYYBhxwkHmojLuIhALKDnO0DQ2z_YXRZ4ybx5vwHqH-UJyuSIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://dpm.demdex.net/id?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1713274301023	false	high
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1713274301023	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://assets.adobedtm.com/dcb19cbd6cbf/8e98299b4e37/launch-f60a62d583bd.min.js	chromecache_230.1.dr	false		high
https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-c5299abd23ef05bd6d	chromecache_230.1.dr	false		high
https://assets.adobedtm.com/dcb19cbd6cbf/8e98299b4e37/launch-186af9da7404-staging.min.js	chromecache_230.1.dr	false		high
https://lodash.com/	chromecache_245.1.dr	false		high
https://www.dynatrace.com/company/trust-center/customers/reports/	chromecache_141.1.dr, chromecache_233.1.dr	false		high
https://assets.adobedtm.com/dcb19cbd6cbf/8fe231718838/launch-5a77dcd96b5f-staging.min.js	chromecache_230.1.dr	false		high
https://assets.adobedtm.com/dcb19cbd6cbf/66bfa1f1c370/launch-a84bcfcd9f88-staging.min.js	chromecache_230.1.dr	false		high
https://assets.adobedtm.com/dcb19cbd6cbf/6ea2f89ca33d/launch-ffeccfbfebd3.min.js	chromecache_230.1.dr	false		high
https://assets.adobedtm.com/dcb19cbd6cbf/61650f53735f/launch-77374eae9c9b-staging.min.js	chromecache_230.1.dr	false		high
https://assets.adobedtm.com/dcb19cbd6cbf/333b39a46679/launch-df6a13efe609-staging.min.js	chromecache_230.1.dr	false		high
https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-f424e4c1e880782914	chromecache_230.1.dr	false		high
http://underscorejs.org/LICENSE	chromecache_245.1.dr	false		high
https://raw.githubusercontent.com/stefanpenner/es6-promise/master/LICENSE	chromecache_282.1.dr, chromecache_222.1.dr	false	0%, Virustotal, Browse	unknown
https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-4454a9ef97c1c8cd89	chromecache_230.1.dr	false		high
https://feross.org/opensource	chromecache_282.1.dr, chromecache_157.1.dr, chromecache_222.1.dr	false		high
https://lodash.com/license	chromecache_245.1.dr	false		high
https://github.com/js-cookie/js-cookie	chromecache_244.1.dr, chromecache_284.1.dr, chromecache_222.1.dr	false		high
http://feross.org	chromecache_282.1.dr, chromecache_157.1.dr, chromecache_222.1.dr	false		high
https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-bea3c9697c62409967	chromecache_230.1.dr	false		high
https://openjsf.org/	chromecache_245.1.dr	false	URL Reputation: safe	unknown
https://assets.adobedtm.com/dcb19cbd6cbf/6ea2f89ca33d/launch-25c1ded7854b-staging.min.js	chromecache_230.1.dr	false		high
https://github.com/facebook/regenerator/blob/main/LICENSE	chromecache_240.1.dr	false		high
http://jedwatson.github.io/classnames	chromecache_247.1.dr, chromecache_223.1.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
63.140.39.72	unknown	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
192.243.240.8	commerce.ss-omtrdc.net	United States	15224	OMNITUREUS	false
52.4.85.254	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
63.140.38.236	americanexpress.com.ssl.d2.sc.omtrdc.net	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
3.223.253.145	unknown	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.233.177.103	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.18
192.168.2.4
192.168.2.6
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1426758
Start date and time:	2024-04-16 15:29:46 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://global.americanexpress.com/help?inav=iNUtlContact&extlink=us-em-serv-footer-helpcenter
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@15/230@52/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 72.21.81.240, 74.125.136.94, 96.17.39.208, 172.217.215.139, 172.217.215.102, 172.217.215.113, 172.217.215.100, 172.217.215.138, 172.217.215.101, 142.250.105.84, 34.104.35.123, 173.222.214.90, 139.71.8.18, 139.71.89.13, 23.4.44.207, 139.71.49.215, 139.71.19.57, 139.71.49.207, 139.71.49.169, 142.250.9.95, 142.250.105.95, 74.125.136.95, 142.251.15.95, 74.125.138.95, 64.233.185.95, 172.217.215.95, 108.177.122.95, 173.194.219.95, 64.233.177.95, 172.253.124.95, 64.233.176.95, 184.31.61.57, 139.71.16.158, 104.17.208.240, 104.17.209.240, 139.71.2.215, 142.250.105.94, 74.125.138.101, 74.125.138.102, 74.125.138.139, 74.125.138.113, 74.125.138.100, 74.125.138.138
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, functions.americanexpress.com.akadns.net, cn-assets.adobedtm.com.edgekey.net, clientservices.googleapis.com, global.americanexpress.com.edgekey.net, iwmapapi.americanexpress.com.akadns.net, graph.americanexpress.com.akadns.net, clients2.google.com, www.aexp-static.com.edgekey.net, update.googleapis.com, e8800.x.akamaiedge.net, clients1.google.com, dynatracepsg.americanexpress.com.akadns.net, e14590.x.akamaiedge.net, inbound.americanexpress.com.akadns.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, mycaoneslinger.americanexpress.com.akadns.net, ctldl.windowsupdate.com, one-xp.americanexpress.com.edgekey.net, e5281.x.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, global1.americanexpress.com.akadns.net, edgedl.me.gvt1.com, e7808.dscg.akamaiedge.net, prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net, clients.l.google.com, apigw.americanexpress.com.akadns.net
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:31:29 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9761278845252717
Encrypted:	false
SSDEEP:	48:8nidIT5svHWlQH7idAKZdA1rehwiZUklqehty+3:8nhVsvHZay
MD5:	9605D0D46C324E8C22065EE1F6EF3349
SHA1:	A646C3B8945E05BFE52D61024E07EB2A332E453E
SHA-256:	DAD9D10B1E9E6D99CA3B388ABF2A06479AE38B56FEC64C1BDC37988E16AAF280
SHA-512:	5E04A318AF07DF2B654F461D81698FCC8FF5AF15C96C5667B8E02E1FD0C568CB3E33AA0FCFCF3CC73F75700E971FB2699DCFB57E7FCD5104BD4ABAFC62CDE2C1
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Dc........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X.k....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.k....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X.k...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.k.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............L.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:31:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9917046967327163
Encrypted:	false
SSDEEP:	48:8XidIT5svHWlQH7idAKZdA1ceh/iZUkAQkqehKy+2:8XhVsvH19QLy
MD5:	F75B96DDC7C4DB17A398B358FC6EA6F7
SHA1:	2FE7247F123CB18B477C783FAF5D92CC1C5D2023
SHA-256:	DD8C7B2A2A9515E32C65E3465C66A1C285AEF2B1785788503B37759D76FE4090
SHA-512:	ADDD9C49E9E7348A37B466700F11A7394B1A30A0EA928D2F61707BFAD8AECBF211874B24CF1DF4E57CC428C51838743AB6D00593025607CCC55ECBAAC6E7796F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......c........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X.k....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.k....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X.k...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.k.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............L.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2691
Entropy (8bit):	4.0035435578268554
Encrypted:	false
SSDEEP:	48:8XRidIT5svHSH7idAKZdA14Aeh7sFiZUkmgqeh7sAy+BX:8hhVsvHKnWy
MD5:	12B035EE9D34CFE32C85204DA7D3F48F
SHA1:	63865207A8F822307C668CD026D5DB775D0CA40A
SHA-256:	D92BCAFCFF2811237E27F7E1533065BF87636CEFA18CCACEEF936457A3F65DE9
SHA-512:	44FC51763B32DAF573FFEB7AF4BF55C3574E12C59D8DD5DB7EEE89802C973E1451300DC9B4B1E26172411822DC8BC627352116D0409A17453A12B9C68F6D1EC0
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X.k....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.k....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X.k...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............L.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:31:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9879965669710153
Encrypted:	false
SSDEEP:	48:8TidIT5svHWlQH7idAKZdA1JehDiZUkwqehOy+R:8ThVsvHYYy
MD5:	55CB3AD2EAF26B14F20B96B4FE6ED35F
SHA1:	A66AF5796849BC0D9B22C7F5505A3D413B542217
SHA-256:	61CCE03385F14894A2CEB01BE3BC9CA03F48B045116414AF6B2A629E0F3C84B6
SHA-512:	001FF9F8781E53DA95AD16F817F63F15736F7047772D0D44A142A8E05434AB4E5A029300CD9A0B3D8E847D947F6E2B61BF19DAF3BF5376621010944F7215AC5B
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....=.c........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X.k....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.k....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X.k...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.k.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............L.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:31:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.979161028188405
Encrypted:	false
SSDEEP:	48:88idIT5svHWlQH7idAKZdA1XehBiZUk1W1qeh8y+C:88hVsvHY9cy
MD5:	B78FD461D34D2B16A39BC600FE3DC72C
SHA1:	71C712255888A26DAA2B6474C84C7CE2483DBFED
SHA-256:	06F89015149EAA3E9CDB60F127FA2D88CBB3D4F9A1885935B6C4C2A3DF2DFEB9
SHA-512:	7064E7794520831CE6F551F389226B509DE27EC03FF680FEEFC8080AC32FF7B238E6B32D8F101A89A68804C6FC4E65E63B3E88DF554473B251EC1D434F437E0C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......3c........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X.k....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.k....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X.k...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.k.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............L.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:31:28 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.991604281986774
Encrypted:	false
SSDEEP:	48:87idIT5svHWlQH7idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbWy+yT+:87hVsvHMT/TbxWOvTbWy7T
MD5:	98D28EACEAE5483E9BAB89C5E4A8486A
SHA1:	A9EF56C9A9FDCD73C479ACB23F4C7821E2E15F99
SHA-256:	23EBABC911C99467D58A960D0358D8F5734646BD1BE058D5A6E980E1D3F44B63
SHA-512:	088F7588397948DF98DE60DF8D253B72AE3676B52CF076DA7765E8ABFE11AE178A32073599FACB2ED97B66F357F0EB559E9DFDEC4C037C77F3AFFC9F37521305
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......c........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.I.X.k....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.V.X.k....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.V.X.k...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.k.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............L.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	445
Entropy (8bit):	5.097074251262137
Encrypted:	false
SSDEEP:	6:YWb8hULS2jzuLOdmEFAf+LERLTfq8nFBWWvRC3MOIQyTdwCJ1QmNN2WYqbhIG11A:YBYF/ANFBfoIQUdwC0m2XghIGXjX2Fc6
MD5:	A4AB9F0C2F8408A0818D4844956F5F6C
SHA1:	3E44C4928E114A9606BA14B358A738F9131907E8
SHA-256:	28F0C4EFA9766F9DCB0D4AF99B18712CD4FBCEBAD0E6A08CE5CB2453AC687233
SHA-512:	84E64FBFFAB4D7AE8F066E2D1BC41C9693CB3C57F85AD5763D81671ABD9445A977E7FFA2048C42FD033E4DD896CE900B147C110BE16C7883B7AE2AA798E7BA54
Malicious:	false
Reputation:	low
URL:	https://functions.americanexpress.com/ReadScriptRegistry.v1?name=clicktochat&version=%5E1.0.0&environment=e3&cache=1713274
Preview:	{"name":"clicktochat","version":"1.5.1","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/one/axp-chat-bootstrap/1.5.1/chatTaggingBootStrap.js\",\"integrity\":\"sha256-MSV3Rn+4bdc/h+CQRf5kQ8vYT6Fsukqb2RKvQdWgTK8=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":true,\"functional\":false,\"performance\":false,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (680)
Category:	downloaded
Size (bytes):	42821
Entropy (8bit):	5.625681831053449
Encrypted:	false
SSDEEP:	768:jnmvvH1qk0WXQJ5Wwna3WJsjwb701lK6Q8:jmvvkkUJ8W6vY8
MD5:	CDB83B59516DFEA9F21B126EFBEFA7D2
SHA1:	A163016416623AE63CCCF81B73337108F9507392
SHA-256:	BC7B03745F761929AF869C573481E525E7BA55DD53EFC6E3DBA9C498FE6D65C4
SHA-512:	FAEE794688D1A33746A30897CC825F69C24582C8CAEC3B6F20E2AC0494EC5DF2BA1A4C8EE90E186811BB529C389614BD1CBADDAE36AF409693209969FE9D080C
Malicious:	false
Reputation:	low
URL:	https://global.americanexpress.com/dashboard/ruxitagentjs_D_10255221104040649.js
Preview:	/. Copyright and licenses see https://www.dynatrace.com/company/trust-center/customers/reports//.(function Ym(){function fb(A,y){return xa(A)&&"href"===y?1:ua(A)&&"value"===y?32:yb.Ae.some(function(E){return E.test(y)})?16:gb(A)&&"value"===y?2===ib(A)?16:1:1}function ib(A){if($a(A)\|\|$a(A.parentNode))return 1;cc.has(A)&&Mc.set(A,Mc.get(A)\|8);Fb.has(A)&&Mc.set(A,Mc.get(A)\|2);xb.has(A)&&(yb.Lb?Sc.set(A,Sc.get(A)\|1):Sc.set(A,Sc.get(A)\|4));Aa(A)&&A.hasAttribute("data-dtrum-mask")&&(Va(A)?Sc.set(A,Sc.get(A)\|4):Mc.set(A,Mc.get(A)\|10));if(Mc.has(A))return Mc.get(A);if(Sc.has(A))return Sc.get(A);var y=.A,E=!1;y.nodeType===Node.TEXT_NODE&&(y=y.parentNode,E=!0);var va=Va(y);var Xa=E;void 0===Xa&&(Xa=!1);Xa=!va\|\|Xa\|\|"OPTION"===y.nodeName?(va?Sc:Mc).get(Xa?y:y.parentNode):void 0;var tb=void 0;va&&nb(yb.Ob,y)&&(tb\|=4);!va&&nb(yb.Nb,y)&&(tb\|=2);!va&&nb(yb.Sb,y)&&(tb\|=8);if(tb\|\|va)a:if(va=void 0===va?!1:va,E=void 0===E?!1:E,!va&&tb)Xa=tb;else{if(va){tb=tb&&!(tb&1)\|\|yb.Lb?(!tb\|\|tb&1)&&yb.Lb\|\|tb&&!(tb

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	5624
Entropy (8bit):	3.897995256362582
Encrypted:	false
SSDEEP:	96:GL5GLGGGa7GDaSFF77W87yCG++7d9iYGGeJ7G1j4GeJSAGj7GetIR747WqyCGkWW:G9PO2XHW8G7B59iYGLE8ih/gRsWP7pTS
MD5:	56ADDBA553083EB384B100CBB7E8632F
SHA1:	F718526F1EF720E5D361536615595D5BFC3C9688
SHA-256:	5E60A20DA0F769A6260D4ED755D615DA930B87C62436F807A6FF32D000017D18
SHA-512:	8E25C45C3CB1C056CDBD40E83BFCAE2594C4346C5664D28599C81F84D143970D02C65EA47AC2D74D35B76AC913CC28CC2BD5490283F8877B17DEE63C315FE8A7
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/dls-flag-us.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="100" height="69" viewBox="0 0 100 69"><path fill="#FFF" d="M0 0h100v69H0z"/><path fill="#BD3D44" d="M0 0h100v5.308H0V0zm0 10.615h100v5.308H0v-5.308zm0 10.616h100v5.308H0V21.23zm0 10.615h100v5.308H0v-5.308zm0 10.616h100v5.308H0v-5.308zm0 10.615h100v5.308H0v-5.308zm0 10.616h100V69H0v-5.308z"/><path fill="#192F5D" d="M0 0h52.44v37.154H0V0z"/><path fill="#FFF" d="M4.37 1.59l.477 1.469h1.544l-1.249.907.477 1.469-1.25-.908-1.248.908.477-1.469-1.25-.907h1.545L4.37 1.59zm8.74 0l.477 1.469h1.544l-1.249.907.477 1.469-1.249-.908-1.249.908.477-1.469-1.25-.907h1.545l.477-1.469zm8.74 0l.477 1.469h1.545l-1.25.907.478 1.469-1.25-.908-1.249.908.477-1.469-1.249-.907h1.544l.477-1.469zm8.74 0l.477 1.469h1.544l-1.249.907.477 1.469-1.249-.908-1.25.908.478-1.469-1.25-.907h1.545l.477-1.469zm8.74 0l.477 1.469h1.545l-1.25.907.478 1.469-1.25-.908-1.249.908.477-1.469-1.249-.907h1.544l.477-1.469zm8.74 0l.478 1.469h1.544l-1.25.907.478 1.469-1.25-.908-1.249.908.478-1.46

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (41012)
Category:	downloaded
Size (bytes):	131297
Entropy (8bit):	5.548429140821724
Encrypted:	false
SSDEEP:	3072:muTXl4zlX85ljzlUGlBvlH1elJ5fS2S/RlDWtxbAFsHqR+4cg51:muTXl4zlX85ljzlUGlBvlH1iJ5fS2S/H
MD5:	7982201F3E9F745713CF05B4F1465856
SHA1:	B917702ECE16A99E47739593097B4B39C832CD98
SHA-256:	4BB807147DDC9DC841CC85CD82A6FA358F7026EB816FFDDE9DEE28BBB9D139E3
SHA-512:	9D6AA2CDB1A68BD949D93CF235033C6C38EA3C48EDD6673D7351981B0706CFB935652F81331FED4ED8A454427BD843949A30D648AC2A1BD049D1B649598C018B
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-shortcuts/3.9.0/axp-shortcuts.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{}};return e[r].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)__webpack_require__.d(r,n,function(t){return e[t]}.bind(null,n));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1683
Entropy (8bit):	4.253577895021251
Encrypted:	false
SSDEEP:	48:6q/X8l+gH8l+g91HVSuh/RuHjnxLwuvUi:6WXU+YU+E1zh/8DxXsi
MD5:	EBBBAFAE5BDC09D7DED7CEF405413AC5
SHA1:	7A635ABED6420B798397C62270D2DF8B084CD8A8
SHA-256:	C39E8554624A4B74E596D2BFA96BDD4D30DBC395532AB32E67591C0E929080E9
SHA-512:	1480A00CA3734A56E6676BE44C6507C807D72FCAACC0A3846DFC04BCCB37224B5B3802FC337760C71C5C9697268EFD8FDB33651F80D2C49974B393B06E713CB0
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.7.1/package/dist/img/logos/dls-logo-line.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="235" height="15" viewBox="0 0 235 15"><path fill="none" d="M0 0h235v15H0z"/><path d="M230.1 5.8h-3.6c-.8 0-1.3-.5-1.3-1.2s.6-1.1 1.3-1.1h6.5l1.5-3.3h-8c-3.3 0-5.2 2-5.2 4.6 0 2.8 1.8 4.4 4.7 4.4h3.6c.8 0 1.3.5 1.3 1.2s-.5 1.2-1.3 1.2h-7.8v3.3h7.8c3.3 0 5.2-1.9 5.2-4.7 0-2.8-1.7-4.4-4.7-4.4m-14.3 0h-3.6c-.8 0-1.3-.5-1.3-1.2s.6-1.1 1.3-1.1h6.5l1.5-3.3h-8c-3.3 0-5.2 2-5.2 4.6 0 2.8 1.8 4.4 4.7 4.4h3.6c.8 0 1.3.5 1.3 1.2s-.5 1.2-1.3 1.2h-7.8v3.3h7.8c3.3 0 5.2-1.9 5.2-4.7 0-2.8-1.7-4.4-4.7-4.4m-22.8 9h12.3v-3.3h-8.4V9.1h8.2V5.8h-8.2V3.5h8.4V.2H193zm-7.7-8.4h-4.1V3.5h4.1c1.2 0 1.8.7 1.8 1.5-.1.8-.7 1.4-1.8 1.4m5.7-1.5c0-2.8-2-4.7-5.2-4.7h-8.4v14.6h3.9V9.7h1.4l4.4 5.1h4.8l-4.8-5.3c2.4-.5 3.9-2.3 3.9-4.6m-21 1.8h-4.2V3.5h4.2c1.2 0 1.8.7 1.8 1.6-.1.9-.7 1.6-1.8 1.6m.4-6.5h-8.5v14.6h3.9V10h4.5c3.3 0 5.3-2.1 5.3-4.9 0-2.9-2-4.9-5.2-4.9m-9.2 0h-5l-3.8 4.4-3.8-4.4h-5.1l6.4 7.2-6.5 7.4h5l3.9-4.6 4 4.6h5.1l-6.6-7.5zm-30.7 14.6h12.3v-3.3h-8.4V9.1h8.2V5.8h

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (40329), with NEL line terminators
Category:	downloaded
Size (bytes):	153715
Entropy (8bit):	5.341353084055251
Encrypted:	false
SSDEEP:	1536:6OB6p5nxy7oQ98P0aWVKd3K62Y6VlSmxrYi4cXrBiN2F7gzlJ/liXtf49HQ8vX:pB65YN985WVM6ai4cXsy7gzlu43
MD5:	381DA5E0B14ECE1C087AECD3B0D2D848
SHA1:	89FE842A21A3BA7C1DC5C7088AD6D11F9D8784B3
SHA-256:	B0AB52F743FC882135C31B4A91E07812A5867913A4FF18FCF94FA27B698B6423
SHA-512:	446C7D1274CAC9FD2B4FCC71E36D5B39D488DDC63E04100C27EB2000FC725CBBDF562B72EFB725EF6C55CC1DAFD40949CD2A5D47B94949E4852456A36895F7DB
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/app/5.22.0-e9879399/vendors.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[791],[,,,,,,,,,,,,,,,,function(t,e,r){"use strict";var n,o,i,a=r(197),u=r(7),c=r(5),s=r(12),f=r(10),l=r(15),h=r(59),p=r(75),d=r(34),v=r(23),g=r(17).f,y=r(43),m=r(46),b=r(52),w=r(11),E=r(83),A=c.Int8Array,x=A&&A.prototype,S=c.Uint8ClampedArray,T=S&&S.prototype,O=A&&m(A),R=x&&m(x),I=Object.prototype,P=c.TypeError,k=w("toStringTag"),C=E("TYPED_ARRAY_TAG"),M=E("TYPED_ARRAY_CONSTRUCTOR"),L=a&&!!b&&"Opera"!==h(c.opera),j=!1,N={Int8Array:1,Uint8Array:1,Uint8ClampedArray:1,Int16Array:2,Uint16Array:2,Int32Array:4,Uint32Array:4,Float32Array:4,Float64Array:8},_={BigInt64Array:8,BigUint64Array:8},isTypedArray=function(t){if(!f(t))return!1;var e=h(t);return l(N,e)\|\|l(_,e)};for(n in N)(i=(o=c[n])&&o.prototype)?d(i,M,o):L=!1;for(n in _)(i=(o=c[n])&&o.prototype)&&d(i,M,o);if((!L\|\|!s(O)\|\|O===Function.prototype)&&(O=function TypedArray(){throw P("Incorrect invocation")},L))for(n in N)c[n]&&b(c[n],O);if((!L\|\|!R\|\|R===I)&&(R=O.prototype,L))for(n in N)c[n

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	16976
Entropy (8bit):	4.980108451202337
Encrypted:	false
SSDEEP:	192:80w4eym1UmCydS9vynbU5F4iHv7SydPLLFMD4wnHFD32mGhSkHZAJDQm1mCJoGV2:t1RcnIEkn/CDlHN3FghZoJolT/97
MD5:	9E068F69BD8A51028FBA9B1C0455D8C9
SHA1:	A7766CE3FC948F609A877AB9638AE2700566B792
SHA-256:	697E7578FA14BCB5A73427770C46DD902BFD15C51E505122FFF1C7D7136F8F4F
SHA-512:	F36219C247CA75F5FA9D5EEFCAACB57A81F7B226FA133F792CC52324DD2F05702EF8A49805A1508480901431D79D63CF67820DD9AD8092A28B96FEC17F192399
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-contact-us/3.8.0/en-us/axp-contact-us.json
Preview:	{"locale":"en-US","help":{"title":"Contact Us","progress_circle":"loading","sections":[{"title":"Personal Cards","element":"personal_cards","details":{"phone":{"title":"Phone","description":"For fastest service, choose the number that best describes your call.","items":[{"label":"Customer Service","description":"Already a Card Member? Get help with your existing account.","element":"customer_service","phoneNumber":{"message":["{number}"],"values":{"number":"1-800-528-4800"}},"time":[{"line":"24/7"}],"links":{}},{"label":"TTY/TDD","description":"Hearing Impaired TTY","element":"tty_tdd","phoneNumber":{"message":["Relay:","Dial {number}","and","1-800-528-4800"],"values":{"number":"711"}},"time":[{"line":"24/7"}],"links":{}},{"label":"Make a Payment","description":"Pay your bill by phone. You can also make a payment {link}.","element":"make_payment","phoneNumber":{"message":["{number}"],"values":{"number":"1-800-472-9297"}},"time":[{"line":"24/7"}],"links":{"link":{"isSPA":true,"href":"/p

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	451
Entropy (8bit):	4.996691243906546
Encrypted:	false
SSDEEP:	12:YRV61SsuNgLTF/aV61HQaFBfEjC/hQdwC0m2XghIGXjX2Fc6:YRM8suqH1aMLBfEO46gbXjX2Fc6
MD5:	A83FEDC7AE7025DAB4E758A079961BDE
SHA1:	0BB8BBEB90F1683C410FEFB27CB0FD2750E87E9D
SHA-256:	19A9D930E0E8C2D6C16D7D296CF2D5D341B4CA9D6DF2F815E6AB11456DE8FF1E
SHA-512:	7E1531D63D39C36B742A0FF06D291C1E055293C763DE1A0A55DBD70E4D57DE262974A76E01154D000C71AC960ED0B7CEDFA9059553C80E8B1F5CFC8DA8088E56
Malicious:	false
Reputation:	low
URL:	https://functions.americanexpress.com/ReadScriptRegistry.v1?name=one-stream-data-handler&version=%5E0.1.1&environment=e3&cache=1713274
Preview:	{"name":"one-stream-data-handler","version":"0.1.2","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/one/one-stream-data-handler/0.1.2/oneStream.js\",\"integrity\":\"sha256-q/wkn1S/7uUAaC43XxsH1LVxloind1MwxozDceGlIjw=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":true,\"functional\":false,\"performance\":false,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	448
Entropy (8bit):	5.075044380401444
Encrypted:	false
SSDEEP:	12:Ysau4Fd69H1fSIFBfWX4dwC0m2XghIGXjX2Fc6:Ysau4z69V62BfWS6gbXjX2Fc6
MD5:	916F4DEB59BD17DE8B5474BCCB93C39F
SHA1:	198C8B3A77F4647A87FFDDC549ACB82B99CB2DE3
SHA-256:	40ED13E02BA025D1293A29A08A785179FF0B4A21F6802CB39711023FF6B915E8
SHA-512:	05853167A3B3737D5859B0670C9884178F81878F9A16FE02D48D5B1C6092BDFD83637BA7F19B7928C5E9992AAD74596009140F76769D7037582370F63BAC439B
Malicious:	false
Reputation:	low
URL:	https://functions.americanexpress.com/ReadScriptRegistry.v1?name=user-consent-management&version=%5E1.0.0&environment=e3&cache=1713274
Preview:	{"name":"user-consent-management","version":"1.13.0","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/user-consent-management/ucm/v1.13.0/UCM.js\",\"integrity\":\"sha256-nhMmcOgrdQlhk6qYH4KDdrhbP5AC8u0k7CzwEJdDsYI=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":true,\"functional\":false,\"performance\":false,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12703)
Category:	downloaded
Size (bytes):	12783
Entropy (8bit):	5.4781029432776975
Encrypted:	false
SSDEEP:	192:1bQjUd9wVnroeCAf+nXeG82X65Zjtj9rmM2O55GPa0YC5RKfV:hQ9Vn8eCAhGVX6Xjtj9rmlO2adSRKt
MD5:	86501B2C04C72959CD4AD824AE804771
SHA1:	36A7AC2A80F511DAB377BBDDF3D1BBE30EC0F3B9
SHA-256:	CCB3CF1A9B2D8CCC5DCFD5CF80751D6139BBFE2BEB888D833BE2D28C20C99C7E
SHA-512:	0BB9D03DEE03B9AD4F0041D4D218081C1135F77E2FDEE1CC400519092E31253DF135AB97DAB8A836E96D2D6BBD0B0AB83C27BF5AEADF4E373AB44E6EF1CDFE1D
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/axp-chat-router/1.0.49/chatNleRouterBootStrap.js
Preview:	/! For license information please see chatNleRouterBootStrap.js.LICENSE.txt /.(()=>{var e={7538:e=>{const t="E3".toUpperCase(),a="1.0.49";let o;o="E1"===t\|\|"dev"===t?JSON.stringify({AGENT_AVAILABILITY_API:"https://functions-dev.americanexpress.com/ReadCreditAgentAvailabilityForChat.v1",CHAT_DATA_SOURCE_CONFIG:{url:"https://cdaas-dev.americanexpress.com/one/axp-chat-datasource/1.0.4/chatDataSourceGlobal.js",sri:"sha256-SWS1m54CzruQiszbLA794fjyRotKeakwKX+TVZRAllk="},ENV:"dev",LPCONFIG:{url:`https://cdaas-dev.americanexpress.com/akamai/one/axp-chat-router/${a}/liveperson/E1/le-mtagconfig.js`,sri:"sha256-yIZZesXMc7sUoCLhyPQK2/FZYP83F3qmxFcjmWkte4Q="},TARGETING_API:"https://apigw-dev.americanexpress.com/servicing/v1/contact_management/chats/inquiry_results",TARGETING_POLL_API:"https://apigw-dev.americanexpress.com/servicing/v1/contact_management/chats/polls/inquiry_results",ONE_XP_BASE_URL:"https://one-xp-dev.americanexpress.com",ONE_XP_FAAS_URL:"https://functions-dev.americanexpress.com"

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	366318
Entropy (8bit):	5.063817612262528
Encrypted:	false
SSDEEP:	1536:k0C5fpnw3T1C1HH5W69lywDSD/oM+cHotZ2qIoDD82t/eqnwFa9qHtu03Qfa1s3o:Zu03Mvs8gJHR40UZi1g8v+ObemsLAD
MD5:	D4F6C3591835EB7DD537E0B4DC46B49D
SHA1:	402D69BFC83C2477B72FA978D01045A124E5BAF5
SHA-256:	5697EC2A5B964C283B604E35B4B9A8E550014FD6EBD602A849FD85038113D78B
SHA-512:	A69F67F8B9CCA80C56EC2CC66D3AAF696F86D444F8ECB48A611C71CFB03D2A24B59D09C3BC22802B8CCB57E0D0A807FBB0060BCE73E9DEC31EB34B6057E35199
Malicious:	false
Reputation:	low
Preview:	/! normalize-scss \| MIT/GPLv2 License \| bit.ly/normalize-scss /html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure{display:block}figure{margin:1em 40px}hr{box-sizing:content-box;height:0;overflow:visible}main{display:block}pre{font-family:monospace,monospace;font-size:1em}a{-webkit-text-decoration-skip:objects}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:inherit;font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}dfn{font-style:italic}mark{background-color:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root)

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	474
Entropy (8bit):	5.011663353158969
Encrypted:	false
SSDEEP:	12:Y1XciuSF/McMycSIFBfT0LVmmdwC0m2XghIGXjX2Fc6:Y1MiuS1BM7FBfT0LV6gbXjX2Fc6
MD5:	3C3FFDD00A241A4637D5C36435AED73C
SHA1:	399BC3C37EC9C8BF2772EB4ACA35D0E0921CC0B3
SHA-256:	DDBE6A3D2794E31BBB8D7F118DCA9C6F8E6770DAE7F4C9AC9FAE08B1EC6BDFC0
SHA-512:	BCD7A28609881E387FC73445EA11F3130926B4254C4A91EA6E6EA22FBF58344916314C35F2296E6061A079650332B2E22D79866BA1CEBC1075156874E46CCF22
Malicious:	false
Reputation:	low
URL:	https://functions.americanexpress.com/ReadScriptRegistry.v1?name=dxt-script-supplier-helper&version=%5E1.0.0&environment=e3&cache=1713274
Preview:	{"name":"dxt-script-supplier-helper","version":"1.2.0","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/one/dxt-script-supplier-helper/1.2.0/dxt-script-supplier-helper.js\",\"integrity\":\"sha256-QTajXoJ7uEf+6zniFBu0E5JJpHdM45iCpAvsczoaswc=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":true,\"functional\":false,\"performance\":false,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65136), with no line terminators
Category:	downloaded
Size (bytes):	140358
Entropy (8bit):	5.448985833392655
Encrypted:	false
SSDEEP:	1536:9eZ8ts8bhDRCUQyCDykKnvR10WHpRnw+NOInWB0ceNNccvJj2d:USLm4v301+NOwWB0lNcD
MD5:	3460B0C59C7707177C8100A8D7F5D925
SHA1:	81D9DF4663E40737C665D082D05802FF82D9A40C
SHA-256:	13687146052EC7F8A23CD264CF738DDE092C6942518393E1D930216B937B849A
SHA-512:	EBF634F47DDAE18F8D83A3934903CD40E0591758AE666CA6E94ECDEAF84FC109EFBE13EF759A0D01E21632A49FE947C943BD088744B0A0CF98EF63C3AD31D693
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/app/5.22.0-e9879399/app.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[2],{126:function(t,e,n){"use strict";(function(t){n.d(e,"a",(function(){return initializeClientStore})),n.d(e,"b",(function(){return loadPrerenderScripts})),n.d(e,"d",(function(){return moveHelmetScripts})),n.d(e,"c",(function(){return loadServiceWorker}));var o=n(33),i=n(66),a=n(72),s=n(663),c=n(310),f=n(321),h=n(313),g=n(315);function initializeClientStore(){const e=Object(a.compose)(Object(s.a)(6e3))(fetch),n=Object(c.a)(),i=void 0!==t.__INITIAL_STATE__?h.a.fromJSON(t.__INITIAL_STATE__):void 0;return Object(o.createHolocronStore)({reducer:f.a,initialState:i,enhancer:n,extraThunkArguments:{fetchClient:e}})}function loadPrerenderScripts(t){const e=t&&t.getIn(["intl","activeLocale"]);return e?Object(i.getLocalePack)(e):Promise.resolve()}function moveHelmetScripts(){document.addEventListener("DOMContentLoaded",(()=>{const t=[...document.head.querySelectorAll("script[data-react-helmet]")],e=[...document.body.querySelectorAll("script[da

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (44065)
Category:	downloaded
Size (bytes):	141728
Entropy (8bit):	5.357256930209018
Encrypted:	false
SSDEEP:	3072:cXMcVssSjel5jyliHjFlVcjOlZjbl5jMlH1SrJLYS2ScUlDjN6GThtA3vkpMYL6:cXMPjel5jyliHjFlOjOlZjbl5jMlH1oA
MD5:	8AEB4299F600809BE0740DD93FDBE970
SHA1:	F0BA67105B388D4B9DA780A4834C536267E4BF7B
SHA-256:	3255E264E95AD7288BCD07523494D314E8D248F7187E9AEDFE379D8EB4CC2277
SHA-512:	2B87F48CF9071F61C8EC118B5443D2451D64D672D04676F421834B8C860188E320AC73858B2F7866C5B2E7FEA1A53856A5EBF38CECC90746694A4940F0C3ACEF
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-click-to-chat-placement/3.1.1/axp-click-to-chat-placement.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{}};return e[r].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)__webpack_require__.d(r,n,function(t){return e[t]}.bind(null,n));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6634)
Category:	downloaded
Size (bytes):	7495
Entropy (8bit):	5.47560024747148
Encrypted:	false
SSDEEP:	192:sPxaUx/fAsTBa66wj7DJZ/wq049Euxcpl7s:KLfhDPz/wd49Euf
MD5:	11035D0E5B17C7D24618CC621868835B
SHA1:	FAD32FE8FC600ECCE0B068C6280093EDA0267799
SHA-256:	F449F148911AE735D587601C573A6552193C154666AE58390ABB3517A3368719
SHA-512:	29C25FFED4E67242890721DBB1E92C703426C630C84086FB2C0FC85AC08E4AD539D6D0BD8B424FFBBA590741FEBE220DEAA8C32E497A22A199F745BA6D0F78DF
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/OrchestratorMain.js
Preview:	./@preserve.Version 1.70.1./../@license. Copyright 2002 - 2018 Qualtrics, LLC.. * CONFIDENTIAL. All rights reserved.. . Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. !function(e){function n(n){for(var t,r,i=n[0],a=n[1],c=0,d=[];c<i.length;c++)r=i[c],o[r]&&d.push(o[r][0]),o[r]=0;for(t in a)Object.prototype.hasOwnProperty.call(a,t)&&(e[t]=a[t]);for(s&&s(n);d.length;)d.shift()()}var t={},o={5:0};func

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 163

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4077)
Category:	downloaded
Size (bytes):	4078
Entropy (8bit):	5.359733011650222
Encrypted:	false
SSDEEP:	96:w50lhwCprscxCprTS5lG5PORF7s+43F+kjq7lVkpki:gqSCprXCprTSm5PO7NM+gLr
MD5:	DB08D8B5895C0DD60233A9B11B8C156A
SHA1:	0660A05DEB8AFBB27394D3AFC8378F8673D74CDC
SHA-256:	EAED4F52B8EA307E4EE27BE3AA82190943C46CB3F231AD2DADCAFEDF57E336AB
SHA-512:	303887E16E97B597DDC09DF7820650BC9947318E145EA0C26C1E4D39DE60DA7F8E4471BE24D827330F0D38CAFC754E10F48543C78769EAD01F0C55AA616BB73F
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/user-consent-management/navscript/v1.0.1/navscript.js
Preview:	var navscript=function(e){"use strict";function t(e,t){return function(e){if(Array.isArray(e))return e}(e)\|\|function(e,t){var n=null==e?null:"undefined"!=typeof Symbol&&e[Symbol.iterator]\|\|e["@@iterator"];if(null!=n){var r,a,o,i,c=[],s=!0,u=!1;try{if(o=(n=n.call(e)).next,0===t){if(Object(n)!==n)return;s=!1}else for(;!(s=(r=o.call(n)).done)&&(c.push(r.value),c.length!==t);s=!0);}catch(e){u=!0,a=e}finally{try{if(!s&&null!=n.return&&(i=n.return(),Object(i)!==i))return}finally{if(u)throw a}}return c}}(e,t)\|\|n(e,t)\|\|function(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function n(e,t){if(e){if("string"==typeof e)return r(e,t);var n=Object.prototype.toString.call(e).slice(8,-1);return"Object"===n&&e.constructor&&(n=e.constructor.name),"Map"===n\|\|"Set"===n?Array.from(e):"Arguments"===n\|\|/^(?:Ui\|I)nt(?:8\|16\|32)(?:Clamped)?Array$/.test(n)?r(e,t):void 0}}function r(e,t){(null=

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	3.950212064914748
Encrypted:	false
SSDEEP:	3:WZoS8/ZYn:WZoS8/ZYn
MD5:	C3F64CB2A8B00CBBC30CE2908208A29D
SHA1:	E4AA7CAB67F4CF5FA52371DDC25A75AAFD4D0CCC
SHA-256:	391601283994BCD9486160BF8A5637410D280E1BDDD3AEF5428454976E193E81
SHA-512:	6CCBC26128FE65D6D313B965DA3D2E201D506442D0036404ABB490BE0FC99B3A0FDB611269B932DBA7F3A621E11F79ED213D2B11D487EE39C54A17D97A823552
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSFwl0cFI2n5kE5BIFDZFhlU4SBQ2RYZVO?alt=proto
Preview:	ChIKBw2RYZVOGgAKBw2RYZVOGgA=

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (798)
Category:	downloaded
Size (bytes):	803
Entropy (8bit):	5.168092700875164
Encrypted:	false
SSDEEP:	24:diJBzJzyLYUd6zkdBHslgT9lCuABuoB7HHHHHHHYqmffffffo:diJl4DldKlgZ01BuSEqmffffffo
MD5:	0C7474E943BA61BC15220EFC747603F3
SHA1:	B0E8818001473C56A2F1A263897D5063D645F8D4
SHA-256:	235AA8E1E12E66C66A1C3E94D813796101342C8C020141F452838EA9CB0A6122
SHA-512:	14F28BDE9858D9B1BC826549DBAA0ED027AAB11984150BF61615C318F3B911D748F7D969E5F3015E27E42ED75C8FBD3D8BB01D620EDE110350C8588DC2BBE84E
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["frankie fidler basketball","daily horoscope today","mohamed samura howard university","starbucks spicy lemonade refreshers","severe weather tornadoes","final jeopardy april 15 2024","new york knicks news","american airlines flight attendants"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1683
Entropy (8bit):	4.253577895021251
Encrypted:	false
SSDEEP:	48:6q/X8l+gH8l+g91HVSuh/RuHjnxLwuvUi:6WXU+YU+E1zh/8DxXsi
MD5:	EBBBAFAE5BDC09D7DED7CEF405413AC5
SHA1:	7A635ABED6420B798397C62270D2DF8B084CD8A8
SHA-256:	C39E8554624A4B74E596D2BFA96BDD4D30DBC395532AB32E67591C0E929080E9
SHA-512:	1480A00CA3734A56E6676BE44C6507C807D72FCAACC0A3846DFC04BCCB37224B5B3802FC337760C71C5C9697268EFD8FDB33651F80D2C49974B393B06E713CB0
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="235" height="15" viewBox="0 0 235 15"><path fill="none" d="M0 0h235v15H0z"/><path d="M230.1 5.8h-3.6c-.8 0-1.3-.5-1.3-1.2s.6-1.1 1.3-1.1h6.5l1.5-3.3h-8c-3.3 0-5.2 2-5.2 4.6 0 2.8 1.8 4.4 4.7 4.4h3.6c.8 0 1.3.5 1.3 1.2s-.5 1.2-1.3 1.2h-7.8v3.3h7.8c3.3 0 5.2-1.9 5.2-4.7 0-2.8-1.7-4.4-4.7-4.4m-14.3 0h-3.6c-.8 0-1.3-.5-1.3-1.2s.6-1.1 1.3-1.1h6.5l1.5-3.3h-8c-3.3 0-5.2 2-5.2 4.6 0 2.8 1.8 4.4 4.7 4.4h3.6c.8 0 1.3.5 1.3 1.2s-.5 1.2-1.3 1.2h-7.8v3.3h7.8c3.3 0 5.2-1.9 5.2-4.7 0-2.8-1.7-4.4-4.7-4.4m-22.8 9h12.3v-3.3h-8.4V9.1h8.2V5.8h-8.2V3.5h8.4V.2H193zm-7.7-8.4h-4.1V3.5h4.1c1.2 0 1.8.7 1.8 1.5-.1.8-.7 1.4-1.8 1.4m5.7-1.5c0-2.8-2-4.7-5.2-4.7h-8.4v14.6h3.9V9.7h1.4l4.4 5.1h4.8l-4.8-5.3c2.4-.5 3.9-2.3 3.9-4.6m-21 1.8h-4.2V3.5h4.2c1.2 0 1.8.7 1.8 1.6-.1.9-.7 1.6-1.8 1.6m.4-6.5h-8.5v14.6h3.9V10h4.5c3.3 0 5.3-2.1 5.3-4.9 0-2.9-2-4.9-5.2-4.9m-9.2 0h-5l-3.8 4.4-3.8-4.4h-5.1l6.4 7.2-6.5 7.4h5l3.9-4.6 4 4.6h5.1l-6.6-7.5zm-30.7 14.6h12.3v-3.3h-8.4V9.1h8.2V5.8h

Chrome Cache Entry: 167

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	448
Entropy (8bit):	5.075044380401444
Encrypted:	false
SSDEEP:	12:Ysau4Fd69H1fSIFBfWX4dwC0m2XghIGXjX2Fc6:Ysau4z69V62BfWS6gbXjX2Fc6
MD5:	916F4DEB59BD17DE8B5474BCCB93C39F
SHA1:	198C8B3A77F4647A87FFDDC549ACB82B99CB2DE3
SHA-256:	40ED13E02BA025D1293A29A08A785179FF0B4A21F6802CB39711023FF6B915E8
SHA-512:	05853167A3B3737D5859B0670C9884178F81878F9A16FE02D48D5B1C6092BDFD83637BA7F19B7928C5E9992AAD74596009140F76769D7037582370F63BAC439B
Malicious:	false
Reputation:	low
Preview:	{"name":"user-consent-management","version":"1.13.0","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/user-consent-management/ucm/v1.13.0/UCM.js\",\"integrity\":\"sha256-nhMmcOgrdQlhk6qYH4KDdrhbP5AC8u0k7CzwEJdDsYI=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":true,\"functional\":false,\"performance\":false,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (59929), with no line terminators
Category:	downloaded
Size (bytes):	189587
Entropy (8bit):	5.7076717501276635
Encrypted:	false
SSDEEP:	3072:Ni2BxVOjWTAWqQTkIVgzmh09+ZIXYl6XalAEXolxDpWbOX9lYXUlJXjlHHeHdZ9R:gSxVOyZTDVnh095XYl6XalAEXolzX9lo
MD5:	6D75E7E599BE3E8E4D734CC065828542
SHA1:	E49EF347960015029A81D76B018B442B5A51D6A6
SHA-256:	508F9192CCCE348B4D9C32B457786E379179ACD8A2E9A713F854AF51633026EB
SHA-512:	D1129D4EABA8A8B682196C6F5BA1DCBAE5E25D96B528944F783DF0212531E3C6F73517730C44D8FDACC0FEE8F85654D8764907A9AAC5334AF512A98322C40831
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-faqs/5.2.1/axp-faqs.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var r={};function __webpack_require__(t){if(r[t])return r[t].exports;var n=r[t]={i:t,l:!1,exports:{}};return e[t].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=r,__webpack_require__.d=function(e,r,t){__webpack_require__.o(e,r)\|\|Object.defineProperty(e,r,{enumerable:!0,get:t})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,r){if(1&r&&(e=__webpack_require__(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(__webpack_require__.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var n in e)__webpack_require__.d(t,n,function(r){return e[r]}.bind(null,n));return t},__webpack_require__.n=function(e){var r=e&&e.__esModule?functio

Chrome Cache Entry: 171

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 172

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1643
Entropy (8bit):	4.2559760841563055
Encrypted:	false
SSDEEP:	48:jGsSzhSLaWh6StQ7HT2m7qXNrUh+cR0c/6ierR:jEzQeWh6StQ7H17qdrUhdR0cSierR
MD5:	7C6C3493F958764FD6B2A550A98AB676
SHA1:	0D89801FF7089BCFDDDA2F22AB37DA7155948FF7
SHA-256:	56B8E90244C34621E294D3357EDFEF9A1467E501773ED21B25DC6367AB3D7803
SHA-512:	12E62F7086B75C05B8908784215DE1BC360EBCA9879F68A5E5352E2B82ED02FC5C8AF8033B4270267A79164F559084E22E9B8EAAC4D98F13CDAABD873D2192B6
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-stack-white.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="100" height="28" viewBox="0 0 100 28"><path fill="none" d="M0 0h100v28H0z"/><path d="M96.1 20.3h-2.9c-.6 0-1.1-.4-1.1-.9 0-.6.5-.9 1.1-.9h5.3l1.2-2.7h-6.5c-2.7 0-4.2 1.6-4.2 3.7 0 2.2 1.5 3.5 3.8 3.5h2.9c.6 0 1.1.4 1.1.9s-.4.9-1.1.9h-6.4v2.7h6.4c2.7 0 4.2-1.6 4.2-3.8s-1.4-3.4-3.8-3.4m-11.7 0h-2.9c-.6 0-1.1-.4-1.1-.9 0-.6.5-.9 1.1-.9h5.3l1.2-2.7h-6.5c-2.7 0-4.2 1.6-4.2 3.7 0 2.2 1.5 3.5 3.8 3.5H84c.6 0 1.1.4 1.1.9s-.4.9-1.1.9h-6.4v2.7H84c2.7 0 4.2-1.6 4.2-3.8.1-2.2-1.3-3.4-3.8-3.4m-18.5 7.3h10v-2.7h-6.8V23h6.7v-2.7h-6.7v-1.9h6.8v-2.7h-10zm-6.2-6.8h-3.3v-2.4h3.3c.9 0 1.4.6 1.4 1.2 0 .7-.5 1.2-1.4 1.2m4.6-1.3c0-2.3-1.6-3.8-4.2-3.8h-6.9v11.9h3.2v-4.1h1.2l3.6 4.1H65l-3.9-4.3c2-.5 3.2-1.9 3.2-3.8M47.2 21h-3.4v-2.6h3.4c.9 0 1.4.6 1.4 1.3 0 .7-.4 1.3-1.4 1.3m.4-5.3h-6.9v11.9h3.2v-3.9h3.7c2.7 0 4.3-1.7 4.3-4-.1-2.4-1.7-4-4.3-4m-7.5 0H36l-3 3.6-3.1-3.6h-4.2l5.3 5.9-5.4 6h4.1l3.2-3.8 3.2 3.8h4.2l-5.4-6.1zM15.2 27.6h10v-2.7h-6.9V23H25v-2.7h-6.7v-1.9h6

Chrome Cache Entry: 173

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 174

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	5624
Entropy (8bit):	3.897995256362582
Encrypted:	false
SSDEEP:	96:GL5GLGGGa7GDaSFF77W87yCG++7d9iYGGeJ7G1j4GeJSAGj7GetIR747WqyCGkWW:G9PO2XHW8G7B59iYGLE8ih/gRsWP7pTS
MD5:	56ADDBA553083EB384B100CBB7E8632F
SHA1:	F718526F1EF720E5D361536615595D5BFC3C9688
SHA-256:	5E60A20DA0F769A6260D4ED755D615DA930B87C62436F807A6FF32D000017D18
SHA-512:	8E25C45C3CB1C056CDBD40E83BFCAE2594C4346C5664D28599C81F84D143970D02C65EA47AC2D74D35B76AC913CC28CC2BD5490283F8877B17DEE63C315FE8A7
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="100" height="69" viewBox="0 0 100 69"><path fill="#FFF" d="M0 0h100v69H0z"/><path fill="#BD3D44" d="M0 0h100v5.308H0V0zm0 10.615h100v5.308H0v-5.308zm0 10.616h100v5.308H0V21.23zm0 10.615h100v5.308H0v-5.308zm0 10.616h100v5.308H0v-5.308zm0 10.615h100v5.308H0v-5.308zm0 10.616h100V69H0v-5.308z"/><path fill="#192F5D" d="M0 0h52.44v37.154H0V0z"/><path fill="#FFF" d="M4.37 1.59l.477 1.469h1.544l-1.249.907.477 1.469-1.25-.908-1.248.908.477-1.469-1.25-.907h1.545L4.37 1.59zm8.74 0l.477 1.469h1.544l-1.249.907.477 1.469-1.249-.908-1.249.908.477-1.469-1.25-.907h1.545l.477-1.469zm8.74 0l.477 1.469h1.545l-1.25.907.478 1.469-1.25-.908-1.249.908.477-1.469-1.249-.907h1.544l.477-1.469zm8.74 0l.477 1.469h1.544l-1.249.907.477 1.469-1.249-.908-1.25.908.478-1.469-1.25-.907h1.545l.477-1.469zm8.74 0l.477 1.469h1.545l-1.25.907.478 1.469-1.25-.908-1.249.908.477-1.469-1.249-.907h1.544l.477-1.469zm8.74 0l.478 1.469h1.544l-1.25.907.478 1.469-1.25-.908-1.249.908.478-1.46

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	597
Entropy (8bit):	4.703821355341475
Encrypted:	false
SSDEEP:	12:t4ASogl463fLfStWRZalUNfajRX+X8k/TWMuKdip1R8BLc06RFfxI2K0KJGGRgZi:t4Afgl46vLeWRZOUNC4fLQ1R8BL3n2KT
MD5:	3BEAADDE493A5B5E04CF63A8EDCFD843
SHA1:	65D4ACB7F820FB9A138051BF1D3A05C64C99254F
SHA-256:	29653CF655DF984EEE259080F3070A84E439E90366E8FD3C151EE86160061747
SHA-512:	9EC28FBB36EAFCBEC9EE16368A392432478653E191892DE2F5BB795D797D613A0EF0762883405A532199C586EF23CCEF84595291188C7C4FF7B056FA2FE1FB65
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.28.0/package/dist/img/logos/dls-logo-bluebox-alt.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="45" height="45" viewBox="0 0 45 45"><path fill="#fff" d="M0 0v45h45V0z"/><path d="M0 0v45h45v-7.1h-6.2l-2.3-2.7-2.4 2.7H16.5V23.6h-5.8L18 7.1h7l1.7 3.7V7.1h8.8L37 11l1.4-3.9H45V0H0zm40.2 23.6l-3.6 3.9-3.6-3.9H19v12h10V33h-7v-2.1h6.8v-2.6H22v-2.1h7v-2.6l5.6 6-5.6 6h3.9l3.6-3.9 3.6 3.9h4l-5.6-6 5.6-6h-3.9zm1.4 6L45 33v-6.9l-3.4 3.5zM39.9 9.4l-2.3 6.1-.6 1.7-.6-1.7L34 9.4h-5v12h3V12l.6 1.6 2.9 7.8h2.9l2.9-7.8.6-1.6v9.4H45v-12h-5.1zm-20.3 0l-5.3 12h3.5l.9-2.3h5.8l.9 2.3H29l-5.3-12h-4.1zm1.4 4.1l.6-1.5.6 1.5 1.2 3h-3.7l1.3-3z" fill="#006fcf"/></svg>

Chrome Cache Entry: 176

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 178

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 179

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (3256), with no line terminators
Category:	downloaded
Size (bytes):	3272
Entropy (8bit):	4.943431335283074
Encrypted:	false
SSDEEP:	96:U0IA659wS8kHU/TBorw+bpgllnVk0/RVN+iRV/M+TL6AgmCgbL6agMzKC:Ub7HcTBoNFqnTNFT/MQ6/ev6xMzB
MD5:	906BFED938B60BC6BF81C2920DF2A978
SHA1:	BAA18C98FC9CD22DA63B84F20FD59FC145DD3A46
SHA-256:	FD1CFCBE8D0296731FE667940D29BBD235EBDA7D1CC3B21690D01FD84F09B30B
SHA-512:	4A4E3F1F704DCA02EF88463070D29F87183AA33955B521CB1548E264959755EBA87E53E47A9823B704EC3C1954D7E54C549B86FF59B889E301D399ABD28BD5BC
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/app/5.22.0-e9879399/i18n/en-US.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[242],{902:function(M){M.exports=JSON.parse('{"locale":"en-US","date":{"ca":["gregory","generic"],"hourNo0":true,"hour12":true,"formats":{"short":"{1}, {0}","medium":"{1}, {0}","full":"{1} \'at\' {0}","long":"{1} \'at\' {0}","availableFormats":{"Bh":"h B","Bhm":"h:mm B","Bhms":"h:mm:ss B","d":"d","E":"ccc","EBhm":"E h:mm B","EBhms":"E h:mm:ss B","Ed":"d E","Ehm":"E h:mm a","EHm":"E HH:mm","Ehms":"E h:mm:ss a","EHms":"E HH:mm:ss","Gy":"y G","GyMMM":"MMM y G","GyMMMd":"MMM d, y G","GyMMMEd":"E, MMM d, y G","h":"h a","H":"HH","hm":"h:mm a","Hm":"HH:mm","hms":"h:mm:ss a","Hms":"HH:mm:ss","hmsv":"h:mm:ss a v","Hmsv":"HH:mm:ss v","hmv":"h:mm a v","Hmv":"HH:mm v","M":"L","Md":"M/d","MEd":"E, M/d","MMM":"LLL","MMMd":"MMM d","MMMEd":"E, MMM d","MMMMd":"MMMM d","MMMMW-count-one":"\'week\' W \'of\' MMMM","MMMMW-count-other":"\'week\' W \'of\' MMMM","ms":"mm:ss","y":"y","yM":"M/y","yMd":"M/d/y","yMEd":"E, M/d/y","yMMM":"MMM y","yMMMd":"MMM d, y",

Chrome Cache Entry: 180

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	2402
Entropy (8bit):	4.381271648610257
Encrypted:	false
SSDEEP:	48:Gl84i3sW6LSYDKL1qHI9IDXz6JDUF3tfzHZ96qQ6JDUjmoxTn0:m8XvYDQVD0ZPDCbxT0
MD5:	D97D46FE48D19D2C4F236B9A2CFEE5F3
SHA1:	A164F3588BB4B601C472461A24A6EEC265BCF8C8
SHA-256:	028F643755987211BF2F3ADD6C62AE1870A888CF2F4FE3040A4FAC7DCE2543AB
SHA-512:	4BFF0149D22172B1513B70BD2BA9F6BE69807E5E33BE803D100518CFE1070534160BF79992CDFC47277B3EBB98626E0E6302D08C1DB8A0F7C41FD4DE15B1FB80
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-bluebox-solid.svg
Preview:	<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" x="0" y="0" width="45" height="45" viewBox="0 0 45 45" xml:space="preserve"><style>.st0{fill:#fff}.st1{fill:#006fcf}</style><path id="logo-blue-box-small-45-9x45-a" class="st0" d="M44.9 44.9H0V0h44.9z"/><path class="st1" d="M44.9 24.2V-.1H0v44.9h44.9V31.7c-.1 0 0-7.5 0-7.5" transform="translate(0 .12)"/><path class="st0" d="M39.4 21.7h3.4v-7.9h-3.7v1.1l-.7-1.1h-3.2v1.4l-.6-1.4h-5.9c-.2 0-.4.1-.6.1s-.3.1-.5.2-.3.1-.5.2v-.5H10.2l-.5 1.3-.5-1.3h-4v1.4l-.6-1.4H1.4L0 17.2v4.5h2.3l.4-1.1h.8l.4 1.1h17.6v-1l.7 1h4.9v-.6c.1.1.3.1.4.2s.3.1.4.2c.2.1.4.1.6.1h3.6l.4-1.1h.8l.4 1.1h4.9v-1l.8 1.1zm5.5 10v-7.4H17.4l-.7 1-.7-1H8v7.9h8l.7-1 .7 1h5v-1.7h-.2c.7 0 1.3-.1 1.8-.3v2.1h3.6v-1l.7 1h14.9c.6-.2 1.2-.3 1.7-.6z" transform="translate(0 .12)"/><path class="st1" d="M43.2 29.8h-2.7v1.1h2.6c1.1 0 1.8-.7 1.8-1.7s-.6-1.5-1.6-1.5h-1.2c-.3 0-.5-.2-.5-.5s.2-.5.5-.5h2.3l.5-1.1h-2.7c-1.1 0-1.8.7-1.8 1.6 0 1 .6 1.5 1.6 1.5h1.2c.3 0 .5.2.5.5.1.4-.

Chrome Cache Entry: 181

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 182

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 183

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 184

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 185

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 186

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 187

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 37153, version 1.0
Category:	downloaded
Size (bytes):	37153
Entropy (8bit):	7.98867080062899
Encrypted:	false
SSDEEP:	768:fWDPxSfGL0pYHrHFKbxD9BsFJB3X42pvRFRR77PO6Nv17Zmp+RzwJhH/zwA9:fCPxSfGL0qRODU9HRJ9xTOINmp+RzQh1
MD5:	C0E3B5653C803F69C05862736A765E4A
SHA1:	4AE2328614D48C62388C8409CBD1D9E7B5D4DFDA
SHA-256:	48050D8EEB740BB31AAAD9EB82BCD4A493B474C9385EEDA5FC2CA2EA279CFFAD
SHA-512:	D839EDA84C5BE3ABDE6EB1B1405F92D4975534568053D19BA8AE219B8044584FDD3C918F32C903F52CF0A421C9C896EC8292316E8387BAADF6009B557084EDF7
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.29.1/package/dist/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
Preview:	wOFF.......!......?........p................DSIG.......<... ..J.GPOS..........j...osGSUB.."....\...0&.."OS/2..$P...Y...`..q.VDMX..$....[....o.v.cmap..(...........a?cvt ..* ...@.....D..fpgm..`...........<gasp...............#glyf../...;8..Y.S...head..j@...5...6.:>lhhea..jx...!...$....hmtx..j........lQ.l.kern..m\......?r.\|..loca.......%...8...maxp....... ... ....name...8..........post........... ...2prep.............t.x..yTS...O&.. s@.d.>.. .2IP...0B...0..$..Zh.A.X..HA.2(..BQ.....".R...$aH....o..s.J...9{...{.w...P.......+.......YL.0ym.,J.... U.h.....b8#9.Z...........Z.QX....."5.5.....'....p(..Cl...."...\|..V...k....0......q........<...F+.....y.c%:.NTET.....p.6.........`.. .W.....$.p&+*..`.....{....;La-.......(. &.....T..K...5...).._43.\j...p........._....X,Z`p...f.`yd.H.8^.>...g.@]8A%.`:.)..&.GE.iQ.$.f.)......xyA.Wd...@6c.N...pQ:....A..J.B..\...\|.U....Y1.t[............_./...).P.....kU..v.O..........<..)a...F.:+.9..&.C4R[.................g._..D.

Chrome Cache Entry: 188

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 189

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 190

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (32812), with NEL line terminators
Category:	downloaded
Size (bytes):	67357
Entropy (8bit):	5.3901033161214205
Encrypted:	false
SSDEEP:	1536:hgsrmfPnTB55b+R3I1m7SV2odNmRIWO6Ce:hgsrmfPn959+wm7Rom2e
MD5:	80436D637186C9393945809AED3CE060
SHA1:	A34249A5B495227E7782AF17AE86C42E19238EAC
SHA-256:	4136A35E827BB847FEEB39E2141BB4139249A4774CE39882A40BEC733A1AB307
SHA-512:	5BAC3E0E07430DCCAA75804314C0BA98C47997CB629C92C9A8B33E3BAD53ECFFE27C1176EA1DA94045360BE7308B8754FD22069C9E8ACA76B7541B5E04A0012A
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/dxt-script-supplier-helper/1.2.0/dxt-script-supplier-helper.js
Preview:	!function(t){"function"==typeof define&&define.amd?define(t):t()}((function(){"use strict";var t="e3",r="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function e(t){return t&&t.__esModule&&Object.prototype.hasOwnProperty.call(t,"default")?t.default:t}var n={exports:{}},o=function(t){try{return!!t()}catch(t){return!0}},i=!o((function(){var t=function(){}.bind();return"function"!=typeof t\|\|t.hasOwnProperty("prototype")})),a=i,c=Function.prototype,u=c.call,s=a&&c.bind.bind(u,u),f=a?s:function(t){return function(){return u.apply(t,arguments)}},l=f({}.isPrototypeOf),p=function(t){return t&&t.Math==Math&&t},d=p("object"==typeof globalThis&&globalThis)\|\|p("object"==typeof window&&window)\|\|p("object"==typeof self&&self)\|\|p("object"==typeof r&&r)\|\|function(){return this}()\|\|Function("return this")(),v=i,h=Function.prototype,y=h.apply,g=h.call,m="object"==typeof Reflect&&Reflect.apply\|\|(v?g.bind(y):fu

Chrome Cache Entry: 191

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	445
Entropy (8bit):	5.097074251262137
Encrypted:	false
SSDEEP:	6:YWb8hULS2jzuLOdmEFAf+LERLTfq8nFBWWvRC3MOIQyTdwCJ1QmNN2WYqbhIG11A:YBYF/ANFBfoIQUdwC0m2XghIGXjX2Fc6
MD5:	A4AB9F0C2F8408A0818D4844956F5F6C
SHA1:	3E44C4928E114A9606BA14B358A738F9131907E8
SHA-256:	28F0C4EFA9766F9DCB0D4AF99B18712CD4FBCEBAD0E6A08CE5CB2453AC687233
SHA-512:	84E64FBFFAB4D7AE8F066E2D1BC41C9693CB3C57F85AD5763D81671ABD9445A977E7FFA2048C42FD033E4DD896CE900B147C110BE16C7883B7AE2AA798E7BA54
Malicious:	false
Reputation:	low
Preview:	{"name":"clicktochat","version":"1.5.1","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/one/axp-chat-bootstrap/1.5.1/chatTaggingBootStrap.js\",\"integrity\":\"sha256-MSV3Rn+4bdc/h+CQRf5kQ8vYT6Fsukqb2RKvQdWgTK8=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":true,\"functional\":false,\"performance\":false,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 192

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 193

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 194

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	104
Entropy (8bit):	4.596967234268818
Encrypted:	false
SSDEEP:	3:YAqTqUHJ2hUNs513HAx+kEBWEFJH4n:YAqbp9013HIEBWEPY
MD5:	0B50EF449E4F7E2F144227475599FE01
SHA1:	669B5FC411E5ADB05A71A56A6F6BE28606622642
SHA-256:	FC0EE9476197548DBFB6314915F5E97A80D1983E7DD441572CA23771F351A5C5
SHA-512:	A6A1D8433FC4A22C61A1EC13944398638DAC9A1856E9BF49FC1BDD33E887309BB03EFE2DDB80E18D4C366EFEE398FE798D8C33D89639755386AA9709E71ADA03
Malicious:	false
Reputation:	low
URL:	https://functions.americanexpress.com/ReadUserSession.v1
Preview:	{"errorCode":"IDENT01","description":"Must provide user JWT after \"aat=\" under header key \"Cookie\""}

Chrome Cache Entry: 195

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	597
Entropy (8bit):	4.703821355341475
Encrypted:	false
SSDEEP:	12:t4ASogl463fLfStWRZalUNfajRX+X8k/TWMuKdip1R8BLc06RFfxI2K0KJGGRgZi:t4Afgl46vLeWRZOUNC4fLQ1R8BL3n2KT
MD5:	3BEAADDE493A5B5E04CF63A8EDCFD843
SHA1:	65D4ACB7F820FB9A138051BF1D3A05C64C99254F
SHA-256:	29653CF655DF984EEE259080F3070A84E439E90366E8FD3C151EE86160061747
SHA-512:	9EC28FBB36EAFCBEC9EE16368A392432478653E191892DE2F5BB795D797D613A0EF0762883405A532199C586EF23CCEF84595291188C7C4FF7B056FA2FE1FB65
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="45" height="45" viewBox="0 0 45 45"><path fill="#fff" d="M0 0v45h45V0z"/><path d="M0 0v45h45v-7.1h-6.2l-2.3-2.7-2.4 2.7H16.5V23.6h-5.8L18 7.1h7l1.7 3.7V7.1h8.8L37 11l1.4-3.9H45V0H0zm40.2 23.6l-3.6 3.9-3.6-3.9H19v12h10V33h-7v-2.1h6.8v-2.6H22v-2.1h7v-2.6l5.6 6-5.6 6h3.9l3.6-3.9 3.6 3.9h4l-5.6-6 5.6-6h-3.9zm1.4 6L45 33v-6.9l-3.4 3.5zM39.9 9.4l-2.3 6.1-.6 1.7-.6-1.7L34 9.4h-5v12h3V12l.6 1.6 2.9 7.8h2.9l2.9-7.8.6-1.6v9.4H45v-12h-5.1zm-20.3 0l-5.3 12h3.5l.9-2.3h5.8l.9 2.3H29l-5.3-12h-4.1zm1.4 4.1l.6-1.5.6 1.5 1.2 3h-3.7l1.3-3z" fill="#006fcf"/></svg>

Chrome Cache Entry: 196

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	433
Entropy (8bit):	5.094228865049996
Encrypted:	false
SSDEEP:	12:YhZSuvwF/RFBf2NH7dwC0m2XghIGXjX2Fc6:YhZSuvw13BfOHH6gbXjX2Fc6
MD5:	43836660FEFC8C72510A2BF8881F551B
SHA1:	B77D0ECBABB28D9D4FD94293E5D27F7E285B832B
SHA-256:	AFEA722CC0278A1A895A3F506947C0A8A2520AAEFBD03E1DFA688E7235CFF1B8
SHA-512:	9F531F69679B3AE86772D9A620F223F7F18265DEF336D76A7B9A85F75FF7B2CDB881AC4C48F0FAF998878EE66A86443630C4A1D91E3CF94B142B53CB0C968168
Malicious:	false
Reputation:	low
URL:	https://functions.americanexpress.com/ReadScriptRegistry.v1?name=chatwrapper&version=%5E1.0.0&environment=e3&cache=1713274
Preview:	{"name":"chatwrapper","version":"1.1.5","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/one/axp-chat-router/1.1.5/chatWrapper.js\",\"integrity\":\"sha256-DPGz33hPmDgRPYgklUC3mlFUQf77NUkIGvDCqncZe0E=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":true,\"functional\":false,\"performance\":false,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 197

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	76
Entropy (8bit):	4.549327724893576
Encrypted:	false
SSDEEP:	3:amaZzArIMJHzuXHnwzRWW7n:aJ9XQzR/7n
MD5:	D508204EE7EB6DF4D7A47B7CDD3F56C1
SHA1:	A2F23E0121566C927AEE5171ACAEAC46E05AB1F1
SHA-256:	71E6151A83E306E55577261697D8A2298690C1BA07DE1DE2464AB894D20A4CC3
SHA-512:	680DD07F54A847FBC586550B6032A79F0614730EC54AE39A4396E2D02339583EDFB6F21762A7BC9EC734612EE4A37D3693C8DFCC4AF61BE7F026752AAD6C9CBD
Malicious:	false
Reputation:	low
Preview:	{ "code":"104050", "message":"Invalid HTTP verb for the requested resource"}

Chrome Cache Entry: 198

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 199

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 200

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (41245)
Category:	downloaded
Size (bytes):	60392
Entropy (8bit):	5.273741350496987
Encrypted:	false
SSDEEP:	1536:t7Aml1T+RLu9+HNjJis3yKJLqS2SHClDuU1Q5FmIOS:tAml1T+xBp3yKJLqS2SHClDg0S
MD5:	38F67E29166A634C520F5B41E58FF2D8
SHA1:	1415DD7EFBC3707B283CFD3AF9C6C45CFE8098CC
SHA-256:	13B79BC533B3DE8BE0C39D86F90623BB650718569217AD3BDD2F5FD94AA99CC3
SHA-512:	5D73E7DC78C4E54A824737213F51F09738BA5E0C61A4CD0471B7DD9FB5FCB2703302C1E6B55E0008838B48A3CC2951CAFED08C46A17E7A2EE8E0076AD1B50119
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-voice-of-customer/2.1.0/axp-voice-of-customer.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{}};return e[r].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)__webpack_require__.d(r,n,function(t){return e[t]}.bind(null,n));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 201

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (3704)
Category:	downloaded
Size (bytes):	3710
Entropy (8bit):	5.830908104331048
Encrypted:	false
SSDEEP:	96:UliKPFd66666iV+QYy0WBoW54Pj6bxIbK8YeqWWEKa+fffffX:CvPFd66666iV+QYy36kxIKLWWEk
MD5:	C80EAA6578FDB3CF7020602F8306492F
SHA1:	B1967B90B3CCFE93DFEDB05F2057C9D4E08D9046
SHA-256:	185445EBC4FA6C96D29D2A94E90406520DC12A6C004C31D6A677BA767B3C4997
SHA-512:	E22C9662EE1B937E56BAAC8BBDA0C851793A1B4D5A56AD28417C7570669EDA65F1ECEFA048DE449DEC26CF37FF04353DF7D6DD36C949992F9DAD19F9AE3B76D3
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["kentucky basketball transfer portal","nichole hart walmart manager","ctc child tax credit","when fallout season 2","sony ps5 pro","brood xiii cicadas","salvador p.rez","tekken 8 patch notes"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8waDNsdjN4EiRWZW5lenVlbGFuLUFtZXJpY2FuIGJhc2ViYWxsIGNhdGNoZXIy/w9kYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQU93TUJJZ0FDRVFFREVRSC94QUFiQUFBQ0FnTUJBQUFBQUFBQUFBQUFBQUFGQmdNRUFRSUhBUC9FQURZUUFBRUVBQVFEQmdNRkNRQUFBQUFBQUFFQ0F3UVJBQVVTSVJNaU1SUkJVV0Z4a1Fh

Chrome Cache Entry: 202

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 203

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 204

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 205

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (778), with no line terminators
Category:	downloaded
Size (bytes):	778
Entropy (8bit):	4.990029569572582
Encrypted:	false
SSDEEP:	24:9RY1OSDPGxQwqnzF3IlvuHF/TYq25MuLZ053+QP2wd74deS7w:PCqxQwqpYlMY/5mPu7kS7w
MD5:	9A59FF63C7818D514B830C4733D9C19A
SHA1:	0029EABC7789BADE11DB53C5B119C35A72205166
SHA-256:	0CF1B3DF784F9838113D88249540B79A515441FEFB3549081AF0C2AA77197B41
SHA-512:	F97EE97C0D7216363A76F6B3F31B2C09986109821E74B0F9CF862D85921065C995129AA0EFE266045B41A2DABC52421346B23D8C8859484C4DE0854AD4A80693
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/axp-chat-router/1.1.5/chatWrapper.js
Preview:	(()=>{"use strict";var t={};t.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(t){if("object"==typeof window)return window}}();const e={insertScripts:(e,i,r,c)=>{if(!document.querySelector(`#${i}`)){const n=document.createElement("script");n.type="text/javascript",n.id=i,n.src=e,n.integrity=r,n.crossOrigin="anonymous",n.addEventListener("load",(()=>{t.g.c2cRule.receivePageData(c)})),document.body.append(n)}},receivePageData:t=>{try{if(t){const{ruleUrl:i,ruleSri:r}=t;e.insertScripts(i,"chatRule",r,t)}}catch(t){}},initiate:()=>{window.scriptConfig&&window.scriptConfig.chatwrapper&&e.receivePageData(window.scriptConfig.chatwrapper)}},{initiate:i}=e;t.g.c2cWrapper={initiate:i},t.g.c2cWrapper.initiate()})();

Chrome Cache Entry: 206

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 207

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 69766, version 1.0
Category:	downloaded
Size (bytes):	69766
Entropy (8bit):	7.991986596786615
Encrypted:	true
SSDEEP:	1536:p4X9WjbqgCHHkFA5qFGtAWlVXgycaY4yKFFJD4FryuqJS8ByfbhZ:6EjbUkFA56SLFm36EmuqD8fbhZ
MD5:	A07548869B852060E0F08B37CC570261
SHA1:	9FD27C5D71ACC069E5AFAC2BDA57BAC61222FE73
SHA-256:	B1F37B2F1CC26EF70671E3C2D345CFFDCC06F02E72FCD6063C350094265426B9
SHA-512:	3FD678468239578206FAE0E1A7EB3C1F11682E9A5168D631F7657027096CCAA0453E9D00DEB8EC7A1DE03DE47524CD01C85B8A7DAA1EAA9F6AE49FC68726BE85
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.28.0/package/dist/fonts/325e6ad0-38fb-4bad-861c-d965eab101d5-3.woff
Preview:	wOFF........................................DSIG................GPOS......$.........GSUB..&....u........OS/2..2....P...`.PD.cmap..2X...2.......cvt ..4....,.......Jfpgm..4.........rZr@gasp..8H............glyf..8P......^.%_.khead.......0...6....hhea.......!...$.U..hmtx...@...3.....F..kern...t..<.......Mloca...$..........:maxp....... ... ...#name...............Bpost...t....... ...2prep.......K...K............x..}.pU.......[ .......)0.`c.Xv.L...-+X./.2...q...!..)..R...z.f<..0^.!......h....J..2..].V.Z.sz..O.s.=W...l.{......w......}... .T.@<C.X...y..4...OR..K2M....?8.f/}`.XZ.t....\.r,.\...~..g...R..........J.wC)].%R....$.,...c#=..\|...W..&..\|.....6........?..q>.=.......6o+.L_.l.D...._.S....Xx..f...K1_....W4.9.hc...h..:d....Mx1a{.7.P....>2..C.?......t<.=...)/....M9..a...K..).L.......L-..x.{.{.......s..?y.K.3i.....7.@..3~....a.#3.3_...!k~............*.rv{..3:gR...r^.9.....\..{4..aK.=3...O..w.o..9......Gy.y.y..V..f...y..~..../..1?!?#. .v.....

Chrome Cache Entry: 208

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 209

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (44208)
Category:	downloaded
Size (bytes):	65835
Entropy (8bit):	5.306503689915306
Encrypted:	false
SSDEEP:	1536:70x7oL7pX6YWI/48ClFoW256L14ihNXKcFI4bREq+kvGYvfrPE6bkn:B6648ClFI6rKcFIKxvGYvfrPE6bC
MD5:	9D0F6639B5F5081EC9406DE5D31CB697
SHA1:	B0FE533937DDBBF4D481CC47087C976401B37ED8
SHA-256:	BA3CDCEF077A43E640288BC24CE6865203B8798885632AB966A435ACFFA14B13
SHA-512:	8579B86B70E95E03DE511AA48C3298124F9831CF20EB187729ABAAFEBD1DEFCF20A8B2CF37385AC02E52F691A5E97DC81D04A5500BDDF7801A5B28530F67857B
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-myca-site-area-nav/4.32.2/axp-myca-site-area-nav.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{}};return e[r].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)__webpack_require__.d(r,n,function(t){return e[t]}.bind(null,n));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 210

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (43906)
Category:	downloaded
Size (bytes):	139292
Entropy (8bit):	5.415114531600454
Encrypted:	false
SSDEEP:	3072:wXV2l3rlnUKQl8KlzWlBClH1ICJ54S2SMflDjUcjKL2nuxjBCPgcUG:wXV2l3rln3Ql8KlzWlBClH1PJ54S2SMb
MD5:	6EE16AEDAA380176DBA75ABE2FB51F09
SHA1:	DB6E8440CF9E4557D07533025453B089E22EB57E
SHA-256:	864A3C79A18B4ED8D38572A7349AE3352203839E86FB52E9C3AD67B70F3C5A0D
SHA-512:	2C06207429496867B63D62910EEF2D998930DEC7C63D8D1E5FDB02969B07F5843D27B5CE1B6E5F43F9E1E2547DA19AAD1C65A784BBF6013BA24FE39A274CB6CC
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-contact-us/3.8.0/axp-contact-us.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{}};return e[r].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)__webpack_require__.d(r,n,function(t){return e[t]}.bind(null,n));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 211

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 212

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 37153, version 1.0
Category:	downloaded
Size (bytes):	37153
Entropy (8bit):	7.98867080062899
Encrypted:	false
SSDEEP:	768:fWDPxSfGL0pYHrHFKbxD9BsFJB3X42pvRFRR77PO6Nv17Zmp+RzwJhH/zwA9:fCPxSfGL0qRODU9HRJ9xTOINmp+RzQh1
MD5:	C0E3B5653C803F69C05862736A765E4A
SHA1:	4AE2328614D48C62388C8409CBD1D9E7B5D4DFDA
SHA-256:	48050D8EEB740BB31AAAD9EB82BCD4A493B474C9385EEDA5FC2CA2EA279CFFAD
SHA-512:	D839EDA84C5BE3ABDE6EB1B1405F92D4975534568053D19BA8AE219B8044584FDD3C918F32C903F52CF0A421C9C896EC8292316E8387BAADF6009B557084EDF7
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.28.0/package/dist/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
Preview:	wOFF.......!......?........p................DSIG.......<... ..J.GPOS..........j...osGSUB.."....\...0&.."OS/2..$P...Y...`..q.VDMX..$....[....o.v.cmap..(...........a?cvt ..* ...@.....D..fpgm..`...........<gasp...............#glyf../...;8..Y.S...head..j@...5...6.:>lhhea..jx...!...$....hmtx..j........lQ.l.kern..m\......?r.\|..loca.......%...8...maxp....... ... ....name...8..........post........... ...2prep.............t.x..yTS...O&.. s@.d.>.. .2IP...0B...0..$..Zh.A.X..HA.2(..BQ.....".R...$aH....o..s.J...9{...{.w...P.......+.......YL.0ym.,J.... U.h.....b8#9.Z...........Z.QX....."5.5.....'....p(..Cl...."...\|..V...k....0......q........<...F+.....y.c%:.NTET.....p.6.........`.. .W.....$.p&+*..`.....{....;La-.......(. &.....T..K...5...).._43.\j...p........._....X,Z`p...f.`yd.H.8^.>...g.@]8A%.`:.)..&.GE.iQ.$.f.)......xyA.Wd...@6c.N...pQ:....A..J.B..\...\|.U....Y1.t[............_./...).P.....kU..v.O..........<..)a...F.:+.9..&.C4R[.................g._..D.

Chrome Cache Entry: 213

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (15984), with no line terminators
Category:	downloaded
Size (bytes):	15984
Entropy (8bit):	5.249652079043917
Encrypted:	false
SSDEEP:	192:WQHBJy1k/r3ykQZ2ky6b40L12s/7Hbnh2iimI91KLIABYYKljN8Dqh1ty7ePVOnU:DB3aZUz7OiNJTQMSu6MFauL
MD5:	C6CCD302D5A00A34E1851C2CC4E609D4
SHA1:	86A93913A5EB3F803AC41BF6255E2E3FF31B609E
SHA-256:	F1C2FDA9627351E28491AB6832E1B716B32DDD416DA7E2715F62140721866F91
SHA-512:	F6025497289A9D3FD0191E501DF9E660AFCDC65F65681D39FAF8D83AA96239C34CCB92E720EE7F3680942DB7D53028AB9B5A0FE3BC6310CB736E2D06618CD5BD
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/app/5.22.0-e9879399/runtime.js
Preview:	!function(n){function webpackJsonpCallback(i){for(var a,t,s=i[0],u=i[1],f=i[2],l=0,c=[];l<s.length;l++)t=s[l],Object.prototype.hasOwnProperty.call(e,t)&&e[t]&&c.push(e[t][0]),e[t]=0;for(a in u)Object.prototype.hasOwnProperty.call(u,a)&&(n[a]=u[a]);for(o&&o(i);c.length;)c.shift()();return r.push.apply(r,f\|\|[]),checkDeferredModules()}function checkDeferredModules(){for(var n,i=0;i<r.length;i++){for(var a=r[i],t=!0,s=1;s<a.length;s++){var o=a[s];0!==e[o]&&(t=!1)}t&&(r.splice(i--,1),n=__webpack_require__(__webpack_require__.s=a[0]))}return n}var i={},e={1:0},r=[];function __webpack_require__(e){if(i[e])return i[e].exports;var r=i[e]={i:e,l:!1,exports:{}};return n[e].call(r.exports,r,r.exports,__webpack_require__),r.l=!0,r.exports}__webpack_require__.e=function requireEnsure(n){var i=[],r=e[n];if(0!==r)if(r)i.push(r[2]);else{var a=new Promise((function(i,a){r=e[n]=[i,a]}));i.push(r[2]=a);var t,s=document.createElement("script");s.charset="utf-8",s.timeout=120,__webpack_require__.nc&&s.setAt

Chrome Cache Entry: 214

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 215

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (32966), with LF, NEL line terminators
Category:	downloaded
Size (bytes):	84249
Entropy (8bit):	5.369772930139822
Encrypted:	false
SSDEEP:	1536:dc22Q6Oc6yIrFF47CRxQ/m3ThOaCY0C3sK27/Jz0jLoDv/DjiSap:J616B5uRW3a7/usD/ap
MD5:	96D87B40A0EC72F20D01BA5A0FDD70D0
SHA1:	C9933F1F49F55EEBB6047DCE76801178B093B2E3
SHA-256:	312577467FB86DD73F87E09045FE6443CBD84FA16CBA4A9BD912AF41D5A04CAF
SHA-512:	324F93E6D0A14EB2D21D4CE55C92A543A546E2A34BEB13588B559BDB143BE0572F2D4EDBB2D69F42CA07C5DAE4D2544AA37FB558B8BB327EF4AB1CC3D7E38FE7
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/axp-chat-bootstrap/1.5.1/chatTaggingBootStrap.js
Preview:	/! For license information please see chatTaggingBootStrap.js.LICENSE.txt /.(()=>{var t={195:function(t){t.exports=function(t){var e={};function r(n){if(e[n])return e[n].exports;var o=e[n]={i:n,l:!1,exports:{}};return t[n].call(o.exports,o,o.exports,r),o.l=!0,o.exports}return r.m=t,r.c=e,r.d=function(t,e,n){r.o(t,e)\|\|Object.defineProperty(t,e,{enumerable:!0,get:n})},r.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},r.t=function(t,e){if(1&e&&(t=r(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var o in t)r.d(n,o,function(e){return t[e]}.bind(null,o));return n},r.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return r.d(e,"a",e),e},r.o=function(t,e){return Object.prototype.hasOwnPro

Chrome Cache Entry: 216

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2026)
Category:	downloaded
Size (bytes):	2027
Entropy (8bit):	5.135456415051486
Encrypted:	false
SSDEEP:	48:6SG9GmqiyYoDemQ7d4hIO1z8BlDl+mp3bWHiyad:6T95qwoDBmi2lDlnFqO
MD5:	81CA69EE0C7A348E5ED11BE5B6395BFD
SHA1:	96E75F390E58252F49CD24E57B32224089FF593E
SHA-256:	ABFC249F54BFEEE500682E375F1B07D4B5719688A7775330C68CC371E1A5223C
SHA-512:	F29AB3017186A2A7F941E63E6A8B6991A282D354D6FBA9B8014210C00D885CF424320764B212AAD9D7BEA738916BC55F170C5B111F08080741F7DC1F3F56B2DD
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/one-stream-data-handler/0.1.2/oneStream.js
Preview:	!function(e){"function"==typeof define&&define.amd?define(e):e()}((function(){"use strict";var e="https://iwmapapi.americanexpress.com/beacon";function t(e){return(t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(e)}function n(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function r(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){if(Array.isArray(e))return e;var n=[];for(var r in e)"object"===t(e[r])&&n.push(e[r]);return n}function i(t){try{var i={open:function(){},setRequestHeader:function(){},send:function(){}};window.XMLHttpRequest&&(i=new XMLHttpRequest);var a=function(e){for(var t=1;t<argumen

Chrome Cache Entry: 217

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	6484
Entropy (8bit):	4.756233077795908
Encrypted:	false
SSDEEP:	48:YOACayYbT6EWFlS3tRJzTcT7oaToa04Uj6vNcqXEcFh3PT+8IORceLzcHbb2hPfm:tkZTizqbKb6PxGNOp2lU6q
MD5:	B3624A905E586A7A3E00237D0975A3D3
SHA1:	4EE342DDDF66374E7C2E79BC9959A285FA0E3613
SHA-256:	493F4F22BFEE070A20C8792AF39DE32964FA2CE4EF9801A85D5886F2135D89A0
SHA-512:	F9B870328081F1E2096E9A90792AF0BFD599AD33997960E8C309BC520A57625366EF7E76488384761B9FFF9E1530111181A3F0A5A42F7BE2221D7C95A5CCEA69
Malicious:	false
Reputation:	low
Preview:	{"locale":"en-US","defaultText":"Enter a keyword or topic","wordbank":[{"id":1,"keyword":"Account Balance","intent":"Statement Balance","weight":0},{"id":2,"keyword":"Activate Card","intent":"Confirm Card","weight":0},{"id":3,"keyword":"Activate Gift Card","intent":"Activate Gift Card","weight":0},{"id":4,"keyword":"Airline Tickets","intent":"Book Travel","weight":0},{"id":5,"keyword":"Airport Lounge Access ","intent":"Centurion Lounge","weight":0},{"id":7,"keyword":"American Express Travel","intent":"Amex Travel General","weight":0},{"id":8,"keyword":"Amex Offers","intent":"Amex Offers","weight":0},{"id":9,"keyword":"Annual Fee","intent":"Membership Fee","weight":0},{"id":10,"keyword":"Annual Report","intent":"Year End Summary","weight":0},{"id":11,"keyword":"Annual Statement","intent":"Statement Balance","weight":0},{"id":12,"keyword":"Available Credit","intent":"Increase Credit Limit ","weight":0},{"id":13,"keyword":"Balance Transfer","intent":"Balance Transfer ","weight":0},{"id":1

Chrome Cache Entry: 218

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (45542)
Category:	downloaded
Size (bytes):	264821
Entropy (8bit):	5.52734309786124
Encrypted:	false
SSDEEP:	6144:uL3tflxLlZXmlwUlGJloAlFPH74iSXS+FlG4pMu0yMTo71+19NK7iX1f7XNYym9X:uLppPQMBQ
MD5:	97346592E3EB1A9C0F50240403752D8F
SHA1:	D6F51946193DBB82529EA1704B0BF67AB3A5929B
SHA-256:	1794E579DD5854636B734EF7544C1181BE46EB5F7C731792E27F0EB62E155B2F
SHA-512:	7B92AD2562416009EBBE9CAC32FF36451C328FEECA981869CA17C86B149DCA843A41D884A32BB3CFCEF1A8D5B487E45F9D9BBEA8B4FD076DD9BF2601DBE8C185
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-global-header/4.3.37/axp-global-header.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var a={};function __webpack_require__(t){if(a[t])return a[t].exports;var l=a[t]={i:t,l:!1,exports:{}};return e[t].call(l.exports,l,l.exports,__webpack_require__),l.l=!0,l.exports}return __webpack_require__.m=e,__webpack_require__.c=a,__webpack_require__.d=function(e,a,t){__webpack_require__.o(e,a)\|\|Object.defineProperty(e,a,{enumerable:!0,get:t})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,a){if(1&a&&(e=__webpack_require__(e)),8&a)return e;if(4&a&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(__webpack_require__.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&a&&"string"!=typeof e)for(var l in e)__webpack_require__.d(t,l,function(a){return e[a]}.bind(null,l));return t},__webpack_require__.n=function(e){var a=e&&e.__esModule?functio

Chrome Cache Entry: 219

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	6484
Entropy (8bit):	4.756233077795908
Encrypted:	false
SSDEEP:	48:YOACayYbT6EWFlS3tRJzTcT7oaToa04Uj6vNcqXEcFh3PT+8IORceLzcHbb2hPfm:tkZTizqbKb6PxGNOp2lU6q
MD5:	B3624A905E586A7A3E00237D0975A3D3
SHA1:	4EE342DDDF66374E7C2E79BC9959A285FA0E3613
SHA-256:	493F4F22BFEE070A20C8792AF39DE32964FA2CE4EF9801A85D5886F2135D89A0
SHA-512:	F9B870328081F1E2096E9A90792AF0BFD599AD33997960E8C309BC520A57625366EF7E76488384761B9FFF9E1530111181A3F0A5A42F7BE2221D7C95A5CCEA69
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-search-box/7.7.3/en-us/axp-search-box.json
Preview:	{"locale":"en-US","defaultText":"Enter a keyword or topic","wordbank":[{"id":1,"keyword":"Account Balance","intent":"Statement Balance","weight":0},{"id":2,"keyword":"Activate Card","intent":"Confirm Card","weight":0},{"id":3,"keyword":"Activate Gift Card","intent":"Activate Gift Card","weight":0},{"id":4,"keyword":"Airline Tickets","intent":"Book Travel","weight":0},{"id":5,"keyword":"Airport Lounge Access ","intent":"Centurion Lounge","weight":0},{"id":7,"keyword":"American Express Travel","intent":"Amex Travel General","weight":0},{"id":8,"keyword":"Amex Offers","intent":"Amex Offers","weight":0},{"id":9,"keyword":"Annual Fee","intent":"Membership Fee","weight":0},{"id":10,"keyword":"Annual Report","intent":"Year End Summary","weight":0},{"id":11,"keyword":"Annual Statement","intent":"Statement Balance","weight":0},{"id":12,"keyword":"Available Credit","intent":"Increase Credit Limit ","weight":0},{"id":13,"keyword":"Balance Transfer","intent":"Balance Transfer ","weight":0},{"id":1

Chrome Cache Entry: 220

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 221

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	449
Entropy (8bit):	5.064576642399776
Encrypted:	false
SSDEEP:	6:YW3PSpwzuLOdmEhZEtL5bFBWWvOV0847tKGdwCJ1QmNN2BbhIVl1DnXpXkDcAcfS:YaqSFMFBfC08IjdwC0m2FhIVHjX2Fc6
MD5:	47218B12258489F9471291B194883FF4
SHA1:	16681AC4AF3F8AF18A4E860A97F5BC68C7F64EC9
SHA-256:	1A3FB2A8BDA1301D49AAE0C5E21D91E2FA5F96D19C1DEF2E1BF284F33C4C7BE0
SHA-512:	F0A2661B103C2AF316C089A3149AECAA0AC13A5DE153D7B8F8C838F2E2ECBE19374792BAB2A6CBE9E6986EEC3F7B3B03D69FC8E6BC424924D496A14F5AF6CE4A
Malicious:	false
Reputation:	low
URL:	https://functions.americanexpress.com/ReadScriptRegistry.v1?name=adobe&version=1.2.0&environment=e3&cache=1713274
Preview:	{"name":"adobe","version":"1.2.0","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/dxt-vendor-shared-scripts/adobe-wrapper/1.6.6/adobe-wrapper.js\",\"integrity\":\"sha256-CE3UbcMC0gR2MaW3iKSspnLMyk1ECSuGHww4mfFDnQk=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":false,\"functional\":false,\"performance\":true,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 222

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	1324006
Entropy (8bit):	5.485158956895352
Encrypted:	false
SSDEEP:	24576:bbDECXabUYQeJIbWkxmJiBflToi7fS1WNrn:bSueJIbWksJiB0cn
MD5:	D99486CB043F8729311C782A7631F3A7
SHA1:	FAFDAFA34A752059E187E07EF5F11A504798182A
SHA-256:	3AC8C6B27FEB78E1916CAB39B0F693D9EF43ED190536474911DFA70E36586771
SHA-512:	FAF446A2C720AF3A645A2F0434D9CAFF0D27A2EBF1E1CCCE674D36915C81293A8388756117730DFB2DCC213D63B7393F5E360F067E127557D9277998A7D7621A
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-myca-root/5.33.0/axp-myca-root.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var te=function(te){function webpackJsonpCallback(re){for(var oe,ie,ae=re[0],ue=re[1],ce=0,le=[];ce<ae.length;ce++)ie=ae[ce],Object.prototype.hasOwnProperty.call(ne,ie)&&ne[ie]&&le.push(ne[ie][0]),ne[ie]=0;for(oe in ue)Object.prototype.hasOwnProperty.call(ue,oe)&&(te[oe]=ue[oe]);for(se&&se(re);le.length;)le.shift()()}var re={},ne={"c907cd46.axp-myca-root":0};function __webpack_require__(ne){if(re[ne])return re[ne].exports;var oe=re[ne]={i:ne,l:!1,exports:{}};return te[ne].call(oe.exports,oe,oe.exports,__webpack_require__),oe.l=!0,oe.exports}__webpack_require__.sriHashes={"c4ca4238.axp-myca-root":"sha256-ab1eAYpsawhU6Tyz2cNfff6a6f/dVStEvDecHqfWyEA= sha384-BaiZyTLkawQfTfSIkSP5jUcPGMBqJfeyCu3T0D2MHKezgUG22L1guaoS/O1shkm9"},__webpack_require__.e=function requireEnsure(te){var re=[],oe=ne[te];if(0!==oe)if(oe)re.push(oe[2]);else{var ie=new Promise((function(re,ie){oe=ne[te]=[re,ie]}));re.push(oe[2]=ie);var ae,se=document.createElement("script");se.charset="utf-8",se.timeout=120,_

Chrome Cache Entry: 223

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33449)
Category:	downloaded
Size (bytes):	268941
Entropy (8bit):	5.43277608173319
Encrypted:	false
SSDEEP:	6144:7uDZlwglvMlgnzlW6lSHlUHiJ5nS2S9ilDvs8Tp/Ba1VM8GFZP83PlOhOptbpQ5:7u9fHoZWIhOp5pQ5
MD5:	88D9A8659D2DDF959192247E72C72D4F
SHA1:	89D3CC7B204ADEB5A4C6D3C810647868FCED7708
SHA-256:	D7AB50A62B47E89218F59ADA31B23E2680E59EBAC7296DFB412E36ACDA48CAB1
SHA-512:	43F4D6006A5397C49F2EE743FDF19A9C9697475C94A5AAEA8917F7B9DAC25E12D63CCCFCED12F24A95709A72CC55FCBE74D6EC40DFB7E0227F22444359728D37
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-account-switcher/6.39.0/axp-account-switcher.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{}};return e[r].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)__webpack_require__.d(r,n,function(t){return e[t]}.bind(null,n));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 224

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 225

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators, with escape sequences
Category:	downloaded
Size (bytes):	105931
Entropy (8bit):	5.449912210614573
Encrypted:	false
SSDEEP:	1536:ozdcZAdAUwESPcQTsKPLv96If0bxvkoNxeA7ggvFV6:6dctkfQTsKPlsbfNx7L6
MD5:	E6CD979EBABED3C6CDCB8A0758FF0CB0
SHA1:	CFA622DF9B6AF272382EF9A4D0395D37F7B3A8EE
SHA-256:	31178CD83F454E5FE4234393201B84F5A766B5AD64EC88FFB5B6EEE4A6A5FAC3
SHA-512:	139726CD229FAF6C45956EA38C9592239AD6E5EAC9C304C5E68900EFB58A67D6C84C7774AC3301ECA549C0AC3F508638C0A0A4A2953E88A58184B1F5177F1AB0
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/akamai/ali/lib/ali-metrics.js
Preview:	var AliMetrics=function(){"use strict";var e="",t={};function n(){return document.cookie===e?t:(e=document.cookie,t=e.split(";").reduce((function(e,t){var n=t.split("=");return e[n[0].trim()]=n[1],e}),{}))}var r={jpg:"image",jpeg:"image",gif:"image",ico:"image",png:"image",bmp:"image",webp:"image",svg:"image",ai:"image",eps:"image",ttf:"font",otf:"font",woff:"font",woff2:"font",eot:"font"};function i(){return function(e,t){var n=function(e){return(/\.[\w\d]+([\?#]\|$)/.exec(e)\|\|["unidentified"])[0].replace(/[\.\?\#]/g,"").toLowerCase()}(t.name),i=function(e){return r[e]\|\|e}(n),a=t.decodedBodySize,o=e[i]=e[i]\|\|{count:0,totalBytes:0,notMeasured:0};return o.count+=1,a?o.totalBytes+=a:o.notMeasured+=1,e}}function a(e){return a="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},a(e)}var o=["string","number"],s={},h=void 0!==window.navigator&&(

Chrome Cache Entry: 226

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1646
Entropy (8bit):	4.25586284107187
Encrypted:	false
SSDEEP:	48:jGsSzhSLaWh6StQ7HT2m7qXNrUh+cR0c/6ierhi:jEzQeWh6StQ7H17qdrUhdR0cSierhi
MD5:	78AF472D7F07AACD83D8E224C119950A
SHA1:	B04F7889C9277106B40EF90B7B19C1091884D876
SHA-256:	FC69234936C0DF004440641A5DF9EE1E3C3532DF5780984F0F636E85E8788519
SHA-512:	AC57E0F3537B43926D853440EB2B29A00ACBE9F44C6F06A05529010803BE704BA8F7CA0ADC2595264651D75D8676C6EBD1AC0D9B82E801721DF5F2140C1098CE
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-stack.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="100" height="28" viewBox="0 0 100 28"><path fill="none" d="M0 0h100v28H0z"/><path d="M96.1 20.3h-2.9c-.6 0-1.1-.4-1.1-.9 0-.6.5-.9 1.1-.9h5.3l1.2-2.7h-6.5c-2.7 0-4.2 1.6-4.2 3.7 0 2.2 1.5 3.5 3.8 3.5h2.9c.6 0 1.1.4 1.1.9s-.4.9-1.1.9h-6.4v2.7h6.4c2.7 0 4.2-1.6 4.2-3.8s-1.4-3.4-3.8-3.4m-11.7 0h-2.9c-.6 0-1.1-.4-1.1-.9 0-.6.5-.9 1.1-.9h5.3l1.2-2.7h-6.5c-2.7 0-4.2 1.6-4.2 3.7 0 2.2 1.5 3.5 3.8 3.5H84c.6 0 1.1.4 1.1.9s-.4.9-1.1.9h-6.4v2.7H84c2.7 0 4.2-1.6 4.2-3.8.1-2.2-1.3-3.4-3.8-3.4m-18.5 7.3h10v-2.7h-6.8V23h6.7v-2.7h-6.7v-1.9h6.8v-2.7h-10zm-6.2-6.8h-3.3v-2.4h3.3c.9 0 1.4.6 1.4 1.2 0 .7-.5 1.2-1.4 1.2m4.6-1.3c0-2.3-1.6-3.8-4.2-3.8h-6.9v11.9h3.2v-4.1h1.2l3.6 4.1H65l-3.9-4.3c2-.5 3.2-1.9 3.2-3.8M47.2 21h-3.4v-2.6h3.4c.9 0 1.4.6 1.4 1.3 0 .7-.4 1.3-1.4 1.3m.4-5.3h-6.9v11.9h3.2v-3.9h3.7c2.7 0 4.3-1.7 4.3-4-.1-2.4-1.7-4-4.3-4m-7.5 0H36l-3 3.6-3.1-3.6h-4.2l5.3 5.9-5.4 6h4.1l3.2-3.8 3.2 3.8h4.2l-5.4-6.1zM15.2 27.6h10v-2.7h-6.9V23H25v-2.7h-6.7v-1.9h6

Chrome Cache Entry: 227

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 228

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 229

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 230

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3960)
Category:	downloaded
Size (bytes):	3961
Entropy (8bit):	5.321840500369501
Encrypted:	false
SSDEEP:	96:xpQXTHIAQXTHIQQaJ0VyvCHNdbsHrusU7sjruKw:xKDotDo9aJ0Vy4NNkrup7MrS
MD5:	695D125ACCD65C79295710518B5A0044
SHA1:	CD8E5670358F9CECC242C0C8A9F1509740EF42C4
SHA-256:	084DD46DC302D2047631A5B788A4ACA672CCCA4D44092B861F0C3899F1439D09
SHA-512:	D4F701F1E53F747ABF02C2C729A92CE864976BACB32CE640CABAE7D49FD317DC9CF9D321257DF3300082A5BB6F931F9E88031B339062978D099E32F56B1D5373
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/dxt-vendor-shared-scripts/adobe-wrapper/1.6.6/adobe-wrapper.js
Preview:	!function(){"use strict";window._axpAdobeWrapperIsPresent=!0;var a={e1:{oneapp:"https://cdaas-dev.americanexpress.com/cdaas/api/axpi/omniture/launch/1.4.9/launch-688f678fbf27-staging.min.js",onecms:"https://assets.adobedtm.com/dcb19cbd6cbf/61650f53735f/launch-77374eae9c9b-staging.min.js",acq:"https://assets.adobedtm.com/dcb19cbd6cbf/8fe231718838/launch-5a77dcd96b5f-staging.min.js",acquisition:"https://assets.adobedtm.com/dcb19cbd6cbf/8fe231718838/launch-5a77dcd96b5f-staging.min.js",myca:"https://assets.adobedtm.com/dcb19cbd6cbf/66bfa1f1c370/launch-a84bcfcd9f88-staging.min.js",travel:"https://assets.adobedtm.com/dcb19cbd6cbf/6ea2f89ca33d/launch-25c1ded7854b-staging.min.js",merchant:"https://assets.adobedtm.com/dcb19cbd6cbf/8e98299b4e37/launch-186af9da7404-staging.min.js",assisted:"https://assets.adobedtm.com/dcb19cbd6cbf/333b39a46679/launch-df6a13efe609-staging.min.js",intranet:"https://qwww.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/intranet/1.4.1/launch-80e343e58fb8-staging.

Chrome Cache Entry: 231

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (50713), with NEL line terminators
Category:	downloaded
Size (bytes):	82946
Entropy (8bit):	5.2525113582445835
Encrypted:	false
SSDEEP:	1536:rVbJPPmu0DaSyclW56oFEaoMaHenksC3UesulK:ZbJPGaSyZMoe5enkZskK
MD5:	F720E49B34AA1110E89FE22C8B018EC7
SHA1:	AA2A61F54A7B3C6A7A3341A900699EF6CF4F8A8E
SHA-256:	77166E2033CC977E5F8397E64BC0398FF43237BAB55D4C807148184FBA9FA4B1
SHA-512:	F9A5135805665798ADEF215FB8A35DEB8B8CA385C8BAB4DA0EB81DF7807B921EF30CF24E650CAACD201BC50BEB0A80005A12000D6E8BF2D3A47753A7DE63B4EB
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/axp-script-supplier/5.1.5/script-supplier.js
Preview:	window.scriptSupplier=function(t){var r={};function e(n){if(r[n])return r[n].exports;var o=r[n]={i:n,l:!1,exports:{}};return t[n].call(o.exports,o,o.exports,e),o.l=!0,o.exports}return e.m=t,e.c=r,e.d=function(t,r,n){e.o(t,r)\|\|Object.defineProperty(t,r,{enumerable:!0,get:n})},e.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},e.t=function(t,r){if(1&r&&(t=e(t)),8&r)return t;if(4&r&&"object"==typeof t&&t&&t.__esModule)return t;var n=Object.create(null);if(e.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:t}),2&r&&"string"!=typeof t)for(var o in t)e.d(n,o,function(r){return t[r]}.bind(null,o));return n},e.n=function(t){var r=t&&t.__esModule?function(){return t.default}:function(){return t};return e.d(r,"a",r),r},e.o=function(t,r){return Object.prototype.hasOwnProperty.call(t,r)},e.p="",e(e.s=141)}([function(t,r,e){"use strict";var n=e(7),o=e(74),i=e(4),a=e

Chrome Cache Entry: 232

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	451
Entropy (8bit):	4.996691243906546
Encrypted:	false
SSDEEP:	12:YRV61SsuNgLTF/aV61HQaFBfEjC/hQdwC0m2XghIGXjX2Fc6:YRM8suqH1aMLBfEO46gbXjX2Fc6
MD5:	A83FEDC7AE7025DAB4E758A079961BDE
SHA1:	0BB8BBEB90F1683C410FEFB27CB0FD2750E87E9D
SHA-256:	19A9D930E0E8C2D6C16D7D296CF2D5D341B4CA9D6DF2F815E6AB11456DE8FF1E
SHA-512:	7E1531D63D39C36B742A0FF06D291C1E055293C763DE1A0A55DBD70E4D57DE262974A76E01154D000C71AC960ED0B7CEDFA9059553C80E8B1F5CFC8DA8088E56
Malicious:	false
Reputation:	low
Preview:	{"name":"one-stream-data-handler","version":"0.1.2","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/one/one-stream-data-handler/0.1.2/oneStream.js\",\"integrity\":\"sha256-q/wkn1S/7uUAaC43XxsH1LVxloind1MwxozDceGlIjw=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":true,\"functional\":false,\"performance\":false,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 233

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2009)
Category:	downloaded
Size (bytes):	352797
Entropy (8bit):	5.618200028603691
Encrypted:	false
SSDEEP:	6144:0mFZw5r6IO4axUD1lncR9Dapf/uH62LY2tiG1Ro2x:jaO+u9DapD2JtXRoS
MD5:	11688BC19D2FA9090C626BEFFF5062B9
SHA1:	8481E98D1B924B78CCFC8568D9691055CF13AF5A
SHA-256:	F21F90F0F1DE1219B6D20C6133EA5F442BB68A18F8A81B055E33DF1880AB4B28
SHA-512:	85040C46806B6988F40372BE44D873C51F31FE78A7AA31A457C11F2E6EC5A3542BB6465B13A1039AACFDD87C8D69EF34BDEE7B15D4EB28C8251DBDAA90DD3C05
Malicious:	false
Reputation:	low
URL:	https://global.americanexpress.com/dashboard/ruxitagentjs_ICA27NQVfghjqrux_10255221104040649.js
Preview:	/. Copyright and licenses see https://www.dynatrace.com/company/trust-center/customers/reports//.(function(){function Fa(){document.cookie="".concat("__dTCookie","=").concat("1",";SameSite=Lax");var Va=-1!==document.cookie.indexOf("__dTCookie");document.cookie="".concat("__dTCookie","=").concat("1","; expires=Thu, 01-Jan-1970 00:00:01 GMT");return Va}function fb(){return void 0===nb.dialogArguments?navigator.cookieEnabled\|\|Fa():Fa()}function ib(){var Va;if(fb()&&!window.dT_){var gb=(Va={},Va.cfg="#CONFIGSTRING#\|auto=#AUTO#\|domain=#DOMAIN#\|rid=RID_#REQUEST_ID#\|rpid=#RESPONSE_ID#\|app=#APP#",Va.iCE=.fb,Va);window.dT_=gb}}"undefined"!==typeof window&&window.setTimeout&&(window.setTimeout=window.setTimeout);this.dT_&&dT_.prm&&dT_.prm();var nb="undefined"!==typeof window?window:self,Sa;nb.dT_?(null===(Sa=nb.console)\|\|void 0===Sa?void 0:Sa.log("Duplicate agent injection detected, turning off redundant initConfig."),nb.dT_.di=1):ib()})();.(function(){function Fa(f,n,J){if(J\|\|2===arguments.le

Chrome Cache Entry: 234

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	111878
Entropy (8bit):	5.250278991199983
Encrypted:	false
SSDEEP:	3072:17jolcjjl7jDltSuGj7l/Pm+fj3lkjPlSrmFJLRS2SEhlDjw9JdijN7:djolcjjl7jDltSuGj7lTfj3lkjPlSrit
MD5:	68E1A9898398CC8F3BB2D71562EDE5B3
SHA1:	5CC9A614092B6F5E3613D051B63023207CA13B0C
SHA-256:	E0C4CEE8D1375507B6D8870152384782720C21F15E1AEAF8130FB49D23ACB592
SHA-512:	60661F9486DE5BC5AC9F1CF533E062E33DE7B7649B7DAFFD339CB6D385FABBC3904F311653856AB4089AC3984DCB1BCACE37BA1B483546323DAB0AD3305EDC72
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-help-welcome/3.1.1/axp-help-welcome.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{}};return e[r].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)__webpack_require__.d(r,n,function(t){return e[t]}.bind(null,n));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 235

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	278
Entropy (8bit):	4.532849249942343
Encrypted:	false
SSDEEP:	6:YVVHWDxvVWGYxXkaQwI5p/SlBCd+DrsW0FTRyJ7JpEWpL0aY:YVUV9WVXkaQFp/SjCMDEVRyPiWpL0
MD5:	BAEDB67A83479DBF0F30936FE28DAB54
SHA1:	6CBF6C310D972F63462172D190CD91E03145A485
SHA-256:	644DE828EF901AEE6B2279CEE1ADBFA11EC9E8EE18F0DDA97E8F4020C31C3609
SHA-512:	1436AFA0DD60EC2EAA3E037304575223A534CFC9E1156C3BAAE9157D500B392500A7A09AEC6243002597A50D2350A240BE72CF0602ED57D1FE90BB29C3AC56C2
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-faqs/5.2.1/en-us/axp-faqs.json
Preview:	{"locale":"en-US","pageTitle":"Frequently Asked Questions","errorMessage":"Sorry about that. FAQs are unavailable at this time. Please try again later.","initialMessage":"Related FAQ results will appear here.","seeAll":"See All","seeLess":"See Less","progress_circle":"Loading"}

Chrome Cache Entry: 236

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	2402
Entropy (8bit):	4.381271648610257
Encrypted:	false
SSDEEP:	48:Gl84i3sW6LSYDKL1qHI9IDXz6JDUF3tfzHZ96qQ6JDUjmoxTn0:m8XvYDQVD0ZPDCbxT0
MD5:	D97D46FE48D19D2C4F236B9A2CFEE5F3
SHA1:	A164F3588BB4B601C472461A24A6EEC265BCF8C8
SHA-256:	028F643755987211BF2F3ADD6C62AE1870A888CF2F4FE3040A4FAC7DCE2543AB
SHA-512:	4BFF0149D22172B1513B70BD2BA9F6BE69807E5E33BE803D100518CFE1070534160BF79992CDFC47277B3EBB98626E0E6302D08C1DB8A0F7C41FD4DE15B1FB80
Malicious:	false
Reputation:	low
Preview:	<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" x="0" y="0" width="45" height="45" viewBox="0 0 45 45" xml:space="preserve"><style>.st0{fill:#fff}.st1{fill:#006fcf}</style><path id="logo-blue-box-small-45-9x45-a" class="st0" d="M44.9 44.9H0V0h44.9z"/><path class="st1" d="M44.9 24.2V-.1H0v44.9h44.9V31.7c-.1 0 0-7.5 0-7.5" transform="translate(0 .12)"/><path class="st0" d="M39.4 21.7h3.4v-7.9h-3.7v1.1l-.7-1.1h-3.2v1.4l-.6-1.4h-5.9c-.2 0-.4.1-.6.1s-.3.1-.5.2-.3.1-.5.2v-.5H10.2l-.5 1.3-.5-1.3h-4v1.4l-.6-1.4H1.4L0 17.2v4.5h2.3l.4-1.1h.8l.4 1.1h17.6v-1l.7 1h4.9v-.6c.1.1.3.1.4.2s.3.1.4.2c.2.1.4.1.6.1h3.6l.4-1.1h.8l.4 1.1h4.9v-1l.8 1.1zm5.5 10v-7.4H17.4l-.7 1-.7-1H8v7.9h8l.7-1 .7 1h5v-1.7h-.2c.7 0 1.3-.1 1.8-.3v2.1h3.6v-1l.7 1h14.9c.6-.2 1.2-.3 1.7-.6z" transform="translate(0 .12)"/><path class="st1" d="M43.2 29.8h-2.7v1.1h2.6c1.1 0 1.8-.7 1.8-1.7s-.6-1.5-1.6-1.5h-1.2c-.3 0-.5-.2-.5-.5s.2-.5.5-.5h2.3l.5-1.1h-2.7c-1.1 0-1.8.7-1.8 1.6 0 1 .6 1.5 1.6 1.5h1.2c.3 0 .5.2.5.5.1.4-.

Chrome Cache Entry: 237

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	1698
Entropy (8bit):	5.1982095670609505
Encrypted:	false
SSDEEP:	24:YMYBRU3VXmbO4Tt1p7eXoMeXomt4R+yakKzWs4BdoSCAl1I4Shj:YMYBRSmoWJt4whkKzWs4BySno48
MD5:	3B07EA07E57E0DA709C256224D5EC1DD
SHA1:	B912DC42F7943649DFBD876ECBB0D4D2E6E26578
SHA-256:	326DEA47F7CD2AAF1F5DC9A8BE9103EB282AEFB50A6B2D76F4256EB54A070233
SHA-512:	94E673BF364903E1C012D2B580EA98D0C5FBA97ECE76ECE98EF8426960810E058B1553A77640D1E1E430109BA0F5672A1EF1F3BCB2F1E4F161415309A39BD67C
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-consumer-navigation/1.0.0/en-us/axp-consumer-navigation.json
Preview:	{"locale":"en-US","moreLinkText":"More","defaultSelectedText":"Select","navTooltipDisplayText":"Now you can easily stay on top of all your accounts in your new Overview.","navTooltipDismissText":"Okay","links":{"ACCOUNT":[{"label":"Overview","url":"https://global.americanexpress.com/overview","tenant":"axp-myca-root","path":"/overview","tracking":"MYCA_Overview","describedById":"nav-tooltip"},{"label":"Profile","url":"https://global.americanexpress.com/customer/profile","tenant":"axp-myca-root","path":"/customer/profile","tracking":"MYCA_Profile"}],"PRODUCT":{"CARD_PRODUCT":[{"label":"Home","url":"https://global.americanexpress.com/dashboard","tenant":"axp-myca-root","tracking":"MYCA_Home","path":"/dashboard"}],"AEXP_BUSINESS_CHECKING_ACCOUNT":[{"label":"Home","url":"https://americanexpress.com/en-us/banking/business/checking/accounts/{__OPAQUE_ACCOUNT_ID__}","tenant":"banking-root","tracking":"business_checking_home","path":"/banking/business/checking/accounts/{__OPAQUE_ACCOUNT_ID__}"

Chrome Cache Entry: 238

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 239

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 240

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (41211), with LF, NEL line terminators
Category:	downloaded
Size (bytes):	240088
Entropy (8bit):	5.384582499966755
Encrypted:	false
SSDEEP:	3072:B8BFPGttrP7FPiLRS8YeVoghmDITcA/tGd:MWtPFPiLieVTcA/u
MD5:	57AE1D958042CC8EC2AA3013918E0ABB
SHA1:	823F22D5C41EC934D5E8ECB9F07D21EA0F7E4D23
SHA-256:	9E132670E82B75096193AA981F828376B85B3F9002F2ED24EC2CF0109743B182
SHA-512:	F577A24CEEE9060E72CF2CEF3EA44377C12BE34A8B92BFC0835EFFE86EEC8E4BF204A51043BB8EBAF6BB4122E427F8A282860E9D0128B32517E41EE3192695AC
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/user-consent-management/ucm/v1.13.0/UCM.js
Preview:	!function(e){"function"==typeof define&&define.amd?define(e):e()}((function(){"use strict";var e="https://ucmapi.americanexpress.com/api/consent/management/",o="https://ucmapi.americanexpress.com/api/consent/ext/record/",n="https://ucmapi.americanexpress.com/api/v1/geo_location/check",t="3",r="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{};function a(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}var i={exports:{}},s={exports:{}},c=function(e){return e&&e.Math==Math&&e},l=c("object"==typeof globalThis&&globalThis)\|\|c("object"==typeof window&&window)\|\|c("object"==typeof self&&self)\|\|c("object"==typeof r&&r)\|\|function(){return this}()\|\|r\|\|Function("return this")(),u=function(e){try{return!!e()}catch(e){return!0}},d=!u((function(){var e=function(){}.bind();return"function"!=typeof e\|\|e.hasOwnProperty("prototype")})),p=d,m=Function.prototype,g=m.apply,f=m

Chrome Cache Entry: 241

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 242

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (64772)
Category:	downloaded
Size (bytes):	104911
Entropy (8bit):	5.411940056442606
Encrypted:	false
SSDEEP:	1536:OQmxuX4VgFkOc6XzNg/rKbMovK+HHWE/f59bxK0jBvkL4Ku:5X8gFQ6yptE/fjxKGvkM
MD5:	CDD5D4A45C98B91C244E0EACB3206AD7
SHA1:	288F792A1A3B4BF0DC934058F506A3E6D6DCCB4C
SHA-256:	D2E7CAAA213D56F6B9528BB61F9B3FA4C842EAE70A90C1BEEB22C60AB41B1CDA
SHA-512:	04318D88826C4177DBA3B0C68707E8193790183254AF14A63044251C1D30033CF8297C83059A5EF97857E0ADCEE6222DFCFC4D8D61EB3034B125C5E71EFBCF64
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/CoreModule.js?Q_CLIENTVERSION=1.70.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=aexpfeedback
Preview:	./@preserve.Version 1.70.1./../@license. Copyright 2002 - 2018 Qualtrics, LLC.. * CONFIDENTIAL. All rights reserved.. . Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. !function(e){var t={};function n(i){if(t[i])return t[i].exports;var r=t[i]={i:i,l:!1,exports:{}};return e[i].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,i){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerabl

Chrome Cache Entry: 243

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	434
Entropy (8bit):	5.08273347736514
Encrypted:	false
SSDEEP:	12:YgARF/ARFBfj92LdwC0m2FhPnGXjX2Fc6:YgE12Bf0UtGXjX2Fc6
MD5:	65BE367FFE272ED2D34889BF7EE53263
SHA1:	EA28802282CB61E59A6469CC1393F50422EC91F5
SHA-256:	E4975BE7A823EE4FF14C61A92F0232C2D1D89DD9B441139110EC0422836E3C2F
SHA-512:	5EBF9A59A867CB022E607D4945245D11F7E61D862D3D61B05464203835B14B8F1CA73E0BFE33977F7179A2BFC70B167D1115F77A7595165E6D6C80ACED40636E
Malicious:	false
Reputation:	low
URL:	https://functions.americanexpress.com/ReadScriptRegistry.v1?name=qualtrics&version=%5E1.34.0&environment=e3&cache=1713274
Preview:	{"name":"qualtrics","version":"1.71.0","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/qualtricsIntercept.js\",\"integrity\":\"sha256-QQKepLozgDovAgNUkx016jem6t6NmTbqE0cY9PJL6TU=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":false,\"functional\":true,\"performance\":false,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 244

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (34692)
Category:	downloaded
Size (bytes):	480562
Entropy (8bit):	5.342943163801142
Encrypted:	false
SSDEEP:	12288:Vfjgu2lGjzqiTp7eFOiZqZBYSzjua81BrCS79BuWIVzcMTl+Nb55mtKittuuOE8v:VfMUjzxTp7eFOiZqZBYSzjua81BrCS7H
MD5:	880B713323BD8942601F6D03B191042B
SHA1:	3853D8C0C20248A108E99AD80E859254E445C402
SHA-256:	8C69AF833EC7699DDB915078F2E67CF47E96BA91769775D1D0E24B589F958324
SHA-512:	A3E807DE437BC0476510BEF7CE9F0C1B897775176F574876F724A4578DCDF61C74D4A883123DCAF01A697F9381F3BFAC84E18F44A157ECB25B709A3662D4DCC5
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/app/5.22.0-e9879399/app~vendors.js
Preview:	(window.webpackJsonp=window.webpackJsonp\|\|[]).push([[0],[function(n,r,o){var a=o(5),i=o(31).f,s=o(34),_=o(23),E=o(167),w=o(135),P=o(101);n.exports=function(n,r){var o,j,q,$,B,ne=n.target,oe=n.global,ie=n.stat;if(o=oe?a:ie?a[ne]\|\|E(ne,{}):(a[ne]\|\|{}).prototype)for(j in r){if($=r[j],q=n.dontCallGetSet?(B=i(o,j))&&B.value:o[j],!P(oe?j:ne+(ie?".":"#")+j,n.forced)&&void 0!==q){if(typeof $==typeof q)continue;w($,q)}(n.sham\|\|q&&q.sham)&&s($,"sham",!0),_(o,j,$,n)}}},function(n,r,o){(function(r){n.exports=r.React=o(331)}).call(this,o(20))},function(n,r,o){(function(r){n.exports=r.PropTypes=o(340)}).call(this,o(20))},function(n,r){n.exports=function(n){try{return!!n()}catch(n){return!0}}},function(n,r,o){var a=o(99),i=Function.prototype,s=i.bind,_=i.call,E=a&&s.bind(_,_);n.exports=a?function(n){return n&&E(n)}:function(n){return n&&function(){return _.apply(n,arguments)}}},function(n,r,o){(function(r){var check=function(n){return n&&n.Math==Math&&n};n.exports=check("object"==typeof globalThis&&g

Chrome Cache Entry: 245

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (46587)
Category:	downloaded
Size (bytes):	168270
Entropy (8bit):	5.349533063557669
Encrypted:	false
SSDEEP:	3072:YBc4lZoly0dS7aUK8yqyIZm6l9DltglBvlH1e1J5YS2SialDs4xTMS17CNRnmJM:YBc4lZoly5y8hyl6l9DltglBvlH1yJ5u
MD5:	93313DDD893A06B69A61945291042E26
SHA1:	5334E08B64A1E2260F18CB0E1C59CE2379501454
SHA-256:	63CBF9DDD66945B4EF570DCCA5935F662BBBF10C98B9582D5213192065296861
SHA-512:	5DDA3890EE008C82A4F2641EA37A351A807DF993E1A68DC99F00D2131CBDC18783B54FC219BD32FC2B8F096C963944266626E00EF993F2883BCC229101481D1C
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-contact-us-placement/3.2.0/axp-contact-us-placement.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{}};return e[r].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)__webpack_require__.d(r,n,function(t){return e[t]}.bind(null,n));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 246

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (9025), with no line terminators
Category:	downloaded
Size (bytes):	9025
Entropy (8bit):	5.251153016344361
Encrypted:	false
SSDEEP:	192:KvIm5j4mv4+QZ4R43XippumB+H+GMKP3zLC7EfKo5HtEn:KvIm5j4mwP4Rc/y+H+GMKPDCOKo5N4
MD5:	36CDA26A0AF2390855709B23F8D0FEB7
SHA1:	5A26874BFD06F1D8169DB4660753A68801A91D1C
SHA-256:	7D053C84242DA3809D364817DBF80E3BB35F8075A8C1E53CBEEA9322074E3ABD
SHA-512:	A55AE35ED76DE390993A103E1D01949E9D4BF218C0D9A0AA10D8CC11CF4709457A4E749656B8469E938CA30799EF43591936B503B841DF251AEAAA8C6475705A
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-page-wrapper/3.6.3/axp-page-wrapper.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,__webpack_require__),o.l=!0,o.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)__webpack_require__.d(r,o,function(t){return e[t]}.bind(null,o));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 247

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (39720)
Category:	downloaded
Size (bytes):	241081
Entropy (8bit):	5.433403373165861
Encrypted:	false
SSDEEP:	6144:VJGR79NBlVWlJVylLXly1XHbl7Xq7lhTlhEl/tAJL1S2SVplDHqlLalsDSjfgYEF:s79+l1XxXBtYD/1zT1L
MD5:	6BD6577A5C0B82406C3DFA346D7E3C3E
SHA1:	64CC30F989F87D78479B1A8681832842B6FCE747
SHA-256:	6513973EB294A92FE6F9144425950A6C96BB54255AA31E136917DF34BACB0FCC
SHA-512:	E37D43C17768260C2C4352D3D87A56E24365AA65595307AE98A35CD86342665780D24A504F0FBAFABED80D1B84D6221B684423B4792D2D989A97150C56D81710
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-search-box/7.7.3/axp-search-box.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{}};return e[r].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)__webpack_require__.d(r,n,function(t){return e[t]}.bind(null,n));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 248

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1698
Entropy (8bit):	5.1982095670609505
Encrypted:	false
SSDEEP:	24:YMYBRU3VXmbO4Tt1p7eXoMeXomt4R+yakKzWs4BdoSCAl1I4Shj:YMYBRSmoWJt4whkKzWs4BySno48
MD5:	3B07EA07E57E0DA709C256224D5EC1DD
SHA1:	B912DC42F7943649DFBD876ECBB0D4D2E6E26578
SHA-256:	326DEA47F7CD2AAF1F5DC9A8BE9103EB282AEFB50A6B2D76F4256EB54A070233
SHA-512:	94E673BF364903E1C012D2B580EA98D0C5FBA97ECE76ECE98EF8426960810E058B1553A77640D1E1E430109BA0F5672A1EF1F3BCB2F1E4F161415309A39BD67C
Malicious:	false
Reputation:	low
Preview:	{"locale":"en-US","moreLinkText":"More","defaultSelectedText":"Select","navTooltipDisplayText":"Now you can easily stay on top of all your accounts in your new Overview.","navTooltipDismissText":"Okay","links":{"ACCOUNT":[{"label":"Overview","url":"https://global.americanexpress.com/overview","tenant":"axp-myca-root","path":"/overview","tracking":"MYCA_Overview","describedById":"nav-tooltip"},{"label":"Profile","url":"https://global.americanexpress.com/customer/profile","tenant":"axp-myca-root","path":"/customer/profile","tracking":"MYCA_Profile"}],"PRODUCT":{"CARD_PRODUCT":[{"label":"Home","url":"https://global.americanexpress.com/dashboard","tenant":"axp-myca-root","tracking":"MYCA_Home","path":"/dashboard"}],"AEXP_BUSINESS_CHECKING_ACCOUNT":[{"label":"Home","url":"https://americanexpress.com/en-us/banking/business/checking/accounts/{__OPAQUE_ACCOUNT_ID__}","tenant":"banking-root","tracking":"business_checking_home","path":"/banking/business/checking/accounts/{__OPAQUE_ACCOUNT_ID__}"

Chrome Cache Entry: 249

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 250

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 251

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 252

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	474
Entropy (8bit):	5.011663353158969
Encrypted:	false
SSDEEP:	12:Y1XciuSF/McMycSIFBfT0LVmmdwC0m2XghIGXjX2Fc6:Y1MiuS1BM7FBfT0LV6gbXjX2Fc6
MD5:	3C3FFDD00A241A4637D5C36435AED73C
SHA1:	399BC3C37EC9C8BF2772EB4ACA35D0E0921CC0B3
SHA-256:	DDBE6A3D2794E31BBB8D7F118DCA9C6F8E6770DAE7F4C9AC9FAE08B1EC6BDFC0
SHA-512:	BCD7A28609881E387FC73445EA11F3130926B4254C4A91EA6E6EA22FBF58344916314C35F2296E6061A079650332B2E22D79866BA1CEBC1075156874E46CCF22
Malicious:	false
Reputation:	low
Preview:	{"name":"dxt-script-supplier-helper","version":"1.2.0","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/one/dxt-script-supplier-helper/1.2.0/dxt-script-supplier-helper.js\",\"integrity\":\"sha256-QTajXoJ7uEf+6zniFBu0E5JJpHdM45iCpAvsczoaswc=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":true,\"functional\":false,\"performance\":false,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 253

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 254

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (59970)
Category:	downloaded
Size (bytes):	60831
Entropy (8bit):	5.31622317431769
Encrypted:	false
SSDEEP:	1536:cgW2eVNANA5AijApdoerTiiyy/uSurhr4WZ41:ZW2efMpbTiiyy/8Y
MD5:	376FC01BF053EEE4ABBA1AF9CAA8788D
SHA1:	E4E1646B2730DFDACDAF04D39A8994E773D50F41
SHA-256:	B1117BDE2EAF7B76E0A1F12CAA53990DDBE0649A56431EE041D31378A9E0A6DC
SHA-512:	1D69ADA55D4CCAA038459603C5B8435586BA89A7C173DA2B92706C102C7BF0AEFB000C4505F08942EF6A26DBC43B04015465AD6B5545F370076EFCC623FF383F
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/11.e96652d6e6eddd365cbd.chunk.js?Q_CLIENTVERSION=1.70.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=global.americanexpress.com
Preview:	./@preserve.Version 1.70.1./../@license. Copyright 2002 - 2018 Qualtrics, LLC.. * CONFIDENTIAL. All rights reserved.. . Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. (window["WAFQualtricsWebpackJsonP-hosted-1.70.1"]=window["WAFQualtricsWebpackJsonP-hosted-1.70.1"]\|\|[]).push([[11],{19:function(e,t,n){"use strict";n.d(t,"a",function(){return o}),n.d(t,"e",function(){return i}),n.d(t,"d",function(){r

Chrome Cache Entry: 255

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 256

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 257

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 258

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	16976
Entropy (8bit):	4.980108451202337
Encrypted:	false
SSDEEP:	192:80w4eym1UmCydS9vynbU5F4iHv7SydPLLFMD4wnHFD32mGhSkHZAJDQm1mCJoGV2:t1RcnIEkn/CDlHN3FghZoJolT/97
MD5:	9E068F69BD8A51028FBA9B1C0455D8C9
SHA1:	A7766CE3FC948F609A877AB9638AE2700566B792
SHA-256:	697E7578FA14BCB5A73427770C46DD902BFD15C51E505122FFF1C7D7136F8F4F
SHA-512:	F36219C247CA75F5FA9D5EEFCAACB57A81F7B226FA133F792CC52324DD2F05702EF8A49805A1508480901431D79D63CF67820DD9AD8092A28B96FEC17F192399
Malicious:	false
Reputation:	low
Preview:	{"locale":"en-US","help":{"title":"Contact Us","progress_circle":"loading","sections":[{"title":"Personal Cards","element":"personal_cards","details":{"phone":{"title":"Phone","description":"For fastest service, choose the number that best describes your call.","items":[{"label":"Customer Service","description":"Already a Card Member? Get help with your existing account.","element":"customer_service","phoneNumber":{"message":["{number}"],"values":{"number":"1-800-528-4800"}},"time":[{"line":"24/7"}],"links":{}},{"label":"TTY/TDD","description":"Hearing Impaired TTY","element":"tty_tdd","phoneNumber":{"message":["Relay:","Dial {number}","and","1-800-528-4800"],"values":{"number":"711"}},"time":[{"line":"24/7"}],"links":{}},{"label":"Make a Payment","description":"Pay your bill by phone. You can also make a payment {link}.","element":"make_payment","phoneNumber":{"message":["{number}"],"values":{"number":"1-800-472-9297"}},"time":[{"line":"24/7"}],"links":{"link":{"isSPA":true,"href":"/p

Chrome Cache Entry: 259

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (36023)
Category:	downloaded
Size (bytes):	67629
Entropy (8bit):	5.206803647274439
Encrypted:	false
SSDEEP:	1536:9/lZ6lqruslNdDweln/XWzlHllDDQQ/2v1JLCS2SgZlDuCyzLGHz0bx:9/lZ6lqCsl0el/XWzlHllDDMdJLCS2Sr
MD5:	435610F9F0581D2F2EC8A73A5DCE8F14
SHA1:	F301448E641408888C9B2D11D612C0009B20D1BF
SHA-256:	AB2616CBCD438C83F593BC99E8944B51C7748156679325C86E4F190F947DF9D8
SHA-512:	2472DC078E08BBCFA01ADE3290FB8980E76EF01625AAB28A3EC902DE32799A8DC722EA05EE0CDEEAC57F37A48010674438CD8B3B1FAEFBCB2F823BBBA2E891C2
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-account-analytics/1.5.5/axp-account-analytics.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{}};return e[r].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)__webpack_require__.d(r,n,function(t){return e[t]}.bind(null,n));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 260

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1680)
Category:	downloaded
Size (bytes):	2541
Entropy (8bit):	5.232610447132574
Encrypted:	false
SSDEEP:	48:svVFcCPrwbrJXmjvJllHWMQ9vz0WlsrxYa6bWM6Rc9nr/jAdal7s:sPxa6kvzj4YUpmAal7s
MD5:	06459F8F2211ECFBAF773F95ED1918B2
SHA1:	B4B04D631441A5C908009243C4970B85632D4E61
SHA-256:	1E45B6E32B1923F8E3744896ED466317016805C164C1A6E42202BA5803F95AE5
SHA-512:	6D68AA8441FA85D48E617C0B7E5BFC6409A6E4888C8B4A3541BEBA98F9669B2CE2D9D3FDD9A9F8FF3BDE326D4CD4A450E26ED82E6A846A534E36A3DC3A7E6452
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/4.3d632629f5bbc6650b9b.chunk.js?Q_CLIENTVERSION=1.70.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=aexpfeedback
Preview:	./@preserve.Version 1.70.1./../@license. Copyright 2002 - 2018 Qualtrics, LLC.. * CONFIDENTIAL. All rights reserved.. . Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. (window["WAFQualtricsWebpackJsonP-hosted-1.70.1"]=window["WAFQualtricsWebpackJsonP-hosted-1.70.1"]\|\|[]).push([[4],{65:function(e,n,t){"use strict";t.r(n);var i=function(){return function(e,n){this.payload=n,this.type=e}}();t.d(n,"addP

Chrome Cache Entry: 261

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 262

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (46099)
Category:	downloaded
Size (bytes):	100323
Entropy (8bit):	5.317460385034725
Encrypted:	false
SSDEEP:	3072:Uqzsfck4lzclOM2lzul0JB74lQBH4lzrlhil/tiTJLJS2SPmlDEValzblhMl/tuX:U6k4lzclOM2lzul0JB74lQBH4lzrlhik
MD5:	02019DE51A04C361D268110575AB658D
SHA1:	A795AC4ED834527F2E3209578D9CB36D957A79B9
SHA-256:	8AACE09F3FE28D8A291F63AF3BE8C6FE6925980D94817A1EA14F40696D5551A9
SHA-512:	38DE7788A555F0429273BA968E1BBCA8A957BA9688FCB07EE72DF1C22BE137BD501AAE08A724CD8809F63A3E59170325DEABC65F4C62A7B255CA528B650BD029
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-help/6.3.2/axp-help.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{}};return e[r].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)__webpack_require__.d(r,n,function(t){return e[t]}.bind(null,n));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 263

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (44597)
Category:	downloaded
Size (bytes):	470963
Entropy (8bit):	5.295125530138495
Encrypted:	false
SSDEEP:	6144:eaxZ5l+1lnKrolHLlE0leDlQlTLHESXSY6HlGX4t+uSaioFayIzbHQNQtf:eaxIK6lK+PSYbHlf
MD5:	15F225D02170B30DF026A73653D6F012
SHA1:	197B48CDAA0D13F24869390BBF4458B796E919AC
SHA-256:	409BC9447BBE7079FE1EA8F1E94A89F67F13BC04E871AB8549DFA4105E72F1C5
SHA-512:	5E230F6587E3B492CF414A2F5B136410768FB09ED9FFA4AB08102B37CF5138486FDA5B79D1A07DF2C62119432F11851675E304CB7EB9B726312F020657D537C8
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-site-area-nav-container/3.3.11/axp-site-area-nav-container.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var a={};function __webpack_require__(n){if(a[n])return a[n].exports;var _=a[n]={i:n,l:!1,exports:{}};return e[n].call(_.exports,_,_.exports,__webpack_require__),_.l=!0,_.exports}return __webpack_require__.m=e,__webpack_require__.c=a,__webpack_require__.d=function(e,a,n){__webpack_require__.o(e,a)\|\|Object.defineProperty(e,a,{enumerable:!0,get:n})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,a){if(1&a&&(e=__webpack_require__(e)),8&a)return e;if(4&a&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(__webpack_require__.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&a&&"string"!=typeof e)for(var _ in e)__webpack_require__.d(n,_,function(a){return e[a]}.bind(null,_));return n},__webpack_require__.n=function(e){var a=e&&e.__esModule?functio

Chrome Cache Entry: 264

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 265

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (37328)
Category:	downloaded
Size (bytes):	95768
Entropy (8bit):	5.387892557884809
Encrypted:	false
SSDEEP:	1536:AH8v2NPen/liDlIHvxlrJlp+lhVl/tr291JLPS2SoJlDsVOTo7z/pG/e8LSxd4:AH8vSen/liDlIPxlrJlp+lhVl/tiTJLt
MD5:	DD8C500A4B9E9594158A2423E6674537
SHA1:	800C53AF7D19DBF177D42CFF9276FEC7FEAF6022
SHA-256:	5C80F838A28A543883C26D47F6AEAA302EE0D0DDC41B72692BD74EAB49528971
SHA-512:	5EBCFCDD02C6074FFD2E0E29EF35FF6D6BD31CEAF2843065024614817971A730DF1AFC9EFB97D573DC581F18D185F190AAB4CCFE43173E6CB77C7B54C3D6ECAD
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-co-browse/3.1.0/axp-co-browse.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{}};return e[r].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)__webpack_require__.d(r,n,function(t){return e[t]}.bind(null,n));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 266

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 267

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	278
Entropy (8bit):	4.532849249942343
Encrypted:	false
SSDEEP:	6:YVVHWDxvVWGYxXkaQwI5p/SlBCd+DrsW0FTRyJ7JpEWpL0aY:YVUV9WVXkaQFp/SjCMDEVRyPiWpL0
MD5:	BAEDB67A83479DBF0F30936FE28DAB54
SHA1:	6CBF6C310D972F63462172D190CD91E03145A485
SHA-256:	644DE828EF901AEE6B2279CEE1ADBFA11EC9E8EE18F0DDA97E8F4020C31C3609
SHA-512:	1436AFA0DD60EC2EAA3E037304575223A534CFC9E1156C3BAAE9157D500B392500A7A09AEC6243002597A50D2350A240BE72CF0602ED57D1FE90BB29C3AC56C2
Malicious:	false
Reputation:	low
Preview:	{"locale":"en-US","pageTitle":"Frequently Asked Questions","errorMessage":"Sorry about that. FAQs are unavailable at this time. Please try again later.","initialMessage":"Related FAQ results will appear here.","seeAll":"See All","seeLess":"See Less","progress_circle":"Loading"}

Chrome Cache Entry: 268

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	5624
Entropy (8bit):	3.897995256362582
Encrypted:	false
SSDEEP:	96:GL5GLGGGa7GDaSFF77W87yCG++7d9iYGGeJ7G1j4GeJSAGj7GetIR747WqyCGkWW:G9PO2XHW8G7B59iYGLE8ih/gRsWP7pTS
MD5:	56ADDBA553083EB384B100CBB7E8632F
SHA1:	F718526F1EF720E5D361536615595D5BFC3C9688
SHA-256:	5E60A20DA0F769A6260D4ED755D615DA930B87C62436F807A6FF32D000017D18
SHA-512:	8E25C45C3CB1C056CDBD40E83BFCAE2594C4346C5664D28599C81F84D143970D02C65EA47AC2D74D35B76AC913CC28CC2BD5490283F8877B17DEE63C315FE8A7
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="100" height="69" viewBox="0 0 100 69"><path fill="#FFF" d="M0 0h100v69H0z"/><path fill="#BD3D44" d="M0 0h100v5.308H0V0zm0 10.615h100v5.308H0v-5.308zm0 10.616h100v5.308H0V21.23zm0 10.615h100v5.308H0v-5.308zm0 10.616h100v5.308H0v-5.308zm0 10.615h100v5.308H0v-5.308zm0 10.616h100V69H0v-5.308z"/><path fill="#192F5D" d="M0 0h52.44v37.154H0V0z"/><path fill="#FFF" d="M4.37 1.59l.477 1.469h1.544l-1.249.907.477 1.469-1.25-.908-1.248.908.477-1.469-1.25-.907h1.545L4.37 1.59zm8.74 0l.477 1.469h1.544l-1.249.907.477 1.469-1.249-.908-1.249.908.477-1.469-1.25-.907h1.545l.477-1.469zm8.74 0l.477 1.469h1.545l-1.25.907.478 1.469-1.25-.908-1.249.908.477-1.469-1.249-.907h1.544l.477-1.469zm8.74 0l.477 1.469h1.544l-1.249.907.477 1.469-1.249-.908-1.25.908.478-1.469-1.25-.907h1.545l.477-1.469zm8.74 0l.477 1.469h1.545l-1.25.907.478 1.469-1.25-.908-1.249.908.477-1.469-1.249-.907h1.544l.477-1.469zm8.74 0l.478 1.469h1.544l-1.25.907.478 1.469-1.25-.908-1.249.908.478-1.46

Chrome Cache Entry: 269

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	449
Entropy (8bit):	5.064576642399776
Encrypted:	false
SSDEEP:	6:YW3PSpwzuLOdmEhZEtL5bFBWWvOV0847tKGdwCJ1QmNN2BbhIVl1DnXpXkDcAcfS:YaqSFMFBfC08IjdwC0m2FhIVHjX2Fc6
MD5:	47218B12258489F9471291B194883FF4
SHA1:	16681AC4AF3F8AF18A4E860A97F5BC68C7F64EC9
SHA-256:	1A3FB2A8BDA1301D49AAE0C5E21D91E2FA5F96D19C1DEF2E1BF284F33C4C7BE0
SHA-512:	F0A2661B103C2AF316C089A3149AECAA0AC13A5DE153D7B8F8C838F2E2ECBE19374792BAB2A6CBE9E6986EEC3F7B3B03D69FC8E6BC424924D496A14F5AF6CE4A
Malicious:	false
Reputation:	low
Preview:	{"name":"adobe","version":"1.2.0","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/dxt-vendor-shared-scripts/adobe-wrapper/1.6.6/adobe-wrapper.js\",\"integrity\":\"sha256-CE3UbcMC0gR2MaW3iKSspnLMyk1ECSuGHww4mfFDnQk=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":false,\"functional\":false,\"performance\":true,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 270

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 271

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (41290)
Category:	downloaded
Size (bytes):	149696
Entropy (8bit):	5.371589303146781
Encrypted:	false
SSDEEP:	3072:TjzlmjolCAj5uIjul8jylij4l5jHlH1S7JLXS2SrGlDj/1Hn3KFqTQkdant80SM:TjzlmjolCeuIjul8jylij4l5jHlH14Je
MD5:	228F7920338A6225EA70F1340FCAA675
SHA1:	F29A22FA174ECB3FBF50F877962A09C1168071B5
SHA-256:	03C09600A0564362F9FAE2435894BFE9484DA253538D350514241EC6F4DC3A87
SHA-512:	5259155AD1578CFDAAE54B61000AB030BE14315695140128CCF01F12BED464E99516FA1D1131E2641B3FD7EACAF8AB0C263879D1924DF1684A1B5CA26054A22D
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-myca-route-config/1.52.1/axp-myca-route-config.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var e=function(e){var t={};function __webpack_require__(r){if(t[r])return t[r].exports;var n=t[r]={i:r,l:!1,exports:{}};return e[r].call(n.exports,n,n.exports,__webpack_require__),n.l=!0,n.exports}return __webpack_require__.m=e,__webpack_require__.c=t,__webpack_require__.d=function(e,t,r){__webpack_require__.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},__webpack_require__.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},__webpack_require__.t=function(e,t){if(1&t&&(e=__webpack_require__(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(__webpack_require__.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var n in e)__webpack_require__.d(r,n,function(t){return e[t]}.bind(null,n));return r},__webpack_require__.n=function(e){var t=e&&e.__esModule?functio

Chrome Cache Entry: 272

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	304869
Entropy (8bit):	5.351941261575681
Encrypted:	false
SSDEEP:	6144:Nt9ble5/FAWLxZNlAYKto51PYmx50g5Sx/2xWW5/LP58+59nMZcpejeQX5GGJsBZ:R4PYDx/2xZnB6W
MD5:	604DCA84D6A03FB5A322F2F31901B7A8
SHA1:	B950078AE57FA5625777DC920E723DA9F7442636
SHA-256:	E7180F0A73A3F0957763B4AF3530ED9D5F0C6A523CC0F005FBF6E36196928843
SHA-512:	8C215CDC2F0C09AA571F1CCE73814342003EA9BB4ACF957ABDD12CFC7EDD5D01C75FC8552552AF207185243CEF9F0E08922730780030C048C672F5D0ADD42D11
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-myca-iguazu-config/2.32.3/axp-myca-iguazu-config.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var a=function(a){var i={};function __webpack_require__(u){if(i[u])return i[u].exports;var s=i[u]={i:u,l:!1,exports:{}};return a[u].call(s.exports,s,s.exports,__webpack_require__),s.l=!0,s.exports}return __webpack_require__.m=a,__webpack_require__.c=i,__webpack_require__.d=function(a,i,u){__webpack_require__.o(a,i)\|\|Object.defineProperty(a,i,{enumerable:!0,get:u})},__webpack_require__.r=function(a){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(a,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(a,"__esModule",{value:!0})},__webpack_require__.t=function(a,i){if(1&i&&(a=__webpack_require__(a)),8&i)return a;if(4&i&&"object"==typeof a&&a&&a.__esModule)return a;var u=Object.create(null);if(__webpack_require__.r(u),Object.defineProperty(u,"default",{enumerable:!0,value:a}),2&i&&"string"!=typeof a)for(var s in a)__webpack_require__.d(u,s,function(i){return a[i]}.bind(null,s));return u},__webpack_require__.n=function(a){var i=a&&a.__esModule?functio

Chrome Cache Entry: 273

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1643
Entropy (8bit):	4.2559760841563055
Encrypted:	false
SSDEEP:	48:jGsSzhSLaWh6StQ7HT2m7qXNrUh+cR0c/6ierR:jEzQeWh6StQ7H17qdrUhdR0cSierR
MD5:	7C6C3493F958764FD6B2A550A98AB676
SHA1:	0D89801FF7089BCFDDDA2F22AB37DA7155948FF7
SHA-256:	56B8E90244C34621E294D3357EDFEF9A1467E501773ED21B25DC6367AB3D7803
SHA-512:	12E62F7086B75C05B8908784215DE1BC360EBCA9879F68A5E5352E2B82ED02FC5C8AF8033B4270267A79164F559084E22E9B8EAAC4D98F13CDAABD873D2192B6
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="100" height="28" viewBox="0 0 100 28"><path fill="none" d="M0 0h100v28H0z"/><path d="M96.1 20.3h-2.9c-.6 0-1.1-.4-1.1-.9 0-.6.5-.9 1.1-.9h5.3l1.2-2.7h-6.5c-2.7 0-4.2 1.6-4.2 3.7 0 2.2 1.5 3.5 3.8 3.5h2.9c.6 0 1.1.4 1.1.9s-.4.9-1.1.9h-6.4v2.7h6.4c2.7 0 4.2-1.6 4.2-3.8s-1.4-3.4-3.8-3.4m-11.7 0h-2.9c-.6 0-1.1-.4-1.1-.9 0-.6.5-.9 1.1-.9h5.3l1.2-2.7h-6.5c-2.7 0-4.2 1.6-4.2 3.7 0 2.2 1.5 3.5 3.8 3.5H84c.6 0 1.1.4 1.1.9s-.4.9-1.1.9h-6.4v2.7H84c2.7 0 4.2-1.6 4.2-3.8.1-2.2-1.3-3.4-3.8-3.4m-18.5 7.3h10v-2.7h-6.8V23h6.7v-2.7h-6.7v-1.9h6.8v-2.7h-10zm-6.2-6.8h-3.3v-2.4h3.3c.9 0 1.4.6 1.4 1.2 0 .7-.5 1.2-1.4 1.2m4.6-1.3c0-2.3-1.6-3.8-4.2-3.8h-6.9v11.9h3.2v-4.1h1.2l3.6 4.1H65l-3.9-4.3c2-.5 3.2-1.9 3.2-3.8M47.2 21h-3.4v-2.6h3.4c.9 0 1.4.6 1.4 1.3 0 .7-.4 1.3-1.4 1.3m.4-5.3h-6.9v11.9h3.2v-3.9h3.7c2.7 0 4.3-1.7 4.3-4-.1-2.4-1.7-4-4.3-4m-7.5 0H36l-3 3.6-3.1-3.6h-4.2l5.3 5.9-5.4 6h4.1l3.2-3.8 3.2 3.8h4.2l-5.4-6.1zM15.2 27.6h10v-2.7h-6.9V23H25v-2.7h-6.7v-1.9h6

Chrome Cache Entry: 274

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (28410)
Category:	downloaded
Size (bytes):	29271
Entropy (8bit):	5.20346826117845
Encrypted:	false
SSDEEP:	768:3vcTKABAYAcydIAgQmtEW4A8Ay8DiAhAimtEFRvXf8a97ShsvgrfSa9wtvfVap6Y:0TKABAYAcydIAN4LiAhAi/pvEsvvaqtk
MD5:	EA09CB5B6821E6B4D824B30FA6830039
SHA1:	88D953AF4772A99D3EF2041963C8F5FA0A14B52B
SHA-256:	5B5E7E7DB1F6198ACC82F666322D79131821DDD4CDAC35B8BDF30077F5FD3917
SHA-512:	97E71C338B22617A1113DD614C35426940E9D133196602FD50A96BA64700AC79114EA962A75444E12013C50AC78CF91A5390644A61233EB7A4617F9C88C200B3
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/1.6c5b4cfbc4c7e196e95d.chunk.js?Q_CLIENTVERSION=1.70.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=aexpfeedback
Preview:	./@preserve.Version 1.70.1./../@license. Copyright 2002 - 2018 Qualtrics, LLC.. * CONFIDENTIAL. All rights reserved.. . Notice: All code, text, concepts, and other information herein (collectively, the. * "Materials") are the sole property of Qualtrics, LLC, except to the extent. * otherwise indicated. The Materials are proprietary to Qualtrics and are protected. * under all applicable laws, including copyright, patent (as applicable), trade. * secret, and contract law. Disclosure or reproduction of any Materials is strictly. * prohibited without the express prior written consent of an authorized signatory. * of Qualtrics. For disclosure requests, please contact notice@qualtrics.com.. */..try {. (window["WAFQualtricsWebpackJsonP-hosted-1.70.1"]=window["WAFQualtricsWebpackJsonP-hosted-1.70.1"]\|\|[]).push([[1],{23:function(e,t,i){"use strict";i.d(t,"a",function(){return o});var n=function(e,t,i,n){return new(i\|\|(i=Promise))(func

Chrome Cache Entry: 275

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32092), with CRLF line terminators
Category:	downloaded
Size (bytes):	34731
Entropy (8bit):	5.331222310764402
Encrypted:	false
SSDEEP:	768:fVZfst4F6Z2gIApjyWfpVG/aGDrvDZVZrxHmyNRGvz:dtFW2gIABh+vxr1Y7
MD5:	289D5AC7BC28C5DBCED03A38D2D59420
SHA1:	6162CC0200EFEADE667EF660E81053B404CB0A0C
SHA-256:	EDE20A36B682BB11E6705DB547356DF875EB07B93A1AB64AE47C705F9CA24816
SHA-512:	338BA36EC886DBF4A2F1150CB4A33422EC698E698DEB1FAB8923392B43C256D6CE33AD881AAE2826F7546F6342FC4C08748E6D8513FDC000C52F74409255289E
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/api/axpi/omniture/launch/1.4.9/dcb19cbd6cbf/b4385da1798a/74e098123439/EX480c649e1d664adbae05f25dad34956e-libraryCode_source.min.js
Preview:	// For license information, see `https://www.aexp-static.com/cdaas/api/axpi/omniture/launch/1.4.9/dcb19cbd6cbf/b4385da1798a/74e098123439/EX480c649e1d664adbae05f25dad34956e-libraryCode_source.min.js`...function a_digitalDatavars(){window.isddl=!1,window.metaKeyOmn=[],window.loggedCampaigns=[]}function AppMeasurement(e){var t=this;t.version="2.23.0";var n=window;n.s_c_in\|\|(n.s_c_il=[],n.s_c_in=0),t._il=n.s_c_il,t._in=n.s_c_in,t._il[t._in]=t,n.s_c_in++,t._c="s_c";var i=n.AppMeasurement.mc;i\|\|(i=null);var r,a,s,o=n;try{for(r=o.parent,a=o.location;r&&r.location&&a&&""+r.location!=""+a&&o.location&&""+r.location!=""+o.location&&r.location.host===a.host;)r=(o=r).parent}catch(e){}t.log=function(e){try{console.log(e)}catch(e){}},t.Sa=function(e){return""+parseInt(e)==""+e},t.replace=function(e,t,n){return!e\|\|0>e.indexOf(t)?e:e.split(t).join(n)},t.escape=function(e){var n,i;if(!e)return e;for(e=encodeURIComponent(e),n=0;7>n;n++)i="+~!*()'".substring(n,n+1),0<=e.indexOf(i)&&(e=t.replace(e,i,"%"+i

Chrome Cache Entry: 276

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 277

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 278

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 279

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 280

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	366318
Entropy (8bit):	5.063817612262528
Encrypted:	false
SSDEEP:	1536:k0C5fpnw3T1C1HH5W69lywDSD/oM+cHotZ2qIoDD82t/eqnwFa9qHtu03Qfa1s3o:Zu03Mvs8gJHR40UZi1g8v+ObemsLAD
MD5:	D4F6C3591835EB7DD537E0B4DC46B49D
SHA1:	402D69BFC83C2477B72FA978D01045A124E5BAF5
SHA-256:	5697EC2A5B964C283B604E35B4B9A8E550014FD6EBD602A849FD85038113D78B
SHA-512:	A69F67F8B9CCA80C56EC2CC66D3AAF696F86D444F8ECB48A611C71CFB03D2A24B59D09C3BC22802B8CCB57E0D0A807FBB0060BCE73E9DEC31EB34B6057E35199
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.24.0/package/dist/6.24.0/styles/dls.min.css
Preview:	/! normalize-scss \| MIT/GPLv2 License \| bit.ly/normalize-scss /html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure{display:block}figure{margin:1em 40px}hr{box-sizing:content-box;height:0;overflow:visible}main{display:block}pre{font-family:monospace,monospace;font-size:1em}a{-webkit-text-decoration-skip:objects}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:inherit;font-weight:bolder}code,kbd,samp{font-family:monospace,monospace;font-size:1em}dfn{font-style:italic}mark{background-color:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}audio,video{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root)

Chrome Cache Entry: 281

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	1646
Entropy (8bit):	4.25586284107187
Encrypted:	false
SSDEEP:	48:jGsSzhSLaWh6StQ7HT2m7qXNrUh+cR0c/6ierhi:jEzQeWh6StQ7H17qdrUhdR0cSierhi
MD5:	78AF472D7F07AACD83D8E224C119950A
SHA1:	B04F7889C9277106B40EF90B7B19C1091884D876
SHA-256:	FC69234936C0DF004440641A5DF9EE1E3C3532DF5780984F0F636E85E8788519
SHA-512:	AC57E0F3537B43926D853440EB2B29A00ACBE9F44C6F06A05529010803BE704BA8F7CA0ADC2595264651D75D8676C6EBD1AC0D9B82E801721DF5F2140C1098CE
Malicious:	false
Reputation:	low
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="100" height="28" viewBox="0 0 100 28"><path fill="none" d="M0 0h100v28H0z"/><path d="M96.1 20.3h-2.9c-.6 0-1.1-.4-1.1-.9 0-.6.5-.9 1.1-.9h5.3l1.2-2.7h-6.5c-2.7 0-4.2 1.6-4.2 3.7 0 2.2 1.5 3.5 3.8 3.5h2.9c.6 0 1.1.4 1.1.9s-.4.9-1.1.9h-6.4v2.7h6.4c2.7 0 4.2-1.6 4.2-3.8s-1.4-3.4-3.8-3.4m-11.7 0h-2.9c-.6 0-1.1-.4-1.1-.9 0-.6.5-.9 1.1-.9h5.3l1.2-2.7h-6.5c-2.7 0-4.2 1.6-4.2 3.7 0 2.2 1.5 3.5 3.8 3.5H84c.6 0 1.1.4 1.1.9s-.4.9-1.1.9h-6.4v2.7H84c2.7 0 4.2-1.6 4.2-3.8.1-2.2-1.3-3.4-3.8-3.4m-18.5 7.3h10v-2.7h-6.8V23h6.7v-2.7h-6.7v-1.9h6.8v-2.7h-10zm-6.2-6.8h-3.3v-2.4h3.3c.9 0 1.4.6 1.4 1.2 0 .7-.5 1.2-1.4 1.2m4.6-1.3c0-2.3-1.6-3.8-4.2-3.8h-6.9v11.9h3.2v-4.1h1.2l3.6 4.1H65l-3.9-4.3c2-.5 3.2-1.9 3.2-3.8M47.2 21h-3.4v-2.6h3.4c.9 0 1.4.6 1.4 1.3 0 .7-.4 1.3-1.4 1.3m.4-5.3h-6.9v11.9h3.2v-3.9h3.7c2.7 0 4.3-1.7 4.3-4-.1-2.4-1.7-4-4.3-4m-7.5 0H36l-3 3.6-3.1-3.6h-4.2l5.3 5.9-5.4 6h4.1l3.2-3.8 3.2 3.8h4.2l-5.4-6.1zM15.2 27.6h10v-2.7h-6.9V23H25v-2.7h-6.7v-1.9h6

Chrome Cache Entry: 282

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	554594
Entropy (8bit):	5.40124797361491
Encrypted:	false
SSDEEP:	12288:EpypqGkHNyQpJpq5Ldf3x1HNHFHaM7yuUbYR:Hx5LdT
MD5:	16FD8FCE5D0B5F49025D8B1C2E9F7AA5
SHA1:	204919BF2DC1509A46EB75267D794F37171F2B01
SHA-256:	4704A5DE4617A18FE96FCEA174E78FFDB530907417BC9964C14912F293E124B4
SHA-512:	1FFABD15862D9C899B49BD00D48C414FED7A88CDE5124DF4E9D9A402B400F9AFAA6B177435FD20AFC3D4F3DCC3542F48423047B6DC80B19B305ED4422145FD47
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-consumer-navigation/1.0.0/axp-consumer-navigation.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var G=function(G){var fe={};function __webpack_require__(de){if(fe[de])return fe[de].exports;var pe=fe[de]={i:de,l:!1,exports:{}};return G[de].call(pe.exports,pe,pe.exports,__webpack_require__),pe.l=!0,pe.exports}return __webpack_require__.m=G,__webpack_require__.c=fe,__webpack_require__.d=function(G,fe,de){__webpack_require__.o(G,fe)\|\|Object.defineProperty(G,fe,{enumerable:!0,get:de})},__webpack_require__.r=function(G){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(G,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(G,"__esModule",{value:!0})},__webpack_require__.t=function(G,fe){if(1&fe&&(G=__webpack_require__(G)),8&fe)return G;if(4&fe&&"object"==typeof G&&G&&G.__esModule)return G;var de=Object.create(null);if(__webpack_require__.r(de),Object.defineProperty(de,"default",{enumerable:!0,value:G}),2&fe&&"string"!=typeof G)for(var pe in G)__webpack_require__.d(de,pe,function(fe){return G[fe]}.bind(null,pe));return de},__webpack_require__.n=func

Chrome Cache Entry: 283

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	5624
Entropy (8bit):	3.897995256362582
Encrypted:	false
SSDEEP:	96:GL5GLGGGa7GDaSFF77W87yCG++7d9iYGGeJ7G1j4GeJSAGj7GetIR747WqyCGkWW:G9PO2XHW8G7B59iYGLE8ih/gRsWP7pTS
MD5:	56ADDBA553083EB384B100CBB7E8632F
SHA1:	F718526F1EF720E5D361536615595D5BFC3C9688
SHA-256:	5E60A20DA0F769A6260D4ED755D615DA930B87C62436F807A6FF32D000017D18
SHA-512:	8E25C45C3CB1C056CDBD40E83BFCAE2594C4346C5664D28599C81F84D143970D02C65EA47AC2D74D35B76AC913CC28CC2BD5490283F8877B17DEE63C315FE8A7
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/flags/dls-flag-us.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="100" height="69" viewBox="0 0 100 69"><path fill="#FFF" d="M0 0h100v69H0z"/><path fill="#BD3D44" d="M0 0h100v5.308H0V0zm0 10.615h100v5.308H0v-5.308zm0 10.616h100v5.308H0V21.23zm0 10.615h100v5.308H0v-5.308zm0 10.616h100v5.308H0v-5.308zm0 10.615h100v5.308H0v-5.308zm0 10.616h100V69H0v-5.308z"/><path fill="#192F5D" d="M0 0h52.44v37.154H0V0z"/><path fill="#FFF" d="M4.37 1.59l.477 1.469h1.544l-1.249.907.477 1.469-1.25-.908-1.248.908.477-1.469-1.25-.907h1.545L4.37 1.59zm8.74 0l.477 1.469h1.544l-1.249.907.477 1.469-1.249-.908-1.249.908.477-1.469-1.25-.907h1.545l.477-1.469zm8.74 0l.477 1.469h1.545l-1.25.907.478 1.469-1.25-.908-1.249.908.477-1.469-1.249-.907h1.544l.477-1.469zm8.74 0l.477 1.469h1.544l-1.249.907.477 1.469-1.249-.908-1.25.908.478-1.469-1.25-.907h1.545l.477-1.469zm8.74 0l.477 1.469h1.545l-1.25.907.478 1.469-1.25-.908-1.249.908.477-1.469-1.249-.907h1.544l.477-1.469zm8.74 0l.478 1.469h1.544l-1.25.907.478 1.469-1.25-.908-1.249.908.478-1.46

Chrome Cache Entry: 284

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (31865)
Category:	downloaded
Size (bytes):	334307
Entropy (8bit):	6.1928956591117785
Encrypted:	false
SSDEEP:	6144:God8ovScojFIo5yoBpoQZoAnitUPj6j51osrCe1DQZF2kDvqWljF8rZcofi:Go8fnsCe1DSFFvq+8qo6
MD5:	595879BCBB4299126A67689E044BA625
SHA1:	A9DD56B33CCFFCAEE1780ED861B9D7C3C7636248
SHA-256:	25C21D15F28ABE252FD4C9844B27BE9E89D9D08EECF378DB4CE7D5B72D82E649
SHA-512:	DE1CD50CFA7E34455910CC156753AEB37E27FEAD1360753F2B8FC1285BF1F54362ADFFD046CCD7C949D7407A53977AED44B2D4EB3933EF6857FB6F00432446A4
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one-app/modules/axp-footer/4.30.25/axp-footer.browser.js?clientCacheRevision=0ff83446-9d42-4712-8e86-b01da310ad6a
Preview:	!function(){var f=function(f){var c={};function __webpack_require__(Y){if(c[Y])return c[Y].exports;var v=c[Y]={i:Y,l:!1,exports:{}};return f[Y].call(v.exports,v,v.exports,__webpack_require__),v.l=!0,v.exports}return __webpack_require__.m=f,__webpack_require__.c=c,__webpack_require__.d=function(f,c,Y){__webpack_require__.o(f,c)\|\|Object.defineProperty(f,c,{enumerable:!0,get:Y})},__webpack_require__.r=function(f){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(f,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(f,"__esModule",{value:!0})},__webpack_require__.t=function(f,c){if(1&c&&(f=__webpack_require__(f)),8&c)return f;if(4&c&&"object"==typeof f&&f&&f.__esModule)return f;var Y=Object.create(null);if(__webpack_require__.r(Y),Object.defineProperty(Y,"default",{enumerable:!0,value:f}),2&c&&"string"!=typeof f)for(var v in f)__webpack_require__.d(Y,v,function(c){return f[c]}.bind(null,v));return Y},__webpack_require__.n=function(f){var c=f&&f.__esModule?functio

Chrome Cache Entry: 285

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.08273347736514
Encrypted:	false
SSDEEP:	12:YgARF/ARFBfj92LdwC0m2FhPnGXjX2Fc6:YgE12Bf0UtGXjX2Fc6
MD5:	65BE367FFE272ED2D34889BF7EE53263
SHA1:	EA28802282CB61E59A6469CC1393F50422EC91F5
SHA-256:	E4975BE7A823EE4FF14C61A92F0232C2D1D89DD9B441139110EC0422836E3C2F
SHA-512:	5EBF9A59A867CB022E607D4945245D11F7E61D862D3D61B05464203835B14B8F1CA73E0BFE33977F7179A2BFC70B167D1115F77A7595165E6D6C80ACED40636E
Malicious:	false
Reputation:	low
Preview:	{"name":"qualtrics","version":"1.71.0","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/qualtricsIntercept.js\",\"integrity\":\"sha256-QQKepLozgDovAgNUkx016jem6t6NmTbqE0cY9PJL6TU=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":false,\"functional\":true,\"performance\":false,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 286

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	4.369707376737533
Encrypted:	false
SSDEEP:	3:wZkKaQ0x6d:wZDIcd
MD5:	7FC8633AB4063FC68D1E25FA8A90C53D
SHA1:	C3EAC2CF2AE24B5B11E94FD882B5EA0144FE728D
SHA-256:	6EC1D233D26BC2F7A2F292476FD567238FFBB188582250325E68E22914CAD031
SHA-512:	F3B7BB8DD539E3CB94EA227C9175757F3280C63169E566043D9F844F0ABA8F51137C190C439E37316F47DD59B2D9373F3215C325C084B7DBE959EB9F74D70BDF
Malicious:	false
Reputation:	low
Preview:	FL(BF)\|Error=Beacon body is empty

Chrome Cache Entry: 287

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (31923), with CRLF line terminators
Category:	downloaded
Size (bytes):	302110
Entropy (8bit):	5.3764480931908
Encrypted:	false
SSDEEP:	6144:IDxg4AcBPxMBAi9SZdlfKO/dM8Z/kftxBPFQGXQSUDt0SG0l58p0UhmMJmMImMQW:LPNw6SG0op0UhmMJmMImMQmMRmMOMI
MD5:	4BCA4EA1CEEA06EF75AF710832B239A0
SHA1:	F310BED2271FDCD0BA7A962E75769D8BCE286DE4
SHA-256:	8D87473C8E2D25564D0BB02751D779E97B48B0FB61B898DC5BE4B6AF57C0B298
SHA-512:	1CB5B3F0D8923D1B813E21CF198645C7A5D93DCF3E4C68E0515000075DA874B9DA051E64B8593A05A095760DA7DC3972C1D411E605311E8061DCCD67BF7D780B
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/api/axpi/omniture/launch/1.4.9/launch-b363d6c28b7c.min.js
Preview:	// For license information, see `https://www.aexp-static.com/cdaas/api/axpi/omniture/launch/1.4.9/launch-b363d6c28b7c.min.js`...window._satellite=window._satellite\|\|{},window._satellite.container={buildInfo:{minified:!0,buildDate:"2024-04-03T03:58:38Z",turbineBuildDate:"2023-02-22T20:37:26Z",turbineVersion:"27.5.0"},environment:{id:"EN4e052c78d4a44d35a14671635a87dd0f",stage:"production"},dataElements:{serializedeventmap:{defaultValue:"",storageDuration:"pageview",modulePath:"core/src/lib/dataElements/customCode.js",settings:{source:function(){return function(e){var t={cardApplication_approved:"event63:"+_satellite.getVar("serializationid")("pcn"),cardApplication_pended:"event9:"+_satellite.getVar("serializationid")("pcn"),cardApplication_conditionallyapproved:"event9:"+_satellite.getVar("serializationid")("pcn"),cardApplication_declined:"event11:"+_satellite.getVar("serializationid")("pcn"),cardApplication_cancelled:"event67:"+_satellite.getVar("serializationid")("pcn"),cardUpgrade_upg

Chrome Cache Entry: 288

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (3704)
Category:	downloaded
Size (bytes):	3710
Entropy (8bit):	5.830908104331048
Encrypted:	false
SSDEEP:	96:UliKPFd66666iV+QYy0WBoW54Pj6bxIbK8YeqWWEKa+fffffX:CvPFd66666iV+QYy36kxIKLWWEk
MD5:	C80EAA6578FDB3CF7020602F8306492F
SHA1:	B1967B90B3CCFE93DFEDB05F2057C9D4E08D9046
SHA-256:	185445EBC4FA6C96D29D2A94E90406520DC12A6C004C31D6A677BA767B3C4997
SHA-512:	E22C9662EE1B937E56BAAC8BBDA0C851793A1B4D5A56AD28417C7570669EDA65F1ECEFA048DE449DEC26CF37FF04353DF7D6DD36C949992F9DAD19F9AE3B76D3
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["kentucky basketball transfer portal","nichole hart walmart manager","ctc child tax credit","when fallout season 2","sony ps5 pro","brood xiii cicadas","salvador p.rez","tekken 8 patch notes"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8waDNsdjN4EiRWZW5lenVlbGFuLUFtZXJpY2FuIGJhc2ViYWxsIGNhdGNoZXIy/w9kYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQU93TUJJZ0FDRVFFREVRSC94QUFiQUFBQ0FnTUJBQUFBQUFBQUFBQUFBQUFGQmdNRUFRSUhBUC9FQURZUUFBRUVBQVFEQmdNRkNRQUFBQUFBQUFFQ0F3UVJBQVVTSVJNaU1SUkJVV0Z4a1Fh

Chrome Cache Entry: 289

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	433
Entropy (8bit):	5.094228865049996
Encrypted:	false
SSDEEP:	12:YhZSuvwF/RFBf2NH7dwC0m2XghIGXjX2Fc6:YhZSuvw13BfOHH6gbXjX2Fc6
MD5:	43836660FEFC8C72510A2BF8881F551B
SHA1:	B77D0ECBABB28D9D4FD94293E5D27F7E285B832B
SHA-256:	AFEA722CC0278A1A895A3F506947C0A8A2520AAEFBD03E1DFA688E7235CFF1B8
SHA-512:	9F531F69679B3AE86772D9A620F223F7F18265DEF336D76A7B9A85F75FF7B2CDB881AC4C48F0FAF998878EE66A86443630C4A1D91E3CF94B142B53CB0C968168
Malicious:	false
Reputation:	low
Preview:	{"name":"chatwrapper","version":"1.1.5","bundle":"{\"attributes\":{\"src\":\"https://www.aexp-static.com/cdaas/one/axp-chat-router/1.1.5/chatWrapper.js\",\"integrity\":\"sha256-DPGz33hPmDgRPYgklUC3mlFUQf77NUkIGvDCqncZe0E=\",\"crossOrigin\":\"anonymous\"},\"classifications\":{\"essential\":true,\"functional\":false,\"performance\":false,\"amexMarketing\":false,\"thirdPartyMarketing\":false,\"scriptSupplierHandlesConsent\":true}}"}

Chrome Cache Entry: 290

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2693), with no line terminators
Category:	downloaded
Size (bytes):	2693
Entropy (8bit):	5.237879105666622
Encrypted:	false
SSDEEP:	48:9riTuOzANg4dokVJtmxsAVwG70h7ZAtenrQCg0BnP:BiTYfn2oGIB6MnhP
MD5:	3C6742374D4A35EA65CF09C23BFB6097
SHA1:	C79F2953D08F9FEB221713147BB27A2BFB19D77F
SHA-256:	41029EA4BA33803A2F020354931D35EA37A6EADE8D9936EA134718F4F24BE935
SHA-512:	9DDD8738595FF0BDBB2E251C6FDC5D1F673D5F29D82F74D3AD74210FE89886A4D44284848EC8434A644CDB35861C710BD0BDAA3D5CA768F56DC087D548735B1A
Malicious:	false
Reputation:	low
URL:	https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/qualtricsIntercept.js
Preview:	!function(n){var i={};function r(e){if(i[e])return i[e].exports;var t=i[e]={i:e,l:!1,exports:{}};return n[e].call(t.exports,t,t.exports,r),t.l=!0,t.exports}r.m=n,r.c=i,r.d=function(e,t,n){r.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},r.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.t=function(t,e){if(1&e&&(t=r(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var i in t)r.d(n,i,function(e){return t[e]}.bind(null,i));return n},r.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(t,"a",t),t},r.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},r.p="",r(r.s=0)}([function(e,t){!function(){if(void 0===window.QSI){var e=window.scriptConfig&&window.scri

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 16, 2024 15:30:36.619836092 CEST	49671	443	192.168.2.18	23.79.187.180
Apr 16, 2024 15:30:36.619841099 CEST	49672	80	192.168.2.18	23.76.32.107
Apr 16, 2024 15:30:53.845915079 CEST	49693	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:30:53.845947981 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:53.846076012 CEST	49693	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:30:53.846982002 CEST	49693	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:30:53.846996069 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:54.272047043 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:54.272458076 CEST	49693	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:30:54.284001112 CEST	49693	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:30:54.284038067 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:54.284615993 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:54.303134918 CEST	49693	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:30:54.344156027 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:54.671578884 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:54.671613932 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:54.671704054 CEST	49693	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:30:54.671725035 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:54.671755075 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:54.671807051 CEST	49693	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:30:54.671859026 CEST	49693	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:30:54.671892881 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:54.671925068 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:54.671972036 CEST	49693	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:30:54.690026045 CEST	49693	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:30:54.690047979 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:54.690059900 CEST	49693	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:30:54.690066099 CEST	443	49693	52.165.165.26	192.168.2.18
Apr 16, 2024 15:30:56.390640974 CEST	49697	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:56.390686989 CEST	443	49697	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:56.390820980 CEST	49697	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:56.391658068 CEST	49697	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:56.391669989 CEST	443	49697	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:56.607723951 CEST	443	49697	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:56.607985973 CEST	49697	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:56.610992908 CEST	49697	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:56.611006975 CEST	443	49697	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:56.611299992 CEST	443	49697	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:56.633100986 CEST	49697	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:56.676126003 CEST	443	49697	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:56.809576035 CEST	443	49697	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:56.809639931 CEST	443	49697	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:56.809696913 CEST	49697	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:56.809760094 CEST	49697	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:56.809775114 CEST	443	49697	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:56.809793949 CEST	49697	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:56.809798956 CEST	443	49697	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:56.842048883 CEST	49698	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:56.842106104 CEST	443	49698	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:56.842187881 CEST	49698	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:56.842437983 CEST	49698	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:56.842453003 CEST	443	49698	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:57.054323912 CEST	443	49698	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:57.054400921 CEST	49698	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:57.055814981 CEST	49698	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:57.055829048 CEST	443	49698	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:57.056175947 CEST	443	49698	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:57.057071924 CEST	49698	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:57.100116014 CEST	443	49698	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:57.261570930 CEST	443	49698	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:57.261655092 CEST	443	49698	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:57.261701107 CEST	49698	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:57.262643099 CEST	49698	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:57.262660027 CEST	443	49698	184.31.62.93	192.168.2.18
Apr 16, 2024 15:30:57.262671947 CEST	49698	443	192.168.2.18	184.31.62.93
Apr 16, 2024 15:30:57.262676001 CEST	443	49698	184.31.62.93	192.168.2.18
Apr 16, 2024 15:31:02.882191896 CEST	49673	443	192.168.2.18	204.79.197.203
Apr 16, 2024 15:31:03.184842110 CEST	49673	443	192.168.2.18	204.79.197.203
Apr 16, 2024 15:31:03.790769100 CEST	49673	443	192.168.2.18	204.79.197.203
Apr 16, 2024 15:31:05.005860090 CEST	49673	443	192.168.2.18	204.79.197.203
Apr 16, 2024 15:31:06.175705910 CEST	49684	80	192.168.2.18	192.229.211.108
Apr 16, 2024 15:31:07.419826984 CEST	49673	443	192.168.2.18	204.79.197.203
Apr 16, 2024 15:31:10.016186953 CEST	49679	443	192.168.2.18	52.182.141.63
Apr 16, 2024 15:31:10.318805933 CEST	49679	443	192.168.2.18	52.182.141.63
Apr 16, 2024 15:31:10.933860064 CEST	49679	443	192.168.2.18	52.182.141.63
Apr 16, 2024 15:31:12.137836933 CEST	49679	443	192.168.2.18	52.182.141.63
Apr 16, 2024 15:31:12.232850075 CEST	49673	443	192.168.2.18	204.79.197.203
Apr 16, 2024 15:31:14.544791937 CEST	49679	443	192.168.2.18	52.182.141.63
Apr 16, 2024 15:31:19.357783079 CEST	49679	443	192.168.2.18	52.182.141.63
Apr 16, 2024 15:31:21.837814093 CEST	49673	443	192.168.2.18	204.79.197.203
Apr 16, 2024 15:31:28.971859932 CEST	49679	443	192.168.2.18	52.182.141.63
Apr 16, 2024 15:31:29.511094093 CEST	49704	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:31:29.511127949 CEST	443	49704	64.233.177.103	192.168.2.18
Apr 16, 2024 15:31:29.511231899 CEST	49704	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:31:29.511425018 CEST	49704	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:31:29.511432886 CEST	443	49704	64.233.177.103	192.168.2.18
Apr 16, 2024 15:31:29.727591038 CEST	443	49704	64.233.177.103	192.168.2.18
Apr 16, 2024 15:31:29.727919102 CEST	49704	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:31:29.727953911 CEST	443	49704	64.233.177.103	192.168.2.18
Apr 16, 2024 15:31:29.728826046 CEST	443	49704	64.233.177.103	192.168.2.18
Apr 16, 2024 15:31:29.728888988 CEST	49704	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:31:29.730000019 CEST	49704	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:31:29.730052948 CEST	443	49704	64.233.177.103	192.168.2.18
Apr 16, 2024 15:31:29.774811029 CEST	49704	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:31:29.774833918 CEST	443	49704	64.233.177.103	192.168.2.18
Apr 16, 2024 15:31:29.822849035 CEST	49704	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:31:30.852919102 CEST	49705	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:31:30.852978945 CEST	443	49705	52.165.165.26	192.168.2.18
Apr 16, 2024 15:31:30.853075027 CEST	49705	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:31:30.853385925 CEST	49705	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:31:30.853400946 CEST	443	49705	52.165.165.26	192.168.2.18
Apr 16, 2024 15:31:31.259572029 CEST	443	49705	52.165.165.26	192.168.2.18
Apr 16, 2024 15:31:31.259666920 CEST	49705	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:31:31.261250019 CEST	49705	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:31:31.261260033 CEST	443	49705	52.165.165.26	192.168.2.18
Apr 16, 2024 15:31:31.261516094 CEST	443	49705	52.165.165.26	192.168.2.18
Apr 16, 2024 15:31:31.263721943 CEST	49705	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:31:31.308114052 CEST	443	49705	52.165.165.26	192.168.2.18
Apr 16, 2024 15:31:31.656368017 CEST	443	49705	52.165.165.26	192.168.2.18
Apr 16, 2024 15:31:31.656394005 CEST	443	49705	52.165.165.26	192.168.2.18
Apr 16, 2024 15:31:31.656408072 CEST	443	49705	52.165.165.26	192.168.2.18
Apr 16, 2024 15:31:31.656482935 CEST	49705	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:31:31.656508923 CEST	443	49705	52.165.165.26	192.168.2.18
Apr 16, 2024 15:31:31.656523943 CEST	443	49705	52.165.165.26	192.168.2.18
Apr 16, 2024 15:31:31.656573057 CEST	49705	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:31:31.658705950 CEST	49705	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:31:31.658721924 CEST	443	49705	52.165.165.26	192.168.2.18
Apr 16, 2024 15:31:31.658736944 CEST	49705	443	192.168.2.18	52.165.165.26
Apr 16, 2024 15:31:31.658742905 CEST	443	49705	52.165.165.26	192.168.2.18
Apr 16, 2024 15:31:35.459323883 CEST	49740	443	192.168.2.18	192.243.240.8
Apr 16, 2024 15:31:35.459367037 CEST	443	49740	192.243.240.8	192.168.2.18
Apr 16, 2024 15:31:35.459425926 CEST	49740	443	192.168.2.18	192.243.240.8
Apr 16, 2024 15:31:35.459639072 CEST	49740	443	192.168.2.18	192.243.240.8
Apr 16, 2024 15:31:35.459650993 CEST	443	49740	192.243.240.8	192.168.2.18
Apr 16, 2024 15:31:39.740721941 CEST	443	49704	64.233.177.103	192.168.2.18
Apr 16, 2024 15:31:39.740879059 CEST	443	49704	64.233.177.103	192.168.2.18
Apr 16, 2024 15:31:39.740943909 CEST	49704	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:31:39.742079020 CEST	49704	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:31:39.742098093 CEST	443	49704	64.233.177.103	192.168.2.18
Apr 16, 2024 15:31:42.452387094 CEST	49821	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:42.452419996 CEST	443	49821	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:42.452495098 CEST	49821	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:42.452688932 CEST	49821	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:42.452702045 CEST	443	49821	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:42.696383953 CEST	443	49821	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:42.696822882 CEST	49821	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:42.696854115 CEST	443	49821	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:42.697750092 CEST	443	49821	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:42.697833061 CEST	49821	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:42.698828936 CEST	49821	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:42.698889971 CEST	443	49821	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:42.698987007 CEST	49821	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:42.698999882 CEST	443	49821	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:42.750761032 CEST	49821	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:42.927428961 CEST	443	49821	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:42.927500963 CEST	443	49821	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:42.927671909 CEST	49821	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:42.928680897 CEST	49821	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:42.928694010 CEST	443	49821	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:42.929991007 CEST	49825	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:42.930022955 CEST	443	49825	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:42.930238008 CEST	49825	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:42.930325031 CEST	49825	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:42.930339098 CEST	443	49825	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:43.173978090 CEST	443	49825	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:43.174359083 CEST	49825	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:43.174391985 CEST	443	49825	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:43.174870968 CEST	443	49825	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:43.176837921 CEST	49825	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:43.176943064 CEST	443	49825	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:43.176990032 CEST	49825	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:43.224119902 CEST	443	49825	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:43.229763031 CEST	49825	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:43.415441036 CEST	443	49825	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:43.415556908 CEST	443	49825	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:43.415622950 CEST	49825	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:43.416167021 CEST	49825	443	192.168.2.18	52.4.85.254
Apr 16, 2024 15:31:43.416182995 CEST	443	49825	52.4.85.254	192.168.2.18
Apr 16, 2024 15:31:43.422622919 CEST	49827	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:43.422650099 CEST	443	49827	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:43.422739029 CEST	49827	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:43.422960043 CEST	49827	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:43.422970057 CEST	443	49827	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:43.523943901 CEST	49828	443	192.168.2.18	3.223.253.145
Apr 16, 2024 15:31:43.523989916 CEST	443	49828	3.223.253.145	192.168.2.18
Apr 16, 2024 15:31:43.524079084 CEST	49828	443	192.168.2.18	3.223.253.145
Apr 16, 2024 15:31:43.524312973 CEST	49828	443	192.168.2.18	3.223.253.145
Apr 16, 2024 15:31:43.524337053 CEST	443	49828	3.223.253.145	192.168.2.18
Apr 16, 2024 15:31:43.667844057 CEST	443	49827	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:43.668104887 CEST	49827	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:43.668128014 CEST	443	49827	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:43.669105053 CEST	443	49827	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:43.669173956 CEST	49827	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:43.670095921 CEST	49827	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:43.670182943 CEST	443	49827	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:43.670260906 CEST	49827	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:43.670267105 CEST	443	49827	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:43.721757889 CEST	49827	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:43.767508030 CEST	443	49828	3.223.253.145	192.168.2.18
Apr 16, 2024 15:31:43.767853022 CEST	49828	443	192.168.2.18	3.223.253.145
Apr 16, 2024 15:31:43.767883062 CEST	443	49828	3.223.253.145	192.168.2.18
Apr 16, 2024 15:31:43.769313097 CEST	443	49828	3.223.253.145	192.168.2.18
Apr 16, 2024 15:31:43.769404888 CEST	49828	443	192.168.2.18	3.223.253.145
Apr 16, 2024 15:31:43.769651890 CEST	49828	443	192.168.2.18	3.223.253.145
Apr 16, 2024 15:31:43.769716024 CEST	443	49828	3.223.253.145	192.168.2.18
Apr 16, 2024 15:31:43.769776106 CEST	49828	443	192.168.2.18	3.223.253.145
Apr 16, 2024 15:31:43.769783020 CEST	443	49828	3.223.253.145	192.168.2.18
Apr 16, 2024 15:31:43.816879034 CEST	49828	443	192.168.2.18	3.223.253.145
Apr 16, 2024 15:31:43.912708998 CEST	443	49827	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:43.912786961 CEST	443	49827	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:43.914387941 CEST	49827	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:43.915592909 CEST	49827	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:43.915616989 CEST	443	49827	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:43.961632013 CEST	49831	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:43.961662054 CEST	443	49831	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:43.961785078 CEST	49831	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:43.962264061 CEST	49831	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:43.962274075 CEST	443	49831	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.005095959 CEST	443	49828	3.223.253.145	192.168.2.18
Apr 16, 2024 15:31:44.005206108 CEST	443	49828	3.223.253.145	192.168.2.18
Apr 16, 2024 15:31:44.005286932 CEST	49828	443	192.168.2.18	3.223.253.145
Apr 16, 2024 15:31:44.006058931 CEST	49828	443	192.168.2.18	3.223.253.145
Apr 16, 2024 15:31:44.006073952 CEST	443	49828	3.223.253.145	192.168.2.18
Apr 16, 2024 15:31:44.042434931 CEST	49833	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.042460918 CEST	443	49833	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.042545080 CEST	49833	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.042840004 CEST	49833	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.042854071 CEST	443	49833	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.202881098 CEST	443	49831	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.204113960 CEST	49831	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.204138994 CEST	443	49831	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.204626083 CEST	443	49831	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.205125093 CEST	49831	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.205212116 CEST	443	49831	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.205553055 CEST	49831	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.205583096 CEST	443	49831	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.288043022 CEST	443	49833	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.288409948 CEST	49833	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.288435936 CEST	443	49833	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.292073965 CEST	443	49833	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.292152882 CEST	49833	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.292670965 CEST	49833	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.292844057 CEST	443	49833	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.292934895 CEST	49833	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.292948008 CEST	443	49833	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.342781067 CEST	49833	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.447726011 CEST	443	49831	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.447803020 CEST	443	49831	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.447886944 CEST	49831	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.448822975 CEST	49831	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.448839903 CEST	443	49831	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.451900005 CEST	49835	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.451941967 CEST	443	49835	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.452033997 CEST	49835	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.452373028 CEST	49835	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.452383995 CEST	443	49835	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.452761889 CEST	49836	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.452795029 CEST	443	49836	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.452857018 CEST	49836	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.453080893 CEST	49836	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.453092098 CEST	443	49836	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.542180061 CEST	443	49833	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.542273045 CEST	443	49833	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.542359114 CEST	49833	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.543389082 CEST	49833	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.543401957 CEST	443	49833	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.693741083 CEST	443	49836	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.694160938 CEST	49836	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.694220066 CEST	443	49836	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.694552898 CEST	443	49836	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.694968939 CEST	49836	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.695040941 CEST	443	49836	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.695198059 CEST	49836	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.695240021 CEST	443	49836	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.697901011 CEST	443	49835	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.698160887 CEST	49835	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.698221922 CEST	443	49835	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.699346066 CEST	443	49835	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.699716091 CEST	49835	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.699897051 CEST	443	49835	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.699898005 CEST	49835	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.700004101 CEST	443	49835	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.741790056 CEST	49835	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.933693886 CEST	443	49836	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.933773994 CEST	443	49836	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.933876991 CEST	49836	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.934990883 CEST	49836	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.935014009 CEST	443	49836	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.944854975 CEST	443	49835	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.944921970 CEST	443	49835	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.944972992 CEST	49835	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.945588112 CEST	49835	443	192.168.2.18	63.140.38.236
Apr 16, 2024 15:31:44.945605040 CEST	443	49835	63.140.38.236	192.168.2.18
Apr 16, 2024 15:31:44.948075056 CEST	49839	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.948096037 CEST	443	49839	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:44.948180914 CEST	49839	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.948405981 CEST	49839	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:44.948415995 CEST	443	49839	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:45.191025019 CEST	443	49839	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:45.191421032 CEST	49839	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:45.191482067 CEST	443	49839	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:45.191829920 CEST	443	49839	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:45.192152023 CEST	49839	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:45.192228079 CEST	443	49839	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:45.192388058 CEST	49839	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:45.192425013 CEST	443	49839	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:45.435247898 CEST	443	49839	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:45.435328007 CEST	443	49839	63.140.39.72	192.168.2.18
Apr 16, 2024 15:31:45.435394049 CEST	49839	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:45.436662912 CEST	49839	443	192.168.2.18	63.140.39.72
Apr 16, 2024 15:31:45.436676979 CEST	443	49839	63.140.39.72	192.168.2.18
Apr 16, 2024 15:32:05.467886925 CEST	49740	443	192.168.2.18	192.243.240.8
Apr 16, 2024 15:32:05.508126020 CEST	443	49740	192.243.240.8	192.168.2.18
Apr 16, 2024 15:32:06.250932932 CEST	49683	443	192.168.2.18	204.79.197.200
Apr 16, 2024 15:32:10.503568888 CEST	49893	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.503667116 CEST	443	49893	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.503808022 CEST	49893	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.504086018 CEST	49893	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.504136086 CEST	443	49893	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.720885038 CEST	443	49893	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.721227884 CEST	49893	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.721295118 CEST	443	49893	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.721765995 CEST	443	49893	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.722332001 CEST	49893	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.722421885 CEST	443	49893	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.722899914 CEST	49894	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.722938061 CEST	443	49894	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.723021984 CEST	49894	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.724503994 CEST	49895	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.724551916 CEST	443	49895	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.724625111 CEST	49895	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.724745035 CEST	49896	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.724777937 CEST	443	49896	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.724837065 CEST	49896	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.724889994 CEST	49893	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.725166082 CEST	49894	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.725183010 CEST	443	49894	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.725347996 CEST	49895	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.725369930 CEST	443	49895	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.725516081 CEST	49896	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.725534916 CEST	443	49896	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.772134066 CEST	443	49893	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.938050032 CEST	443	49895	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.938425064 CEST	49895	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.938455105 CEST	443	49895	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.938806057 CEST	443	49895	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.939120054 CEST	49895	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.939189911 CEST	443	49895	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.939281940 CEST	49895	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.939913034 CEST	443	49896	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.940197945 CEST	49896	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.940221071 CEST	443	49896	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.941111088 CEST	443	49896	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.941194057 CEST	49896	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.941458941 CEST	49896	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.941533089 CEST	443	49896	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.941610098 CEST	49896	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.941621065 CEST	443	49896	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.943842888 CEST	443	49894	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.944062948 CEST	49894	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.944082975 CEST	443	49894	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.945188046 CEST	443	49894	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.945468903 CEST	49894	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.945549011 CEST	49894	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.945640087 CEST	443	49894	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.962809086 CEST	443	49893	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.962876081 CEST	443	49893	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.963074923 CEST	49893	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.963112116 CEST	443	49893	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.965193987 CEST	443	49893	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.965326071 CEST	49893	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.965405941 CEST	49893	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.965425014 CEST	443	49893	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.984123945 CEST	443	49895	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:10.992904902 CEST	49896	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:10.992976904 CEST	49894	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.549954891 CEST	443	49896	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.550066948 CEST	49896	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.550084114 CEST	443	49896	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.550097942 CEST	443	49896	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.550143957 CEST	49896	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.551100969 CEST	49896	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.551115990 CEST	443	49896	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.552331924 CEST	49897	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.552370071 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.552489042 CEST	49897	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.552706003 CEST	49897	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.552716017 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.555999994 CEST	443	49894	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.556097031 CEST	49894	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.556180954 CEST	443	49894	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.556360960 CEST	443	49894	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.556415081 CEST	49894	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.556572914 CEST	49894	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.556590080 CEST	443	49894	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.556602001 CEST	49894	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.556642056 CEST	49894	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.603610039 CEST	443	49895	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.603723049 CEST	49895	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.603737116 CEST	443	49895	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.603792906 CEST	49895	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.604463100 CEST	49895	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.604484081 CEST	443	49895	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.604518890 CEST	49895	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.604536057 CEST	49895	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.769659042 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.770024061 CEST	49897	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.770062923 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.771182060 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.771523952 CEST	49897	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.771713018 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.772073030 CEST	49898	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.772125959 CEST	443	49898	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.772219896 CEST	49898	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.772342920 CEST	49899	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.772384882 CEST	443	49899	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.772450924 CEST	49897	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.772881985 CEST	49899	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.772883892 CEST	49898	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.772898912 CEST	443	49898	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.773078918 CEST	49899	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.773089886 CEST	443	49899	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.820116997 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.984255075 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.984381914 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.984505892 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.984525919 CEST	49897	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.984568119 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.984621048 CEST	49897	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.984628916 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.984682083 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.984841108 CEST	49897	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.985023975 CEST	49897	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.985039949 CEST	443	49897	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.985333920 CEST	443	49898	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.985354900 CEST	443	49899	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.985603094 CEST	49899	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.985616922 CEST	443	49899	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.985701084 CEST	49898	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.985729933 CEST	443	49898	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.985935926 CEST	443	49899	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.986048937 CEST	443	49898	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.986444950 CEST	49899	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.986498117 CEST	443	49899	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.987236023 CEST	49898	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.987310886 CEST	443	49898	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:11.987395048 CEST	49899	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:11.987441063 CEST	49898	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.028115034 CEST	443	49899	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.032123089 CEST	443	49898	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.127476931 CEST	49900	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.127574921 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.127731085 CEST	49900	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.128015995 CEST	49900	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.128043890 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.200704098 CEST	443	49899	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.200743914 CEST	443	49899	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.200783014 CEST	443	49899	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.200854063 CEST	443	49899	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.200884104 CEST	49899	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.200907946 CEST	49899	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.201097012 CEST	443	49898	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.201224089 CEST	443	49898	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.201287031 CEST	49898	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.201308012 CEST	443	49898	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.201503992 CEST	443	49898	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.201553106 CEST	49898	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.202147961 CEST	49899	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.202159882 CEST	443	49899	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.202919006 CEST	49898	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.202935934 CEST	443	49898	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.341564894 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.341855049 CEST	49900	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.341877937 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.342164040 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.342458010 CEST	49900	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.342520952 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.342859983 CEST	49901	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.342897892 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.342936039 CEST	49900	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.342967033 CEST	49901	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.343135118 CEST	49901	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.343147039 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.388114929 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.560551882 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.560934067 CEST	49901	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.560966969 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.561280966 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.561606884 CEST	49901	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.561659098 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.561738968 CEST	49901	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.589895964 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.590013027 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.590074062 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.590121984 CEST	49900	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.590142965 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.590202093 CEST	49900	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.594233990 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.595644951 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.595761061 CEST	49900	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.595833063 CEST	49900	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.595850945 CEST	443	49900	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.604151964 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.812426090 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.812473059 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.812500954 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.812551975 CEST	49901	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.812583923 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.812647104 CEST	49901	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.816492081 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.818080902 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:12.818141937 CEST	49901	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.818340063 CEST	49901	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:12.818360090 CEST	443	49901	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:29.456212997 CEST	49915	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:29.456285000 CEST	443	49915	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:29.456406116 CEST	49915	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:29.456700087 CEST	49915	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:29.456734896 CEST	443	49915	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:29.673273087 CEST	443	49915	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:29.673696041 CEST	49915	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:29.673728943 CEST	443	49915	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:29.674226999 CEST	443	49915	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:29.674619913 CEST	49915	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:29.674705029 CEST	443	49915	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:29.717767000 CEST	49915	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:39.683351994 CEST	443	49915	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:39.683404922 CEST	443	49915	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:39.683538914 CEST	49915	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:39.958383083 CEST	49915	443	192.168.2.18	64.233.177.103
Apr 16, 2024 15:32:39.958445072 CEST	443	49915	64.233.177.103	192.168.2.18
Apr 16, 2024 15:32:50.515853882 CEST	49740	443	192.168.2.18	192.243.240.8
Apr 16, 2024 15:32:50.515880108 CEST	443	49740	192.243.240.8	192.168.2.18

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 16, 2024 15:31:25.925879955 CEST	59303	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:25.926047087 CEST	59753	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:26.026818991 CEST	53	53343	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:26.085792065 CEST	53	50572	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:26.671415091 CEST	53	64633	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:29.405272007 CEST	56409	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:29.405401945 CEST	53465	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:29.509735107 CEST	53	53465	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:29.510257959 CEST	53	56409	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:31.243803978 CEST	57331	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:31.243952990 CEST	63050	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:34.287604094 CEST	55731	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:34.287983894 CEST	58552	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:34.392762899 CEST	53	58552	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:35.025859118 CEST	56365	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.025999069 CEST	59881	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.131727934 CEST	53	59881	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:35.312680960 CEST	49329	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.312828064 CEST	62095	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.365644932 CEST	53177	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.366009951 CEST	62030	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.374728918 CEST	54380	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.374895096 CEST	56686	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.455178976 CEST	53	49329	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:35.455939054 CEST	53	62095	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:35.480195045 CEST	53	56686	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:35.552339077 CEST	51007	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.552524090 CEST	53191	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.553016901 CEST	49737	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.553143978 CEST	59897	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.658781052 CEST	53	59897	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:35.681814909 CEST	61266	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.681953907 CEST	58469	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.705873966 CEST	53	53191	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:35.788794041 CEST	53	58469	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:35.837938070 CEST	49203	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:35.838103056 CEST	64006	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:36.505142927 CEST	53	56169	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:36.556715012 CEST	54257	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:36.556854010 CEST	52820	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:39.658107042 CEST	61563	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:39.658250093 CEST	52342	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:39.763365984 CEST	53	52342	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:40.359215975 CEST	56398	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:40.359354019 CEST	59671	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:40.359656096 CEST	55614	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:40.359766960 CEST	61451	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:40.464015007 CEST	53	56398	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:40.464554071 CEST	53	59671	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:41.374938965 CEST	53234	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:41.375181913 CEST	49491	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:41.479859114 CEST	53	49491	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:42.346245050 CEST	54583	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:42.346401930 CEST	64603	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:42.451673985 CEST	53	54583	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:42.451809883 CEST	53	64603	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:43.418579102 CEST	49599	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:43.418724060 CEST	56803	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:43.523077011 CEST	53	56803	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:43.523300886 CEST	53	49599	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:43.638581991 CEST	53	52222	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:43.919060946 CEST	61308	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:43.919264078 CEST	62753	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:44.024262905 CEST	53	61308	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:44.041536093 CEST	53	62753	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:48.362307072 CEST	53380	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:48.362453938 CEST	54947	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:48.466962099 CEST	53	54947	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:50.586711884 CEST	52979	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:50.586843967 CEST	59946	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:50.691654921 CEST	53	59946	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:51.048657894 CEST	61632	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:51.048795938 CEST	55410	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:51.154182911 CEST	53	55410	1.1.1.1	192.168.2.18
Apr 16, 2024 15:31:51.743927002 CEST	54173	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:51.744055986 CEST	61088	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:31:51.851041079 CEST	53	61088	1.1.1.1	192.168.2.18
Apr 16, 2024 15:32:02.362281084 CEST	53	61658	1.1.1.1	192.168.2.18
Apr 16, 2024 15:32:10.219791889 CEST	138	138	192.168.2.18	192.168.2.255
Apr 16, 2024 15:32:25.343492031 CEST	53	55852	1.1.1.1	192.168.2.18
Apr 16, 2024 15:32:26.030253887 CEST	53	64064	1.1.1.1	192.168.2.18
Apr 16, 2024 15:32:34.470742941 CEST	61179	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:32:34.470968962 CEST	59764	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:32:34.576095104 CEST	53	59764	1.1.1.1	192.168.2.18
Apr 16, 2024 15:32:35.180624008 CEST	63597	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:32:35.180876017 CEST	50283	53	192.168.2.18	1.1.1.1
Apr 16, 2024 15:32:35.286135912 CEST	53	50283	1.1.1.1	192.168.2.18
Apr 16, 2024 15:32:54.713613033 CEST	53	50883	1.1.1.1	192.168.2.18

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 16, 2024 15:31:35.705939054 CEST	192.168.2.18	1.1.1.1	c26e	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 16, 2024 15:31:25.925879955 CEST	192.168.2.18	1.1.1.1	0x3076	Standard query (0)	global.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:25.926047087 CEST	192.168.2.18	1.1.1.1	0xceb3	Standard query (0)	global.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:29.405272007 CEST	192.168.2.18	1.1.1.1	0xda14	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:29.405401945 CEST	192.168.2.18	1.1.1.1	0x3ff1	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:31.243803978 CEST	192.168.2.18	1.1.1.1	0xf6be	Standard query (0)	www.aexp-static.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:31.243952990 CEST	192.168.2.18	1.1.1.1	0x95aa	Standard query (0)	www.aexp-static.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:34.287604094 CEST	192.168.2.18	1.1.1.1	0xae89	Standard query (0)	dynatracepsg.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:34.287983894 CEST	192.168.2.18	1.1.1.1	0x58f1	Standard query (0)	dynatracepsg.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:35.025859118 CEST	192.168.2.18	1.1.1.1	0xb154	Standard query (0)	dynatracepsg.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:35.025999069 CEST	192.168.2.18	1.1.1.1	0x8af4	Standard query (0)	dynatracepsg.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:35.312680960 CEST	192.168.2.18	1.1.1.1	0x7e95	Standard query (0)	sp100500b5.guided.ss-omtrdc.net	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:35.312828064 CEST	192.168.2.18	1.1.1.1	0x3093	Standard query (0)	sp100500b5.guided.ss-omtrdc.net	65	IN (0x0001)	false
Apr 16, 2024 15:31:35.365644932 CEST	192.168.2.18	1.1.1.1	0xa964	Standard query (0)	one-xp.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:35.366009951 CEST	192.168.2.18	1.1.1.1	0xaada	Standard query (0)	one-xp.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:35.374728918 CEST	192.168.2.18	1.1.1.1	0x3705	Standard query (0)	functions.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:35.374895096 CEST	192.168.2.18	1.1.1.1	0xc308	Standard query (0)	functions.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:35.552339077 CEST	192.168.2.18	1.1.1.1	0x53dc	Standard query (0)	graph.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:35.552524090 CEST	192.168.2.18	1.1.1.1	0x42c2	Standard query (0)	graph.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:35.553016901 CEST	192.168.2.18	1.1.1.1	0x3f8a	Standard query (0)	inbound.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:35.553143978 CEST	192.168.2.18	1.1.1.1	0x1a64	Standard query (0)	inbound.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:35.681814909 CEST	192.168.2.18	1.1.1.1	0xe6e8	Standard query (0)	mycaoneslinger.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:35.681953907 CEST	192.168.2.18	1.1.1.1	0xa91b	Standard query (0)	mycaoneslinger.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:35.837938070 CEST	192.168.2.18	1.1.1.1	0x23d	Standard query (0)	www.aexp-static.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:35.838103056 CEST	192.168.2.18	1.1.1.1	0xeb26	Standard query (0)	www.aexp-static.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:36.556715012 CEST	192.168.2.18	1.1.1.1	0xe0c9	Standard query (0)	one-xp.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:36.556854010 CEST	192.168.2.18	1.1.1.1	0x7c18	Standard query (0)	one-xp.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:39.658107042 CEST	192.168.2.18	1.1.1.1	0xebe3	Standard query (0)	functions.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:39.658250093 CEST	192.168.2.18	1.1.1.1	0xf09d	Standard query (0)	functions.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:40.359215975 CEST	192.168.2.18	1.1.1.1	0x7415	Standard query (0)	omns.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:40.359354019 CEST	192.168.2.18	1.1.1.1	0xd946	Standard query (0)	omns.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:40.359656096 CEST	192.168.2.18	1.1.1.1	0x3c77	Standard query (0)	assets.adobedtm.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:40.359766960 CEST	192.168.2.18	1.1.1.1	0x345d	Standard query (0)	assets.adobedtm.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:41.374938965 CEST	192.168.2.18	1.1.1.1	0xdb58	Standard query (0)	iwmapapi.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:41.375181913 CEST	192.168.2.18	1.1.1.1	0xac3	Standard query (0)	iwmapapi.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:42.346245050 CEST	192.168.2.18	1.1.1.1	0x9b42	Standard query (0)	dpm.demdex.net	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:42.346401930 CEST	192.168.2.18	1.1.1.1	0xf934	Standard query (0)	dpm.demdex.net	65	IN (0x0001)	false
Apr 16, 2024 15:31:43.418579102 CEST	192.168.2.18	1.1.1.1	0x7d4b	Standard query (0)	dpm.demdex.net	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:43.418724060 CEST	192.168.2.18	1.1.1.1	0x1874	Standard query (0)	dpm.demdex.net	65	IN (0x0001)	false
Apr 16, 2024 15:31:43.919060946 CEST	192.168.2.18	1.1.1.1	0x7cbe	Standard query (0)	omns.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:43.919264078 CEST	192.168.2.18	1.1.1.1	0x748d	Standard query (0)	omns.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:48.362307072 CEST	192.168.2.18	1.1.1.1	0x6b8e	Standard query (0)	siteintercept.qualtrics.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:48.362453938 CEST	192.168.2.18	1.1.1.1	0x27b9	Standard query (0)	siteintercept.qualtrics.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:50.586711884 CEST	192.168.2.18	1.1.1.1	0x5fa7	Standard query (0)	apigw.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:50.586843967 CEST	192.168.2.18	1.1.1.1	0x9ad7	Standard query (0)	apigw.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:51.048657894 CEST	192.168.2.18	1.1.1.1	0x9cab	Standard query (0)	siteintercept.qualtrics.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:51.048795938 CEST	192.168.2.18	1.1.1.1	0x1087	Standard query (0)	siteintercept.qualtrics.com	65	IN (0x0001)	false
Apr 16, 2024 15:31:51.743927002 CEST	192.168.2.18	1.1.1.1	0x3167	Standard query (0)	apigw.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:51.744055986 CEST	192.168.2.18	1.1.1.1	0x2255	Standard query (0)	apigw.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:32:34.470742941 CEST	192.168.2.18	1.1.1.1	0x319	Standard query (0)	dynatracepsg.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:32:34.470968962 CEST	192.168.2.18	1.1.1.1	0xa881	Standard query (0)	dynatracepsg.americanexpress.com	65	IN (0x0001)	false
Apr 16, 2024 15:32:35.180624008 CEST	192.168.2.18	1.1.1.1	0x9d57	Standard query (0)	dynatracepsg.americanexpress.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:32:35.180876017 CEST	192.168.2.18	1.1.1.1	0xff70	Standard query (0)	dynatracepsg.americanexpress.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 16, 2024 15:31:26.030927896 CEST	1.1.1.1	192.168.2.18	0x3076	No error (0)	global.americanexpress.com	global1.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:26.032582998 CEST	1.1.1.1	192.168.2.18	0xceb3	No error (0)	global.americanexpress.com	global1.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:29.509735107 CEST	1.1.1.1	192.168.2.18	0x3ff1	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 16, 2024 15:31:29.510257959 CEST	1.1.1.1	192.168.2.18	0xda14	No error (0)	www.google.com		64.233.177.103	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:29.510257959 CEST	1.1.1.1	192.168.2.18	0xda14	No error (0)	www.google.com		64.233.177.99	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:29.510257959 CEST	1.1.1.1	192.168.2.18	0xda14	No error (0)	www.google.com		64.233.177.105	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:29.510257959 CEST	1.1.1.1	192.168.2.18	0xda14	No error (0)	www.google.com		64.233.177.147	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:29.510257959 CEST	1.1.1.1	192.168.2.18	0xda14	No error (0)	www.google.com		64.233.177.104	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:29.510257959 CEST	1.1.1.1	192.168.2.18	0xda14	No error (0)	www.google.com		64.233.177.106	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:31.348432064 CEST	1.1.1.1	192.168.2.18	0x95aa	No error (0)	www.aexp-static.com	www.aexp-static.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:31.350038052 CEST	1.1.1.1	192.168.2.18	0xf6be	No error (0)	www.aexp-static.com	www.aexp-static.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:34.392014027 CEST	1.1.1.1	192.168.2.18	0xae89	No error (0)	dynatracepsg.americanexpress.com	dynatracepsg.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:34.392762899 CEST	1.1.1.1	192.168.2.18	0x58f1	No error (0)	dynatracepsg.americanexpress.com	dynatracepsg.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.131176949 CEST	1.1.1.1	192.168.2.18	0xb154	No error (0)	dynatracepsg.americanexpress.com	dynatracepsg.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.131727934 CEST	1.1.1.1	192.168.2.18	0x8af4	No error (0)	dynatracepsg.americanexpress.com	dynatracepsg.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.455178976 CEST	1.1.1.1	192.168.2.18	0x7e95	No error (0)	sp100500b5.guided.ss-omtrdc.net	commerce.ss-omtrdc.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.455178976 CEST	1.1.1.1	192.168.2.18	0x7e95	No error (0)	commerce.ss-omtrdc.net		192.243.240.8	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:35.455939054 CEST	1.1.1.1	192.168.2.18	0x3093	No error (0)	sp100500b5.guided.ss-omtrdc.net	commerce.ss-omtrdc.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.470839977 CEST	1.1.1.1	192.168.2.18	0xa964	No error (0)	one-xp.americanexpress.com	one-xp.americanexpress.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.471643925 CEST	1.1.1.1	192.168.2.18	0xaada	No error (0)	one-xp.americanexpress.com	one-xp.americanexpress.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.480195045 CEST	1.1.1.1	192.168.2.18	0xc308	No error (0)	functions.americanexpress.com	functions.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.480288982 CEST	1.1.1.1	192.168.2.18	0x3705	No error (0)	functions.americanexpress.com	functions.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.657951117 CEST	1.1.1.1	192.168.2.18	0x53dc	No error (0)	graph.americanexpress.com	graph.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.658781052 CEST	1.1.1.1	192.168.2.18	0x1a64	No error (0)	inbound.americanexpress.com	inbound.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.705688000 CEST	1.1.1.1	192.168.2.18	0x3f8a	No error (0)	inbound.americanexpress.com	inbound.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.705873966 CEST	1.1.1.1	192.168.2.18	0x42c2	No error (0)	graph.americanexpress.com	graph.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.788091898 CEST	1.1.1.1	192.168.2.18	0xe6e8	No error (0)	mycaoneslinger.americanexpress.com	mycaoneslinger.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.788794041 CEST	1.1.1.1	192.168.2.18	0xa91b	No error (0)	mycaoneslinger.americanexpress.com	mycaoneslinger.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.944744110 CEST	1.1.1.1	192.168.2.18	0x23d	No error (0)	www.aexp-static.com	www.aexp-static.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:35.945662975 CEST	1.1.1.1	192.168.2.18	0xeb26	No error (0)	www.aexp-static.com	www.aexp-static.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:36.662542105 CEST	1.1.1.1	192.168.2.18	0x7c18	No error (0)	one-xp.americanexpress.com	one-xp.americanexpress.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:36.662657022 CEST	1.1.1.1	192.168.2.18	0xe0c9	No error (0)	one-xp.americanexpress.com	one-xp.americanexpress.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:39.763365984 CEST	1.1.1.1	192.168.2.18	0xf09d	No error (0)	functions.americanexpress.com	functions.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:39.763540030 CEST	1.1.1.1	192.168.2.18	0xebe3	No error (0)	functions.americanexpress.com	functions.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464015007 CEST	1.1.1.1	192.168.2.18	0x7415	No error (0)	omns.americanexpress.com	americanexpress.com.ssl.d2.sc.omtrdc.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464015007 CEST	1.1.1.1	192.168.2.18	0x7415	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.38.236	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464015007 CEST	1.1.1.1	192.168.2.18	0x7415	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.38.132	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464015007 CEST	1.1.1.1	192.168.2.18	0x7415	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.39.65	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464015007 CEST	1.1.1.1	192.168.2.18	0x7415	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.38.112	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464015007 CEST	1.1.1.1	192.168.2.18	0x7415	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.39.82	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464015007 CEST	1.1.1.1	192.168.2.18	0x7415	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.39.93	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464015007 CEST	1.1.1.1	192.168.2.18	0x7415	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.38.91	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464015007 CEST	1.1.1.1	192.168.2.18	0x7415	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.39.150	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464015007 CEST	1.1.1.1	192.168.2.18	0x7415	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.39.9	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464015007 CEST	1.1.1.1	192.168.2.18	0x7415	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.38.217	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464031935 CEST	1.1.1.1	192.168.2.18	0x345d	No error (0)	assets.adobedtm.com	cn-assets.adobedtm.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464541912 CEST	1.1.1.1	192.168.2.18	0x3c77	No error (0)	assets.adobedtm.com	cn-assets.adobedtm.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:40.464554071 CEST	1.1.1.1	192.168.2.18	0xd946	No error (0)	omns.americanexpress.com	americanexpress.com.ssl.d2.sc.omtrdc.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:41.479434013 CEST	1.1.1.1	192.168.2.18	0xdb58	No error (0)	iwmapapi.americanexpress.com	iwmapapi.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:41.479859114 CEST	1.1.1.1	192.168.2.18	0xac3	No error (0)	iwmapapi.americanexpress.com	iwmapapi.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451673985 CEST	1.1.1.1	192.168.2.18	0x9b42	No error (0)	dpm.demdex.net	gslb-2.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451673985 CEST	1.1.1.1	192.168.2.18	0x9b42	No error (0)	gslb-2.demdex.net	edge-va6.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451673985 CEST	1.1.1.1	192.168.2.18	0x9b42	No error (0)	edge-va6.demdex.net	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451673985 CEST	1.1.1.1	192.168.2.18	0x9b42	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		52.4.85.254	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451673985 CEST	1.1.1.1	192.168.2.18	0x9b42	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		44.206.98.23	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451673985 CEST	1.1.1.1	192.168.2.18	0x9b42	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		54.82.211.88	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451673985 CEST	1.1.1.1	192.168.2.18	0x9b42	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		52.203.68.60	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451673985 CEST	1.1.1.1	192.168.2.18	0x9b42	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		52.202.174.146	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451673985 CEST	1.1.1.1	192.168.2.18	0x9b42	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		18.213.234.13	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451673985 CEST	1.1.1.1	192.168.2.18	0x9b42	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		34.197.186.181	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451673985 CEST	1.1.1.1	192.168.2.18	0x9b42	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		3.226.6.54	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451809883 CEST	1.1.1.1	192.168.2.18	0xf934	No error (0)	dpm.demdex.net	gslb-2.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451809883 CEST	1.1.1.1	192.168.2.18	0xf934	No error (0)	gslb-2.demdex.net	edge-va6.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:42.451809883 CEST	1.1.1.1	192.168.2.18	0xf934	No error (0)	edge-va6.demdex.net	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523077011 CEST	1.1.1.1	192.168.2.18	0x1874	No error (0)	dpm.demdex.net	gslb-2.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523077011 CEST	1.1.1.1	192.168.2.18	0x1874	No error (0)	gslb-2.demdex.net	edge-va6.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523077011 CEST	1.1.1.1	192.168.2.18	0x1874	No error (0)	edge-va6.demdex.net	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523300886 CEST	1.1.1.1	192.168.2.18	0x7d4b	No error (0)	dpm.demdex.net	gslb-2.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523300886 CEST	1.1.1.1	192.168.2.18	0x7d4b	No error (0)	gslb-2.demdex.net	edge-va6.demdex.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523300886 CEST	1.1.1.1	192.168.2.18	0x7d4b	No error (0)	edge-va6.demdex.net	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523300886 CEST	1.1.1.1	192.168.2.18	0x7d4b	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		3.223.253.145	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523300886 CEST	1.1.1.1	192.168.2.18	0x7d4b	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		18.205.173.75	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523300886 CEST	1.1.1.1	192.168.2.18	0x7d4b	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		54.84.50.246	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523300886 CEST	1.1.1.1	192.168.2.18	0x7d4b	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		18.209.183.206	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523300886 CEST	1.1.1.1	192.168.2.18	0x7d4b	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		18.233.26.246	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523300886 CEST	1.1.1.1	192.168.2.18	0x7d4b	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		18.209.132.238	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523300886 CEST	1.1.1.1	192.168.2.18	0x7d4b	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		52.44.150.149	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:43.523300886 CEST	1.1.1.1	192.168.2.18	0x7d4b	No error (0)	dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com		54.156.60.65	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:44.024262905 CEST	1.1.1.1	192.168.2.18	0x7cbe	No error (0)	omns.americanexpress.com	americanexpress.com.ssl.d2.sc.omtrdc.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:44.024262905 CEST	1.1.1.1	192.168.2.18	0x7cbe	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.39.72	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:44.024262905 CEST	1.1.1.1	192.168.2.18	0x7cbe	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.39.22	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:44.024262905 CEST	1.1.1.1	192.168.2.18	0x7cbe	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.38.55	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:44.024262905 CEST	1.1.1.1	192.168.2.18	0x7cbe	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.39.248	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:44.024262905 CEST	1.1.1.1	192.168.2.18	0x7cbe	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.39.240	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:44.024262905 CEST	1.1.1.1	192.168.2.18	0x7cbe	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.39.130	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:44.024262905 CEST	1.1.1.1	192.168.2.18	0x7cbe	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.38.210	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:44.024262905 CEST	1.1.1.1	192.168.2.18	0x7cbe	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.39.35	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:44.024262905 CEST	1.1.1.1	192.168.2.18	0x7cbe	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.38.111	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:44.024262905 CEST	1.1.1.1	192.168.2.18	0x7cbe	No error (0)	americanexpress.com.ssl.d2.sc.omtrdc.net		63.140.39.224	A (IP address)	IN (0x0001)	false
Apr 16, 2024 15:31:44.041536093 CEST	1.1.1.1	192.168.2.18	0x748d	No error (0)	omns.americanexpress.com	americanexpress.com.ssl.d2.sc.omtrdc.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:48.466962099 CEST	1.1.1.1	192.168.2.18	0x27b9	No error (0)	siteintercept.qualtrics.com	siteintercept.qprod2.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:48.466962099 CEST	1.1.1.1	192.168.2.18	0x27b9	No error (0)	siteintercept.qprod2.net	prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:48.468208075 CEST	1.1.1.1	192.168.2.18	0x6b8e	No error (0)	siteintercept.qualtrics.com	siteintercept.qprod2.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:48.468208075 CEST	1.1.1.1	192.168.2.18	0x6b8e	No error (0)	siteintercept.qprod2.net	prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:50.691587925 CEST	1.1.1.1	192.168.2.18	0x5fa7	No error (0)	apigw.americanexpress.com	apigw.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:50.691654921 CEST	1.1.1.1	192.168.2.18	0x9ad7	No error (0)	apigw.americanexpress.com	apigw.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:51.153264046 CEST	1.1.1.1	192.168.2.18	0x9cab	No error (0)	siteintercept.qualtrics.com	siteintercept.qprod2.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:51.153264046 CEST	1.1.1.1	192.168.2.18	0x9cab	No error (0)	siteintercept.qprod2.net	prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:51.154182911 CEST	1.1.1.1	192.168.2.18	0x1087	No error (0)	siteintercept.qualtrics.com	siteintercept.qprod2.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:51.154182911 CEST	1.1.1.1	192.168.2.18	0x1087	No error (0)	siteintercept.qprod2.net	prodlb.siteintercept.qualtrics.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:51.851041079 CEST	1.1.1.1	192.168.2.18	0x2255	No error (0)	apigw.americanexpress.com	apigw.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:31:51.851178885 CEST	1.1.1.1	192.168.2.18	0x3167	No error (0)	apigw.americanexpress.com	apigw.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:32:34.576095104 CEST	1.1.1.1	192.168.2.18	0xa881	No error (0)	dynatracepsg.americanexpress.com	dynatracepsg.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:32:34.576174974 CEST	1.1.1.1	192.168.2.18	0x319	No error (0)	dynatracepsg.americanexpress.com	dynatracepsg.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:32:35.286135912 CEST	1.1.1.1	192.168.2.18	0xff70	No error (0)	dynatracepsg.americanexpress.com	dynatracepsg.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 15:32:35.286156893 CEST	1.1.1.1	192.168.2.18	0x9d57	No error (0)	dynatracepsg.americanexpress.com	dynatracepsg.americanexpress.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

slscr.update.microsoft.com

fs.microsoft.com

dpm.demdex.net

omns.americanexpress.com

www.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.18	49693	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:30:54 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=s+M7GxcDtlbET9Y&MD=DFrtxrWu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-16 13:30:54 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 367bbc7c-e2ba-4f5d-b0aa-317a35bc0910 MS-RequestId: d3c85b8f-c6c7-4eab-a4de-2da89cb5b49b MS-CV: 21NHXi/06U+NlqYr.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 16 Apr 2024 13:30:53 GMT Connection: close Content-Length: 24490
2024-04-16 13:30:54 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-16 13:30:54 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.18	49697	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:30:56 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-16 13:30:56 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=149603 Date: Tue, 16 Apr 2024 13:30:56 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.18	49698	184.31.62.93	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:30:57 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-16 13:30:57 UTC	805	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 52EA27DBDE0C4533B819423583F6692E Ref B: CH1AA2040902052 Ref C: 2023-07-09T23:10:08Z X-MSEdge-Ref: Ref A: 528BB8D443C042AA9AEA4EC3F75C7762 Ref B: CHI30EDGE0111 Ref C: 2023-07-09T23:11:11Z Content-Type: application/octet-stream X-Azure-Ref: 01uvbYwAAAACkqWtaEMjWQL/4cpisZkorTUVNMzBFREdFMDgxMQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=149539 Date: Tue, 16 Apr 2024 13:30:57 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-16 13:30:57 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.18	49705	52.165.165.26	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:31:31 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=s+M7GxcDtlbET9Y&MD=DFrtxrWu HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-16 13:31:31 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 7cba255d-4a1a-4b8f-abd4-0dd9d92465c7 MS-RequestId: cde52a2d-0e86-4f3f-aadd-2cd1460c2322 MS-CV: I4u8hdt6JUeCAcbc.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 16 Apr 2024 13:31:31 GMT Connection: close Content-Length: 25457
2024-04-16 13:31:31 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-16 13:31:31 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.18	49821	52.4.85.254	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:31:42 UTC	705	OUT	GET /id?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1713274301023 HTTP/1.1 Host: dpm.demdex.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://global.americanexpress.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 13:31:42 UTC	960	IN	HTTP/1.1 302 Found Date: Tue, 16 Apr 2024 13:31:42 GMT Content-Length: 0 Connection: close X-TID: JTJ93zMuT/c= Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 UTC P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin: https://global.americanexpress.com Vary: Origin Access-Control-Allow-Credentials: true Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1713274301023 DCS: dcs-prod-va6-2-v059-0d2e9badc.edge-va6.demdex.com 0 ms set-cookie: demdex=14639981717196152352028843229767243559; Max-Age=15552000; Expires=Sun, 13 Oct 2024 13:31:42 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.18	49825	52.4.85.254	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:31:43 UTC	763	OUT	GET /id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1713274301023 HTTP/1.1 Host: dpm.demdex.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://global.americanexpress.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: demdex=14639981717196152352028843229767243559
2024-04-16 13:31:43 UTC	829	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 13:31:43 GMT Content-Type: application/json;charset=utf-8 Content-Length: 213 Connection: close X-TID: 5MOQdDz1SuA= Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 UTC P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" Access-Control-Allow-Origin: https://global.americanexpress.com Vary: Origin Access-Control-Allow-Credentials: true DCS: dcs-prod-va6-1-v059-07965ed7b.edge-va6.demdex.com 4 ms set-cookie: demdex=14639981717196152352028843229767243559; Max-Age=15552000; Expires=Sun, 13 Oct 2024 13:31:43 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
2024-04-16 13:31:43 UTC	213	IN	Data Raw: 7b 22 64 5f 6d 69 64 22 3a 22 31 34 34 38 33 36 38 35 34 39 30 30 31 31 30 33 32 34 33 32 30 34 38 39 37 38 36 35 31 31 33 32 37 31 31 38 35 35 22 2c 22 69 64 5f 73 79 6e 63 5f 74 74 6c 22 3a 36 30 34 38 30 30 2c 22 64 5f 62 6c 6f 62 22 3a 22 52 4b 68 70 52 7a 38 6b 72 67 32 74 4c 4f 36 70 67 75 58 57 70 35 6f 6c 6b 41 63 55 6e 69 51 59 50 48 61 4d 57 57 67 64 4a 33 78 7a 50 57 51 6d 64 6a 30 79 22 2c 22 64 63 73 5f 72 65 67 69 6f 6e 22 3a 37 2c 22 64 5f 6f 74 74 6c 22 3a 37 32 30 30 2c 22 69 62 73 22 3a 5b 5d 2c 22 73 75 62 64 6f 6d 61 69 6e 22 3a 22 61 65 78 70 22 2c 22 74 69 64 22 3a 22 35 4d 4f 51 64 44 7a 31 53 75 41 3d 22 7d Data Ascii: {"d_mid":"14483685490011032432048978651132711855","id_sync_ttl":604800,"d_blob":"RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y","dcs_region":7,"d_ottl":7200,"ibs":[],"subdomain":"aexp","tid":"5MOQdDz1SuA="}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.18	49827	63.140.38.236	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:31:43 UTC	2639	OUT	GET /id?d_visid_ver=5.0.0&d_fieldgroup=A&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&mid=14483685490011032432048978651132711855&ts=1713274302100 HTTP/1.1 Host: omns.americanexpress.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: / Origin: https://global.americanexpress.com Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS0114bdae=0144d4a839586b141b989af62e52371e6fc307f9d3a5061f1757c48d9180280c953015a6c6dc95d5b236407f09d657189c894cb579; agent-id=75ae5b53-68cf-4749-8f79-9c43a50fd031; bm_sz=6F6A31595189F7CEAF8A71424DC072A4~YAAQT2gBF03jz8qOAQAA+PQa5xdLqqvmjQo3qql/RSrk+NqgjmVtGRIpJ5fdyCwxL0VXYKaP3pbR9g9uEQWh5UXeVA9Y7V1m7P4NNPA2wKeGfYWBW+KWNGyMZxqUZSy9uAImtIyhIACEkuWppPtqSOdH4vOm1jvnIpZNwdjJ40gWe4OdNk+2mZF9LZGpSPN5W63KHWQIvJ4iH5vJLvoAaS+w4fiJUQj52oL6gxC2RBjBKPwxow2vambX2wX+CPZjRLt4NZMtr+f2bbmARnFCo/v3eRsPyS0JH12rulCjsr5LIQPNrvwt3MBukJtjlim+A82Bo9I2DgrIS9B1+gITDv42IX5px8tCUDTbVR2J6Yk61l/LMCVXt34MUCVLH7mYt71W1ejDyL4Ow4Ls~3293761~4342328; rxVisitor=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A; dtLatC=509; dtSa=-; dtCookie=v_4_srv_104_sn_D31AC96E3DF032551F710E6D44416A15_app-3Af32f70c4a19cb7f4_1_ol_0_perc_100000_mul_1_rcs-3Acss_0; _abck=AD827B41E34AB180244EB157C2E73EBF~0~YAAQUGgBFxym8NWOAQAAohcb5wu2ZGB60GcxQTa+6qpnA6FyqN4LrC5qrO0RImU4BIA5aiW5kpMSaiSyndfm39JpVX1S9C5VrOKKlePm9qqeBP9bYW6Iy7qKpBsP3xUYB36lvGG30+nKugXF2BlliLDzfCwaXSu1mXM8QrQC/1pLZU9IMUL+Xd7YLjPlWK7R8OkqushCcrWmU0Z8UNvySw6H36ckn7kVb74EibUOlgNgtg3l8YqVIigkF1WhtKEz6PsqbZ8oa/aADoHU3xYQBLcjAXjQkb8zA7V6/swvOTxG9IFfROLdI5inH5Ekc1pUAyTn1mvUZihn7Z+D5+RQBw6w7sE/nU7wgoFoU8sLmvC19Zmav3geNzaUhXZ5j7rF/R3U84iksSTiDDNRG6kw2MqWYlSBD4zoUiPFl9c7ypAI~-1~-1~-1; rxvt=1713276099040\|1713274290940; dtPC=$274290934_630h-vCCRUAIBSCBAUJCNRSUGTAFBDWCRAFKQA-0e0; s_pers=%20s_tslv%3D1713274301817%7C1776346301817%3B; s_sess=%20s_tp%3D1568%3B%20s_ppv%3Dus%25257Coneamex%25257Cser%25257Chelp%252C58%252C58%252C907%3B%20omn_extlink%3Dus-em-serv-footer-helpcenter%3B%20omn_inav%3DiNUtlContact%3B; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C14483685490011032432048978651132711855%7CMCAAMLH-1713879102%7C7%7CMCAAMB-1713879102%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1713281502s%7CNONE%7CvVersion%7C5.0.0
2024-04-16 13:31:43 UTC	699	IN	HTTP/1.1 200 OK access-control-allow-origin: https://global.americanexpress.com access-control-allow-credentials: true date: Tue, 16 Apr 2024 13:31:43 GMT p3p: CP="This is not a P3P policy" server: jag set-cookie: s_ecid=MCMID%7C14483685490011032432048978651132711855; Path=/; Domain=americanexpress.com; Max-Age=63072000; Expires=Thu, 16 Apr 2026 13:31:31 GMT; SameSite=None; Secure vary: Origin content-type: application/x-javascript;charset=utf-8 content-length: 48 strict-transport-security: max-age=31536000; includeSubDomains cache-control: no-cache, no-store, max-age=0, no-transform, private x-xss-protection: 1; mode=block x-content-type-options: nosniff connection: close
2024-04-16 13:31:43 UTC	48	IN	Data Raw: 7b 22 6d 69 64 22 3a 22 31 34 34 38 33 36 38 35 34 39 30 30 31 31 30 33 32 34 33 32 30 34 38 39 37 38 36 35 31 31 33 32 37 31 31 38 35 35 22 7d Data Ascii: {"mid":"14483685490011032432048978651132711855"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.18	49828	3.223.253.145	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:31:43 UTC	534	OUT	GET /id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1713274301023 HTTP/1.1 Host: dpm.demdex.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: demdex=14639981717196152352028843229767243559
2024-04-16 13:31:44 UTC	710	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 13:31:43 GMT Content-Type: application/json;charset=utf-8 Content-Length: 213 Connection: close X-TID: 6wPeV59NTVw= Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 UTC P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" DCS: dcs-prod-va6-2-v059-062ca503c.edge-va6.demdex.com 2 ms set-cookie: demdex=14639981717196152352028843229767243559; Max-Age=15552000; Expires=Sun, 13 Oct 2024 13:31:43 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
2024-04-16 13:31:44 UTC	213	IN	Data Raw: 7b 22 64 5f 6d 69 64 22 3a 22 31 34 34 38 33 36 38 35 34 39 30 30 31 31 30 33 32 34 33 32 30 34 38 39 37 38 36 35 31 31 33 32 37 31 31 38 35 35 22 2c 22 69 64 5f 73 79 6e 63 5f 74 74 6c 22 3a 36 30 34 38 30 30 2c 22 64 5f 62 6c 6f 62 22 3a 22 52 4b 68 70 52 7a 38 6b 72 67 32 74 4c 4f 36 70 67 75 58 57 70 35 6f 6c 6b 41 63 55 6e 69 51 59 50 48 61 4d 57 57 67 64 4a 33 78 7a 50 57 51 6d 64 6a 30 79 22 2c 22 64 63 73 5f 72 65 67 69 6f 6e 22 3a 37 2c 22 64 5f 6f 74 74 6c 22 3a 37 32 30 30 2c 22 69 62 73 22 3a 5b 5d 2c 22 73 75 62 64 6f 6d 61 69 6e 22 3a 22 61 65 78 70 22 2c 22 74 69 64 22 3a 22 36 77 50 65 56 35 39 4e 54 56 77 3d 22 7d Data Ascii: {"d_mid":"14483685490011032432048978651132711855","id_sync_ttl":604800,"d_blob":"RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y","dcs_region":7,"d_ottl":7200,"ibs":[],"subdomain":"aexp","tid":"6wPeV59NTVw="}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.18	49831	63.140.38.236	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:31:44 UTC	4434	OUT	GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s6959995791769?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A31%3A42%202%20-120&mid=14483685490011032432048978651132711855&aamlh=7&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7Chelp&g=https%3A%2F%2Fglobal.americanexpress.com%2Fhelp%3Finav%3DiNUtlContact%26extlink%3Dus-em-serv-footer-helpcenter%26extlink%3Dus-em-serv-footer-helpcenter%26&c.&visitorCheck=VisitorAPI%20Present&cm.&ssf=1&.cm&omn.&lob=ser&country=us&language=en&extlink=us-em-serv-footer-helpcenter&inav=iNUtlContact&.omn&.c&h.&architecture=x86&bitness=64&platformVersion=10.0.0&.h&cc=USD&server=global.americanexpress.com&v0=extlink%3Dus-em-serv-footer-helpcenter&events=event140%2Cevent45&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&h1=us%7Coneamex%7Cser&c3=en&c4=US&c6=D%3Dv6&v8=iNUtlContact&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c19=US%7Coneamex%7Cser&v21=US%3ALegacy%20Non-Search&c24=US%7Coneamex%7Cser&v27=US&c30=US%7Coneamex%7Cser&c31=US&c38=US%7Coneamex%7Cser&c43=New%20Visitor&c44=D%3Dv44&v45=prospect&c46=DLS%20Navigation&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c50=non-authenticated&c56=oneamex%3Adesktop&v60=1280&v61=landscape&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v71=us%7Coneamex%7Cser%7Chelp&v72=n%2Fa&v74=us%7Coneamex%7Cser%7Chelp&c75=Launch&v75=14483685490011032432048978651132711855&v94=D%3Dagent-id&v140=UCM%3A%20en-US%7C%20docEle%3A%20en-US%7C&v142=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1 Host: omns.americanexpress.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS0114bdae=0144d4a839586b141b989af62e52371e6fc307f9d3a5061f1757c48d9180280c953015a6c6dc95d5b236407f09d657189c894cb579; agent-id=75ae5b53-68cf-4749-8f79-9c43a50fd031; bm_sz=6F6A31595189F7CEAF8A71424DC072A4~YAAQT2gBF03jz8qOAQAA+PQa5xdLqqvmjQo3qql/RSrk+NqgjmVtGRIpJ5fdyCwxL0VXYKaP3pbR9g9uEQWh5UXeVA9Y7V1m7P4NNPA2wKeGfYWBW+KWNGyMZxqUZSy9uAImtIyhIACEkuWppPtqSOdH4vOm1jvnIpZNwdjJ40gWe4OdNk+2mZF9LZGpSPN5W63KHWQIvJ4iH5vJLvoAaS+w4fiJUQj52oL6gxC2RBjBKPwxow2vambX2wX+CPZjRLt4NZMtr+f2bbmARnFCo/v3eRsPyS0JH12rulCjsr5LIQPNrvwt3MBukJtjlim+A82Bo9I2DgrIS9B1+gITDv42IX5px8tCUDTbVR2J6Yk61l/LMCVXt34MUCVLH7mYt71W1ejDyL4Ow4Ls~3293761~4342328; rxVisitor=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A; dtLatC=509; dtSa=-; dtCookie=v_4_srv_104_sn_D31AC96E3DF032551F710E6D44416A15_app-3Af32f70c4a19cb7f4_1_ol_0_perc_100000_mul_1_rcs-3Acss_0; _abck=AD827B41E34AB180244EB157C2E73EBF~0~YAAQUGgBFxym8NWOAQAAohcb5wu2ZGB60GcxQTa+6qpnA6FyqN4LrC5qrO0RImU4BIA5aiW5kpMSaiSyndfm39JpVX1S9C5VrOKKlePm9qqeBP9bYW6Iy7qKpBsP3xUYB36lvGG30+nKugXF2BlliLDzfCwaXSu1mXM8QrQC/1pLZU9IMUL+Xd7YLjPlWK7R8OkqushCcrWmU0Z8UNvySw6H36ckn7kVb74EibUOlgNgtg3l8YqVIigkF1WhtKEz6PsqbZ8oa/aADoHU3xYQBLcjAXjQkb8zA7V6/swvOTxG9IFfROLdI5inH5Ekc1pUAyTn1mvUZihn7Z+D5+RQBw6w7sE/nU7wgoFoU8sLmvC19Zmav3geNzaUhXZ5j7rF/R3U84iksSTiDDNRG6kw2MqWYlSBD4zoUiPFl9c7ypAI~-1~-1~-1; rxvt=1713276099040\|1713274290940; dtPC=$274290934_630h-vCCRUAIBSCBAUJCNRSUGTAFBDWCRAFKQA-0e0; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; s_ecid=MCMID%7C14483685490011032432048978651132711855; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C14483685490011032432048978651132711855%7CMCAAMLH-1713879102%7C7%7CMCAAMB-1713879102%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1713281502s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.0.0; s_sess=%20s_tp%3D1568%3B%20s_ppv%3Dus%25257Coneamex%25257Cser%25257Chelp%252C58%252C58%252C907%3B%20omn_extlink%3Dus-em-serv-footer-helpcenter%3B%20omn_inav%3DiNUtlContact%3B%20s_dedupeCM%3Dextlink%253Dus-em-serv-footer-helpcenterUS%253ALegacy%2520Non-Searchn%252Fan%252Fa%3B%20s_cpc%3D1%3B%20s_cc%3Dtrue%3B; s_pers=%20s_tslv%3D1713274301817%7C1776346301817%3B%20s_tbm%3Dtrue%7C1713276102611%3B%20s_tbm365%3Dtrue%7C1744812102611%3B%20gpv_v41%3Dus%257Coneamex%257Cser%257Chelp%7C1713276102633%3B
2024-04-16 13:31:44 UTC	757	IN	HTTP/1.1 200 OK access-control-allow-origin: * date: Tue, 16 Apr 2024 13:31:44 GMT expires: Mon, 15 Apr 2024 13:31:44 GMT last-modified: Wed, 17 Apr 2024 13:31:44 GMT pragma: no-cache p3p: CP="This is not a P3P policy" server: jag set-cookie: s_ecid=MCMID%7C14483685490011032432048978651132711855; Path=/; Domain=americanexpress.com; Max-Age=34128000; Expires=Fri, 16 May 2025 13:31:31 GMT; SameSite=None; Secure etag: 3679228553633103872-4618438611782463581 vary: * content-type: image/gif;charset=utf-8 content-length: 43 strict-transport-security: max-age=31536000; includeSubDomains cache-control: no-cache, no-store, max-age=0, no-transform, private x-xss-protection: 1; mode=block x-content-type-options: nosniff connection: close
2024-04-16 13:31:44 UTC	43	IN	Data Raw: 47 49 46 38 39 61 02 00 02 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 02 00 02 00 00 02 02 84 51 00 3b Data Ascii: GIF89a!,Q;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.18	49833	63.140.39.72	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:31:44 UTC	2481	OUT	GET /id?d_visid_ver=5.0.0&d_fieldgroup=A&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&mid=14483685490011032432048978651132711855&ts=1713274302100 HTTP/1.1 Host: omns.americanexpress.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS0114bdae=0144d4a839586b141b989af62e52371e6fc307f9d3a5061f1757c48d9180280c953015a6c6dc95d5b236407f09d657189c894cb579; agent-id=75ae5b53-68cf-4749-8f79-9c43a50fd031; bm_sz=6F6A31595189F7CEAF8A71424DC072A4~YAAQT2gBF03jz8qOAQAA+PQa5xdLqqvmjQo3qql/RSrk+NqgjmVtGRIpJ5fdyCwxL0VXYKaP3pbR9g9uEQWh5UXeVA9Y7V1m7P4NNPA2wKeGfYWBW+KWNGyMZxqUZSy9uAImtIyhIACEkuWppPtqSOdH4vOm1jvnIpZNwdjJ40gWe4OdNk+2mZF9LZGpSPN5W63KHWQIvJ4iH5vJLvoAaS+w4fiJUQj52oL6gxC2RBjBKPwxow2vambX2wX+CPZjRLt4NZMtr+f2bbmARnFCo/v3eRsPyS0JH12rulCjsr5LIQPNrvwt3MBukJtjlim+A82Bo9I2DgrIS9B1+gITDv42IX5px8tCUDTbVR2J6Yk61l/LMCVXt34MUCVLH7mYt71W1ejDyL4Ow4Ls~3293761~4342328; rxVisitor=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A; dtLatC=509; dtSa=-; dtCookie=v_4_srv_104_sn_D31AC96E3DF032551F710E6D44416A15_app-3Af32f70c4a19cb7f4_1_ol_0_perc_100000_mul_1_rcs-3Acss_0; _abck=AD827B41E34AB180244EB157C2E73EBF~0~YAAQUGgBFxym8NWOAQAAohcb5wu2ZGB60GcxQTa+6qpnA6FyqN4LrC5qrO0RImU4BIA5aiW5kpMSaiSyndfm39JpVX1S9C5VrOKKlePm9qqeBP9bYW6Iy7qKpBsP3xUYB36lvGG30+nKugXF2BlliLDzfCwaXSu1mXM8QrQC/1pLZU9IMUL+Xd7YLjPlWK7R8OkqushCcrWmU0Z8UNvySw6H36ckn7kVb74EibUOlgNgtg3l8YqVIigkF1WhtKEz6PsqbZ8oa/aADoHU3xYQBLcjAXjQkb8zA7V6/swvOTxG9IFfROLdI5inH5Ekc1pUAyTn1mvUZihn7Z+D5+RQBw6w7sE/nU7wgoFoU8sLmvC19Zmav3geNzaUhXZ5j7rF/R3U84iksSTiDDNRG6kw2MqWYlSBD4zoUiPFl9c7ypAI~-1~-1~-1; rxvt=1713276099040\|1713274290940; dtPC=$274290934_630h-vCCRUAIBSCBAUJCNRSUGTAFBDWCRAFKQA-0e0; s_pers=%20s_tslv%3D1713274301817%7C1776346301817%3B; s_sess=%20s_tp%3D1568%3B%20s_ppv%3Dus%25257Coneamex%25257Cser%25257Chelp%252C58%252C58%252C907%3B%20omn_extlink%3Dus-em-serv-footer-helpcenter%3B%20omn_inav%3DiNUtlContact%3B; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; s_ecid=MCMID%7C14483685490011032432048978651132711855; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C14483685490011032432048978651132711855%7CMCAAMLH-1713879102%7C7%7CMCAAMB-1713879102%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1713281502s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.0.0
2024-04-16 13:31:44 UTC	626	IN	HTTP/1.1 200 OK access-control-allow-origin: * date: Tue, 16 Apr 2024 13:31:44 GMT p3p: CP="This is not a P3P policy" server: jag set-cookie: s_ecid=MCMID%7C14483685490011032432048978651132711855; Path=/; Domain=americanexpress.com; Max-Age=63072000; Expires=Thu, 16 Apr 2026 13:31:31 GMT; SameSite=None; Secure vary: Origin content-type: application/x-javascript;charset=utf-8 content-length: 48 strict-transport-security: max-age=31536000; includeSubDomains cache-control: no-cache, no-store, max-age=0, no-transform, private x-xss-protection: 1; mode=block x-content-type-options: nosniff connection: close
2024-04-16 13:31:44 UTC	48	IN	Data Raw: 7b 22 6d 69 64 22 3a 22 31 34 34 38 33 36 38 35 34 39 30 30 31 31 30 33 32 34 33 32 30 34 38 39 37 38 36 35 31 31 33 32 37 31 31 38 35 35 22 7d Data Ascii: {"mid":"14483685490011032432048978651132711855"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.18	49836	63.140.39.72	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:31:44 UTC	4235	OUT	GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s6959995791769?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A31%3A42%202%20-120&mid=14483685490011032432048978651132711855&aamlh=7&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7Chelp&g=https%3A%2F%2Fglobal.americanexpress.com%2Fhelp%3Finav%3DiNUtlContact%26extlink%3Dus-em-serv-footer-helpcenter%26extlink%3Dus-em-serv-footer-helpcenter%26&c.&visitorCheck=VisitorAPI%20Present&cm.&ssf=1&.cm&omn.&lob=ser&country=us&language=en&extlink=us-em-serv-footer-helpcenter&inav=iNUtlContact&.omn&.c&h.&architecture=x86&bitness=64&platformVersion=10.0.0&.h&cc=USD&server=global.americanexpress.com&v0=extlink%3Dus-em-serv-footer-helpcenter&events=event140%2Cevent45&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&h1=us%7Coneamex%7Cser&c3=en&c4=US&c6=D%3Dv6&v8=iNUtlContact&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c19=US%7Coneamex%7Cser&v21=US%3ALegacy%20Non-Search&c24=US%7Coneamex%7Cser&v27=US&c30=US%7Coneamex%7Cser&c31=US&c38=US%7Coneamex%7Cser&c43=New%20Visitor&c44=D%3Dv44&v45=prospect&c46=DLS%20Navigation&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c50=non-authenticated&c56=oneamex%3Adesktop&v60=1280&v61=landscape&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v71=us%7Coneamex%7Cser%7Chelp&v72=n%2Fa&v74=us%7Coneamex%7Cser%7Chelp&c75=Launch&v75=14483685490011032432048978651132711855&v94=D%3Dagent-id&v140=UCM%3A%20en-US%7C%20docEle%3A%20en-US%7C&v142=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1 Host: omns.americanexpress.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS0114bdae=0144d4a839586b141b989af62e52371e6fc307f9d3a5061f1757c48d9180280c953015a6c6dc95d5b236407f09d657189c894cb579; agent-id=75ae5b53-68cf-4749-8f79-9c43a50fd031; bm_sz=6F6A31595189F7CEAF8A71424DC072A4~YAAQT2gBF03jz8qOAQAA+PQa5xdLqqvmjQo3qql/RSrk+NqgjmVtGRIpJ5fdyCwxL0VXYKaP3pbR9g9uEQWh5UXeVA9Y7V1m7P4NNPA2wKeGfYWBW+KWNGyMZxqUZSy9uAImtIyhIACEkuWppPtqSOdH4vOm1jvnIpZNwdjJ40gWe4OdNk+2mZF9LZGpSPN5W63KHWQIvJ4iH5vJLvoAaS+w4fiJUQj52oL6gxC2RBjBKPwxow2vambX2wX+CPZjRLt4NZMtr+f2bbmARnFCo/v3eRsPyS0JH12rulCjsr5LIQPNrvwt3MBukJtjlim+A82Bo9I2DgrIS9B1+gITDv42IX5px8tCUDTbVR2J6Yk61l/LMCVXt34MUCVLH7mYt71W1ejDyL4Ow4Ls~3293761~4342328; rxVisitor=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A; dtLatC=509; dtSa=-; dtCookie=v_4_srv_104_sn_D31AC96E3DF032551F710E6D44416A15_app-3Af32f70c4a19cb7f4_1_ol_0_perc_100000_mul_1_rcs-3Acss_0; _abck=AD827B41E34AB180244EB157C2E73EBF~0~YAAQUGgBFxym8NWOAQAAohcb5wu2ZGB60GcxQTa+6qpnA6FyqN4LrC5qrO0RImU4BIA5aiW5kpMSaiSyndfm39JpVX1S9C5VrOKKlePm9qqeBP9bYW6Iy7qKpBsP3xUYB36lvGG30+nKugXF2BlliLDzfCwaXSu1mXM8QrQC/1pLZU9IMUL+Xd7YLjPlWK7R8OkqushCcrWmU0Z8UNvySw6H36ckn7kVb74EibUOlgNgtg3l8YqVIigkF1WhtKEz6PsqbZ8oa/aADoHU3xYQBLcjAXjQkb8zA7V6/swvOTxG9IFfROLdI5inH5Ekc1pUAyTn1mvUZihn7Z+D5+RQBw6w7sE/nU7wgoFoU8sLmvC19Zmav3geNzaUhXZ5j7rF/R3U84iksSTiDDNRG6kw2MqWYlSBD4zoUiPFl9c7ypAI~-1~-1~-1; rxvt=1713276099040\|1713274290940; dtPC=$274290934_630h-vCCRUAIBSCBAUJCNRSUGTAFBDWCRAFKQA-0e0; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; s_ecid=MCMID%7C14483685490011032432048978651132711855; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C14483685490011032432048978651132711855%7CMCAAMLH-1713879102%7C7%7CMCAAMB-1713879102%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1713281502s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.0.0; s_sess=%20s_tp%3D1568%3B%20s_ppv%3Dus%25257Coneamex%25257Cser%25257Chelp%252C58%252C58%252C907%3B%20omn_extlink%3Dus-em-serv-footer-helpcenter%3B%20omn_inav%3DiNUtlContact%3B%20s_dedupeCM%3Dextlink%253Dus-em-serv-footer-helpcenterUS%253ALegacy%2520Non-Searchn%252Fan%252Fa%3B%20s_cpc%3D1%3B%20s_cc%3Dtrue%3B; s_pers=%20s_tslv%3D1713274301817%7C1776346301817%3B%20s_tbm%3Dtrue%7C1713276102611%3B%20s_tbm365%3Dtrue%7C1744812102611%3B%20gpv_v41%3Dus%257Coneamex%257Cser%257Chelp%7C1713276102633%3B
2024-04-16 13:31:44 UTC	757	IN	HTTP/1.1 200 OK access-control-allow-origin: * date: Tue, 16 Apr 2024 13:31:44 GMT expires: Mon, 15 Apr 2024 13:31:44 GMT last-modified: Wed, 17 Apr 2024 13:31:44 GMT pragma: no-cache p3p: CP="This is not a P3P policy" server: jag set-cookie: s_ecid=MCMID%7C14483685490011032432048978651132711855; Path=/; Domain=americanexpress.com; Max-Age=34128000; Expires=Fri, 16 May 2025 13:31:31 GMT; SameSite=None; Secure etag: 3679228552686043136-4618613232680413069 vary: * content-type: image/gif;charset=utf-8 content-length: 43 strict-transport-security: max-age=31536000; includeSubDomains cache-control: no-cache, no-store, max-age=0, no-transform, private x-xss-protection: 1; mode=block x-content-type-options: nosniff connection: close
2024-04-16 13:31:44 UTC	43	IN	Data Raw: 47 49 46 38 39 61 02 00 02 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 02 00 02 00 00 02 02 84 51 00 3b Data Ascii: GIF89a!,Q;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.18	49835	63.140.38.236	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:31:44 UTC	3978	OUT	GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s67650161295375?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A31%3A42%202%20-120&mid=14483685490011032432048978651132711855&aamlh=7&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7Chelp&g=https%3A%2F%2Fglobal.americanexpress.com%2Fhelp%3Finav%3DiNUtlContact%26extlink%3Dus-em-serv-footer-helpcenter&c.&cm.&ssf=1&.cm&omn.&identifier=axp-myca-route-config&element=credo-rampup&lob=ser&detail=ineligible&.omn&.c&cc=USD&events=event141&c3=en&c4=US&v4=axp-myca-route-config&v5=us%3E%3Eaxp-myca-route-config%3E%3Eimpression%3E%3Ecredo-rampup%3E%3Eineligible&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c21=axp-myca-route-config&c22=us%3E%3Eaxp-myca-route-config%3E%3Eimpression%3E%3Ecredo-rampup%3E%3Eineligible&v27=US&c44=D%3Dv44&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c56=oneamex%3Adesktop&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7Chelp&v75=14483685490011032432048978651132711855&pe=lnk_o&pev2=Dynamic%20Page%20Action&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1 Host: omns.americanexpress.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS0114bdae=0144d4a839586b141b989af62e52371e6fc307f9d3a5061f1757c48d9180280c953015a6c6dc95d5b236407f09d657189c894cb579; agent-id=75ae5b53-68cf-4749-8f79-9c43a50fd031; bm_sz=6F6A31595189F7CEAF8A71424DC072A4~YAAQT2gBF03jz8qOAQAA+PQa5xdLqqvmjQo3qql/RSrk+NqgjmVtGRIpJ5fdyCwxL0VXYKaP3pbR9g9uEQWh5UXeVA9Y7V1m7P4NNPA2wKeGfYWBW+KWNGyMZxqUZSy9uAImtIyhIACEkuWppPtqSOdH4vOm1jvnIpZNwdjJ40gWe4OdNk+2mZF9LZGpSPN5W63KHWQIvJ4iH5vJLvoAaS+w4fiJUQj52oL6gxC2RBjBKPwxow2vambX2wX+CPZjRLt4NZMtr+f2bbmARnFCo/v3eRsPyS0JH12rulCjsr5LIQPNrvwt3MBukJtjlim+A82Bo9I2DgrIS9B1+gITDv42IX5px8tCUDTbVR2J6Yk61l/LMCVXt34MUCVLH7mYt71W1ejDyL4Ow4Ls~3293761~4342328; rxVisitor=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A; dtLatC=509; dtSa=-; dtCookie=v_4_srv_104_sn_D31AC96E3DF032551F710E6D44416A15_app-3Af32f70c4a19cb7f4_1_ol_0_perc_100000_mul_1_rcs-3Acss_0; _abck=AD827B41E34AB180244EB157C2E73EBF~0~YAAQUGgBFxym8NWOAQAAohcb5wu2ZGB60GcxQTa+6qpnA6FyqN4LrC5qrO0RImU4BIA5aiW5kpMSaiSyndfm39JpVX1S9C5VrOKKlePm9qqeBP9bYW6Iy7qKpBsP3xUYB36lvGG30+nKugXF2BlliLDzfCwaXSu1mXM8QrQC/1pLZU9IMUL+Xd7YLjPlWK7R8OkqushCcrWmU0Z8UNvySw6H36ckn7kVb74EibUOlgNgtg3l8YqVIigkF1WhtKEz6PsqbZ8oa/aADoHU3xYQBLcjAXjQkb8zA7V6/swvOTxG9IFfROLdI5inH5Ekc1pUAyTn1mvUZihn7Z+D5+RQBw6w7sE/nU7wgoFoU8sLmvC19Zmav3geNzaUhXZ5j7rF/R3U84iksSTiDDNRG6kw2MqWYlSBD4zoUiPFl9c7ypAI~-1~-1~-1; rxvt=1713276099040\|1713274290940; dtPC=$274290934_630h-vCCRUAIBSCBAUJCNRSUGTAFBDWCRAFKQA-0e0; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; s_ecid=MCMID%7C14483685490011032432048978651132711855; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C14483685490011032432048978651132711855%7CMCAAMLH-1713879102%7C7%7CMCAAMB-1713879102%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1713281502s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.0.0; s_sess=%20s_tp%3D1568%3B%20s_ppv%3Dus%25257Coneamex%25257Cser%25257Chelp%252C58%252C58%252C907%3B%20omn_extlink%3Dus-em-serv-footer-helpcenter%3B%20omn_inav%3DiNUtlContact%3B%20s_dedupeCM%3Dextlink%253Dus-em-serv-footer-helpcenterUS%253ALegacy%2520Non-Searchn%252Fan%252Fa%3B%20s_cpc%3D1%3B%20s_cc%3Dtrue%3B; s_pers=%20s_tslv%3D1713274301817%7C1776346301817%3B%20s_tbm%3Dtrue%7C1713276102611%3B%20s_tbm365%3Dtrue%7C1744812102611%3B%20gpv_v41%3Dus%257Coneamex%257Cser%257Chelp%7C1713276102633%3B
2024-04-16 13:31:44 UTC	757	IN	HTTP/1.1 200 OK access-control-allow-origin: * date: Tue, 16 Apr 2024 13:31:44 GMT expires: Mon, 15 Apr 2024 13:31:44 GMT last-modified: Wed, 17 Apr 2024 13:31:44 GMT pragma: no-cache p3p: CP="This is not a P3P policy" server: jag set-cookie: s_ecid=MCMID%7C14483685490011032432048978651132711855; Path=/; Domain=americanexpress.com; Max-Age=34128000; Expires=Fri, 16 May 2025 13:31:31 GMT; SameSite=None; Secure etag: 3679228552682176512-4618668786047624121 vary: * content-type: image/gif;charset=utf-8 content-length: 43 strict-transport-security: max-age=31536000; includeSubDomains cache-control: no-cache, no-store, max-age=0, no-transform, private x-xss-protection: 1; mode=block x-content-type-options: nosniff connection: close
2024-04-16 13:31:44 UTC	43	IN	Data Raw: 47 49 46 38 39 61 02 00 02 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 02 00 02 00 00 02 02 84 51 00 3b Data Ascii: GIF89a!,Q;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.18	49839	63.140.39.72	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:31:45 UTC	3779	OUT	GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s67650161295375?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A31%3A42%202%20-120&mid=14483685490011032432048978651132711855&aamlh=7&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7Chelp&g=https%3A%2F%2Fglobal.americanexpress.com%2Fhelp%3Finav%3DiNUtlContact%26extlink%3Dus-em-serv-footer-helpcenter&c.&cm.&ssf=1&.cm&omn.&identifier=axp-myca-route-config&element=credo-rampup&lob=ser&detail=ineligible&.omn&.c&cc=USD&events=event141&c3=en&c4=US&v4=axp-myca-route-config&v5=us%3E%3Eaxp-myca-route-config%3E%3Eimpression%3E%3Ecredo-rampup%3E%3Eineligible&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c21=axp-myca-route-config&c22=us%3E%3Eaxp-myca-route-config%3E%3Eimpression%3E%3Ecredo-rampup%3E%3Eineligible&v27=US&c44=D%3Dv44&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c56=oneamex%3Adesktop&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7Chelp&v75=14483685490011032432048978651132711855&pe=lnk_o&pev2=Dynamic%20Page%20Action&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1 Host: omns.americanexpress.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TS0114bdae=0144d4a839586b141b989af62e52371e6fc307f9d3a5061f1757c48d9180280c953015a6c6dc95d5b236407f09d657189c894cb579; agent-id=75ae5b53-68cf-4749-8f79-9c43a50fd031; bm_sz=6F6A31595189F7CEAF8A71424DC072A4~YAAQT2gBF03jz8qOAQAA+PQa5xdLqqvmjQo3qql/RSrk+NqgjmVtGRIpJ5fdyCwxL0VXYKaP3pbR9g9uEQWh5UXeVA9Y7V1m7P4NNPA2wKeGfYWBW+KWNGyMZxqUZSy9uAImtIyhIACEkuWppPtqSOdH4vOm1jvnIpZNwdjJ40gWe4OdNk+2mZF9LZGpSPN5W63KHWQIvJ4iH5vJLvoAaS+w4fiJUQj52oL6gxC2RBjBKPwxow2vambX2wX+CPZjRLt4NZMtr+f2bbmARnFCo/v3eRsPyS0JH12rulCjsr5LIQPNrvwt3MBukJtjlim+A82Bo9I2DgrIS9B1+gITDv42IX5px8tCUDTbVR2J6Yk61l/LMCVXt34MUCVLH7mYt71W1ejDyL4Ow4Ls~3293761~4342328; rxVisitor=1713274290937A7R6R3LAF697QOVKMJMDGTMITTEUMT0A; dtLatC=509; dtSa=-; dtCookie=v_4_srv_104_sn_D31AC96E3DF032551F710E6D44416A15_app-3Af32f70c4a19cb7f4_1_ol_0_perc_100000_mul_1_rcs-3Acss_0; _abck=AD827B41E34AB180244EB157C2E73EBF~0~YAAQUGgBFxym8NWOAQAAohcb5wu2ZGB60GcxQTa+6qpnA6FyqN4LrC5qrO0RImU4BIA5aiW5kpMSaiSyndfm39JpVX1S9C5VrOKKlePm9qqeBP9bYW6Iy7qKpBsP3xUYB36lvGG30+nKugXF2BlliLDzfCwaXSu1mXM8QrQC/1pLZU9IMUL+Xd7YLjPlWK7R8OkqushCcrWmU0Z8UNvySw6H36ckn7kVb74EibUOlgNgtg3l8YqVIigkF1WhtKEz6PsqbZ8oa/aADoHU3xYQBLcjAXjQkb8zA7V6/swvOTxG9IFfROLdI5inH5Ekc1pUAyTn1mvUZihn7Z+D5+RQBw6w7sE/nU7wgoFoU8sLmvC19Zmav3geNzaUhXZ5j7rF/R3U84iksSTiDDNRG6kw2MqWYlSBD4zoUiPFl9c7ypAI~-1~-1~-1; rxvt=1713276099040\|1713274290940; dtPC=$274290934_630h-vCCRUAIBSCBAUJCNRSUGTAFBDWCRAFKQA-0e0; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; s_ecid=MCMID%7C14483685490011032432048978651132711855; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C14483685490011032432048978651132711855%7CMCAAMLH-1713879102%7C7%7CMCAAMB-1713879102%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1713281502s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.0.0; s_sess=%20s_tp%3D1568%3B%20s_ppv%3Dus%25257Coneamex%25257Cser%25257Chelp%252C58%252C58%252C907%3B%20omn_extlink%3Dus-em-serv-footer-helpcenter%3B%20omn_inav%3DiNUtlContact%3B%20s_dedupeCM%3Dextlink%253Dus-em-serv-footer-helpcenterUS%253ALegacy%2520Non-Searchn%252Fan%252Fa%3B%20s_cpc%3D1%3B%20s_cc%3Dtrue%3B; s_pers=%20s_tslv%3D1713274301817%7C1776346301817%3B%20s_tbm%3Dtrue%7C1713276102611%3B%20s_tbm365%3Dtrue%7C1744812102611%3B%20gpv_v41%3Dus%257Coneamex%257Cser%257Chelp%7C1713276102633%3B
2024-04-16 13:31:45 UTC	757	IN	HTTP/1.1 200 OK access-control-allow-origin: * date: Tue, 16 Apr 2024 13:31:45 GMT expires: Mon, 15 Apr 2024 13:31:45 GMT last-modified: Wed, 17 Apr 2024 13:31:45 GMT pragma: no-cache p3p: CP="This is not a P3P policy" server: jag set-cookie: s_ecid=MCMID%7C14483685490011032432048978651132711855; Path=/; Domain=americanexpress.com; Max-Age=34128000; Expires=Fri, 16 May 2025 13:31:31 GMT; SameSite=None; Secure etag: 3679228556160565248-4618528602078223238 vary: * content-type: image/gif;charset=utf-8 content-length: 43 strict-transport-security: max-age=31536000; includeSubDomains cache-control: no-cache, no-store, max-age=0, no-transform, private x-xss-protection: 1; mode=block x-content-type-options: nosniff connection: close
2024-04-16 13:31:45 UTC	43	IN	Data Raw: 47 49 46 38 39 61 02 00 02 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 02 00 02 00 00 02 02 84 51 00 3b Data Ascii: GIF89a!,Q;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.18	49893	64.233.177.103	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:32:10 UTC	635	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiSocsBCIWgzQEI3L3NAQjpxc0BCJHKzQEIucrNAQis0c0BCInTzQEI29PNAQj2080BCNLWzQEIp9jNAQjp2M0BCPnA1BUYwcvMARi50s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 13:32:10 UTC	1703	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 13:32:10 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-_Iss_Tvr6yNq3Hpr9ez71w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-16 13:32:10 UTC	810	IN	Data Raw: 33 32 33 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 66 72 61 6e 6b 69 65 20 66 69 64 6c 65 72 20 62 61 73 6b 65 74 62 61 6c 6c 22 2c 22 64 61 69 6c 79 20 68 6f 72 6f 73 63 6f 70 65 20 74 6f 64 61 79 22 2c 22 6d 6f 68 61 6d 65 64 20 73 61 6d 75 72 61 20 68 6f 77 61 72 64 20 75 6e 69 76 65 72 73 69 74 79 22 2c 22 73 74 61 72 62 75 63 6b 73 20 73 70 69 63 79 20 6c 65 6d 6f 6e 61 64 65 20 72 65 66 72 65 73 68 65 72 73 22 2c 22 73 65 76 65 72 65 20 77 65 61 74 68 65 72 20 74 6f 72 6e 61 64 6f 65 73 22 2c 22 66 69 6e 61 6c 20 6a 65 6f 70 61 72 64 79 20 61 70 72 69 6c 20 31 35 20 32 30 32 34 22 2c 22 6e 65 77 20 79 6f 72 6b 20 6b 6e 69 63 6b 73 20 6e 65 77 73 22 2c 22 61 6d 65 72 69 63 61 6e 20 61 69 72 6c 69 6e 65 73 20 66 6c 69 67 68 74 20 61 74 74 65 6e 64 61 6e Data Ascii: 323)]}'["",["frankie fidler basketball","daily horoscope today","mohamed samura howard university","starbucks spicy lemonade refreshers","severe weather tornadoes","final jeopardy april 15 2024","new york knicks news","american airlines flight attendan
2024-04-16 13:32:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.18	49895	64.233.177.103	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:32:10 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 13:32:11 UTC	1816	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtTk0GNv7-bAGIjAB5ca-1h2npjbKyRJrY0x7oVX9EvE_hx3CS29R-qtGI7R0K5dKFNaff9s5a-f5vCUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwI2_v5sAYQmJf6_gESBFG1OTQ Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Tue, 16 Apr 2024 13:32:11 GMT Server: gws Content-Length: 427 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-16-13; expires=Thu, 16-May-2024 13:32:11 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=KR6K9V6ZtjZf1vKqUgOCyawpR6eIS5pHtrHBKK9hd2Rn181bbOmhSJTXvOXsy0He6WiQB6xc2uxrxNpsVJc7iR0T1Sq2l-jZJtKYV9vxzkzWvlEx8rLgeFKLa2eT8r9bC8N6WSS2AirqkYi_QNeD-iS3ZnAW1KNqcfFonpYaKoQ; expires=Wed, 16-Oct-2024 13:32:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-16 13:32:11 UTC	427	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 25 33 46 61 73 79 6e Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasyn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.18	49896	64.233.177.103	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:32:10 UTC	538	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiSocsBCIWgzQEI3L3NAQjpxc0BCJHKzQEIucrNAQis0c0BCInTzQEI29PNAQj2080BCNLWzQEIp9jNAQjp2M0BCPnA1BUYwcvMARi50s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 13:32:11 UTC	1843	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtTk0GNv7-bAGIjCutrdc__jP0Ewy3i-m2egggo-7ZmryQzEGXexmB4-11OBM3nprFLRWxeudB_gRK98yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwI2_v5sAYQzMOr5QESBFG1OTQ Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Tue, 16 Apr 2024 13:32:11 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-16-13; expires=Thu, 16-May-2024 13:32:11 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=HiYTcYVFE12zfZ5RF4UZiNIh43EgTh3zpY5SDtyZHLD4cR6h-fHb5eXqkaLQaQss9tPU_nAzWqJ-r8tm2nzuwJVuJgSg8m80omXLQLI9kC-mLI67INlpFzc2Xm6nACmdJHvvKlrhu1n0my3amXjvrdO281LsrYSdSQJKKM41sZY; expires=Wed, 16-Oct-2024 13:32:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-16 13:32:11 UTC	458	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.18	49894	64.233.177.103	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:32:10 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 13:32:11 UTC	1761	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtTk0GNv7-bAGIjDiFp97vxk7IW7qwjFYYBhxwkHmojLuIhALKDnO0DQ2z_YXRZ4ybx5vwHqH-UJyuSIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwI2_v5sAYQ-O_45wESBFG1OTQ Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Tue, 16 Apr 2024 13:32:11 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-04-16-13; expires=Thu, 16-May-2024 13:32:11 GMT; path=/; domain=.google.com; Secure; SameSite=none Set-Cookie: NID=513=ggn58Oi5KKSghXHMWIYnjVKSl7PEG1cKs3hmIzSRQ1Tn7Ea15F50Zfg1_H_HHMd7_w5NryrE4_eTvXY49r5G-ejab8dhmje4SCAwDOesgz5bjWCTGZWonX8-SeCEBBb32Xu0tJ7bttTzafiejNdUEbMwb3nwPE4IF65UK62RK3A; expires=Wed, 16-Oct-2024 13:32:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-16 13:32:11 UTC	417	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.18	49897	64.233.177.103	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:32:11 UTC	940	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtTk0GNv7-bAGIjCutrdc__jP0Ewy3i-m2egggo-7ZmryQzEGXexmB4-11OBM3nprFLRWxeudB_gRK98yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiSocsBCIWgzQEI3L3NAQjpxc0BCJHKzQEIucrNAQis0c0BCInTzQEI29PNAQj2080BCNLWzQEIp9jNAQjp2M0BCPnA1BUYwcvMARi50s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-16-13; NID=513=HiYTcYVFE12zfZ5RF4UZiNIh43EgTh3zpY5SDtyZHLD4cR6h-fHb5eXqkaLQaQss9tPU_nAzWqJ-r8tm2nzuwJVuJgSg8m80omXLQLI9kC-mLI67INlpFzc2Xm6nACmdJHvvKlrhu1n0my3amXjvrdO281LsrYSdSQJKKM41sZY
2024-04-16 13:32:11 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Tue, 16 Apr 2024 13:32:11 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3183 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-16 13:32:11 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-04-16 13:32:11 UTC	1255	IN	Data Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 4d 72 6e 6f 54 32 76 31 76 Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="MrnoT2v1v
2024-04-16 13:32:11 UTC	1029	IN	Data Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.18	49899	64.233.177.103	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:32:11 UTC	738	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtTk0GNv7-bAGIjDiFp97vxk7IW7qwjFYYBhxwkHmojLuIhALKDnO0DQ2z_YXRZ4ybx5vwHqH-UJyuSIyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-16-13; NID=513=ggn58Oi5KKSghXHMWIYnjVKSl7PEG1cKs3hmIzSRQ1Tn7Ea15F50Zfg1_H_HHMd7_w5NryrE4_eTvXY49r5G-ejab8dhmje4SCAwDOesgz5bjWCTGZWonX8-SeCEBBb32Xu0tJ7bttTzafiejNdUEbMwb3nwPE4IF65UK62RK3A
2024-04-16 13:32:12 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Tue, 16 Apr 2024 13:32:12 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3111 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-16 13:32:12 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-04-16 13:32:12 UTC	1255	IN	Data Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 59 43 34 75 30 4a 64 4c 44 33 62 6c 42 36 69 77 30 43 2d 69 57 39 4f 68 53 61 74 68 38 68 58 6e 57 Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="YC4u0JdLD3blB6iw0C-iW9OhSath8hXnW
2024-04-16 13:32:12 UTC	957	IN	Data Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.18	49898	64.233.177.103	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:32:11 UTC	742	OUT	GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtTk0GNv7-bAGIjAB5ca-1h2npjbKyRJrY0x7oVX9EvE_hx3CS29R-qtGI7R0K5dKFNaff9s5a-f5vCUyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-16-13; NID=513=KR6K9V6ZtjZf1vKqUgOCyawpR6eIS5pHtrHBKK9hd2Rn181bbOmhSJTXvOXsy0He6WiQB6xc2uxrxNpsVJc7iR0T1Sq2l-jZJtKYV9vxzkzWvlEx8rLgeFKLa2eT8r9bC8N6WSS2AirqkYi_QNeD-iS3ZnAW1KNqcfFonpYaKoQ
2024-04-16 13:32:12 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Tue, 16 Apr 2024 13:32:12 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3129 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-04-16 13:32:12 UTC	899	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 3f 61 73 79 6e 63 3d 6e 74 70 3a 32 3c 2f 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/ddljson?async=ntp:2</title>
2024-04-16 13:32:12 UTC	1255	IN	Data Raw: 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 45 33 37 66 4d 6c 63 49 2d 30 53 70 34 63 51 6d 50 6b 57 7a 41 41 54 31 47 67 70 Data Ascii: tCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="E37fMlcI-0Sp4cQmPkWzAAT1Ggp
2024-04-16 13:32:12 UTC	975	IN	Data Raw: 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e Data Ascii: ears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the mean

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.18	49900	64.233.177.103	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:32:12 UTC	832	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiSocsBCIWgzQEI3L3NAQjpxc0BCJHKzQEIucrNAQis0c0BCInTzQEI29PNAQj2080BCNLWzQEIp9jNAQjp2M0BCPnA1BUYwcvMARi50s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-16-13; NID=513=KR6K9V6ZtjZf1vKqUgOCyawpR6eIS5pHtrHBKK9hd2Rn181bbOmhSJTXvOXsy0He6WiQB6xc2uxrxNpsVJc7iR0T1Sq2l-jZJtKYV9vxzkzWvlEx8rLgeFKLa2eT8r9bC8N6WSS2AirqkYi_QNeD-iS3ZnAW1KNqcfFonpYaKoQ
2024-04-16 13:32:12 UTC	1703	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 13:32:12 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-THJ53hg5M5Y_DQ6b1oApNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-16 13:32:12 UTC	1703	IN	Data Raw: 63 39 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6b 65 6e 74 75 63 6b 79 20 62 61 73 6b 65 74 62 61 6c 6c 20 74 72 61 6e 73 66 65 72 20 70 6f 72 74 61 6c 22 2c 22 6e 69 63 68 6f 6c 65 20 68 61 72 74 20 77 61 6c 6d 61 72 74 20 6d 61 6e 61 67 65 72 22 2c 22 63 74 63 20 63 68 69 6c 64 20 74 61 78 20 63 72 65 64 69 74 22 2c 22 77 68 65 6e 20 66 61 6c 6c 6f 75 74 20 73 65 61 73 6f 6e 20 32 22 2c 22 73 6f 6e 79 20 70 73 35 20 70 72 6f 22 2c 22 62 72 6f 6f 64 20 78 69 69 69 20 63 69 63 61 64 61 73 22 2c 22 73 61 6c 76 61 64 6f 72 20 70 c3 a9 72 65 7a 22 2c 22 74 65 6b 6b 65 6e 20 38 20 70 61 74 63 68 20 6e 6f 74 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 Data Ascii: c95)]}'["",["kentucky basketball transfer portal","nichole hart walmart manager","ctc child tax credit","when fallout season 2","sony ps5 pro","brood xiii cicadas","salvador prez","tekken 8 patch notes"],["","","","","","","",""],[],{"google:clientda
2024-04-16 13:32:12 UTC	1525	IN	Data Raw: 56 4b 51 55 68 58 4e 30 39 50 56 30 70 58 56 33 42 79 54 44 64 49 4f 48 52 52 53 30 35 58 4d 54 42 43 5a 6e 5a 32 64 44 52 49 52 45 78 4d 65 6b 34 79 56 58 6c 47 53 31 68 49 61 6e 52 47 55 45 31 73 53 30 52 78 55 48 59 76 57 45 55 7a 55 48 64 4d 56 33 4e 45 53 33 56 31 64 6e 52 4c 54 30 78 72 53 58 52 6c 4d 47 35 77 53 33 56 69 52 69 74 54 65 45 74 6b 59 6c 4e 47 54 6d 4e 6a 51 6e 68 68 56 44 52 6b 51 6c 68 6f 57 6b 63 72 51 6c 4e 7a 63 56 55 79 64 79 39 4a 62 6e 4e 54 55 57 68 30 53 31 4e 46 54 57 64 47 59 58 52 59 61 44 63 30 65 6b 30 30 54 48 5a 4d 5a 6a 4a 57 51 32 31 33 63 54 41 33 5a 45 4e 78 64 6c 68 47 4f 58 4e 55 61 54 42 35 52 6e 70 75 62 6d 64 44 59 6e 52 61 4e 6b 4e 70 51 55 34 35 64 48 67 33 53 45 52 53 64 7a 68 78 63 6b 64 44 4d 55 46 68 4b Data Ascii: VKQUhXN09PV0pXV3ByTDdIOHRRS05XMTBCZnZ2dDRIRExMek4yVXlGS1hIanRGUE1sS0RxUHYvWEUzUHdMV3NES3V1dnRLT0xrSXRlMG5wS3ViRitTeEtkYlNGTmNjQnhhVDRkQlhoWkcrQlNzcVUydy9JbnNTUWh0S1NFTWdGYXRYaDc0ek00THZMZjJWQ213cTA3ZENxdlhGOXNUaTB5RnpubmdDYnRaNkNpQU45dHg3SERSdzhxckdDMUFhK
2024-04-16 13:32:12 UTC	496	IN	Data Raw: 31 65 39 0d 0a 47 39 76 4d 32 64 77 4d 6c 4a 4b 62 32 78 53 64 58 51 32 52 30 64 7a 5a 53 74 31 4f 45 59 77 54 33 4e 49 57 57 70 57 62 6c 4a 77 4c 79 39 61 4f 67 39 54 59 57 78 32 59 57 52 76 63 69 42 51 77 36 6c 79 5a 58 70 4b 42 79 4d 78 59 7a 4a 6a 4f 44 6c 53 4f 32 64 7a 58 33 4e 7a 63 44 31 6c 53 6e 70 71 4e 48 52 4d 55 44 46 55 5a 6b 6c 4e 54 54 52 77 54 54 59 30 64 31 6c 51 56 47 6c 4d 4d 44 64 4e 53 31 56 30 54 58 6c 54 4f 56 4e 4c 52 47 6b 34 63 32 6c 70 4d 55 4e 6e 51 30 74 71 5a 33 42 79 63 41 5a 77 42 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 Data Ascii: 1e9G9vM2dwMlJKb2xSdXQ2R0dzZSt1OEYwT3NIWWpWblJwLy9aOg9TYWx2YWRvciBQw6lyZXpKByMxYzJjODlSO2dzX3NzcD1lSnpqNHRMUDFUZklNTTRwTTY0d1lQVGlMMDdNS1V0TXlTOVNLRGk4c2lpMUNnQ0tqZ3BycAZwBw\u003d\u003d","zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255
2024-04-16 13:32:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.18	49901	64.233.177.103	443	6004	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 13:32:12 UTC	845	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCOvUygEI/IPLAQiSocsBCIWgzQEI3L3NAQjpxc0BCJHKzQEIucrNAQis0c0BCInTzQEI29PNAQj2080BCNLWzQEIp9jNAQjp2M0BCPnA1BUYwcvMARi50s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: 1P_JAR=2024-04-16-13; NID=513=KR6K9V6ZtjZf1vKqUgOCyawpR6eIS5pHtrHBKK9hd2Rn181bbOmhSJTXvOXsy0He6WiQB6xc2uxrxNpsVJc7iR0T1Sq2l-jZJtKYV9vxzkzWvlEx8rLgeFKLa2eT8r9bC8N6WSS2AirqkYi_QNeD-iS3ZnAW1KNqcfFonpYaKoQ
2024-04-16 13:32:12 UTC	1703	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 13:32:12 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-iXMxzu9-02g44XvCOxwFUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-16 13:32:12 UTC	1703	IN	Data Raw: 63 39 35 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6b 65 6e 74 75 63 6b 79 20 62 61 73 6b 65 74 62 61 6c 6c 20 74 72 61 6e 73 66 65 72 20 70 6f 72 74 61 6c 22 2c 22 6e 69 63 68 6f 6c 65 20 68 61 72 74 20 77 61 6c 6d 61 72 74 20 6d 61 6e 61 67 65 72 22 2c 22 63 74 63 20 63 68 69 6c 64 20 74 61 78 20 63 72 65 64 69 74 22 2c 22 77 68 65 6e 20 66 61 6c 6c 6f 75 74 20 73 65 61 73 6f 6e 20 32 22 2c 22 73 6f 6e 79 20 70 73 35 20 70 72 6f 22 2c 22 62 72 6f 6f 64 20 78 69 69 69 20 63 69 63 61 64 61 73 22 2c 22 73 61 6c 76 61 64 6f 72 20 70 c3 a9 72 65 7a 22 2c 22 74 65 6b 6b 65 6e 20 38 20 70 61 74 63 68 20 6e 6f 74 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 Data Ascii: c95)]}'["",["kentucky basketball transfer portal","nichole hart walmart manager","ctc child tax credit","when fallout season 2","sony ps5 pro","brood xiii cicadas","salvador prez","tekken 8 patch notes"],["","","","","","","",""],[],{"google:clientda
2024-04-16 13:32:12 UTC	1525	IN	Data Raw: 56 4b 51 55 68 58 4e 30 39 50 56 30 70 58 56 33 42 79 54 44 64 49 4f 48 52 52 53 30 35 58 4d 54 42 43 5a 6e 5a 32 64 44 52 49 52 45 78 4d 65 6b 34 79 56 58 6c 47 53 31 68 49 61 6e 52 47 55 45 31 73 53 30 52 78 55 48 59 76 57 45 55 7a 55 48 64 4d 56 33 4e 45 53 33 56 31 64 6e 52 4c 54 30 78 72 53 58 52 6c 4d 47 35 77 53 33 56 69 52 69 74 54 65 45 74 6b 59 6c 4e 47 54 6d 4e 6a 51 6e 68 68 56 44 52 6b 51 6c 68 6f 57 6b 63 72 51 6c 4e 7a 63 56 55 79 64 79 39 4a 62 6e 4e 54 55 57 68 30 53 31 4e 46 54 57 64 47 59 58 52 59 61 44 63 30 65 6b 30 30 54 48 5a 4d 5a 6a 4a 57 51 32 31 33 63 54 41 33 5a 45 4e 78 64 6c 68 47 4f 58 4e 55 61 54 42 35 52 6e 70 75 62 6d 64 44 59 6e 52 61 4e 6b 4e 70 51 55 34 35 64 48 67 33 53 45 52 53 64 7a 68 78 63 6b 64 44 4d 55 46 68 4b Data Ascii: VKQUhXN09PV0pXV3ByTDdIOHRRS05XMTBCZnZ2dDRIRExMek4yVXlGS1hIanRGUE1sS0RxUHYvWEUzUHdMV3NES3V1dnRLT0xrSXRlMG5wS3ViRitTeEtkYlNGTmNjQnhhVDRkQlhoWkcrQlNzcVUydy9JbnNTUWh0S1NFTWdGYXRYaDc0ek00THZMZjJWQ213cTA3ZENxdlhGOXNUaTB5RnpubmdDYnRaNkNpQU45dHg3SERSdzhxckdDMUFhK
2024-04-16 13:32:12 UTC	496	IN	Data Raw: 31 65 39 0d 0a 47 39 76 4d 32 64 77 4d 6c 4a 4b 62 32 78 53 64 58 51 32 52 30 64 7a 5a 53 74 31 4f 45 59 77 54 33 4e 49 57 57 70 57 62 6c 4a 77 4c 79 39 61 4f 67 39 54 59 57 78 32 59 57 52 76 63 69 42 51 77 36 6c 79 5a 58 70 4b 42 79 4d 78 59 7a 4a 6a 4f 44 6c 53 4f 32 64 7a 58 33 4e 7a 63 44 31 6c 53 6e 70 71 4e 48 52 4d 55 44 46 55 5a 6b 6c 4e 54 54 52 77 54 54 59 30 64 31 6c 51 56 47 6c 4d 4d 44 64 4e 53 31 56 30 54 58 6c 54 4f 56 4e 4c 52 47 6b 34 63 32 6c 70 4d 55 4e 6e 51 30 74 71 5a 33 42 79 63 41 5a 77 42 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 Data Ascii: 1e9G9vM2dwMlJKb2xSdXQ2R0dzZSt1OEYwT3NIWWpWblJwLy9aOg9TYWx2YWRvciBQw6lyZXpKByMxYzJjODlSO2dzX3NzcD1lSnpqNHRMUDFUZklNTTRwTTY0d1lQVGlMMDdNS1V0TXlTOVNLRGk4c2lpMUNnQ0tqZ3BycAZwBw\u003d\u003d","zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255
2024-04-16 13:32:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 1236, Parent PID: 2484

General

Target ID:	0
Start time:	15:31:18
Start date:	16/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://global.americanexpress.com/help?inav=iNUtlContact&extlink=us-em-serv-footer-helpcenter
Imagebase:	0x7ff728d30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6004, Parent PID: 1236

General

Target ID:	1
Start time:	15:31:23
Start date:	16/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1948,i,17101978054004084476,12410038309744272020,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff728d30000
File size:	3'242'272 bytes
MD5 hash:	83395EAB5B03DEA9720F8D7AC0D15CAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://global.americanexpress.com/help?inav=iNUtlContact&extlink=us-em-serv-footer-helpcenter

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Windows Analysis Report
https://global.americanexpress.com/help?inav=iNUtlContact&extlink=us-em-serv-footer-helpcenter