Windows Analysis Report
http://www.americanexpress.com/us/pakyc/

Overview

General Information

Sample URL:	http://www.americanexpress.com/us/pakyc/
Analysis ID:	1426764
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body with high number of embedded images detected

HTTP GET or POST without a user agent

Stores files to the Windows start menu directory

Classification

Signatures

HTML body with high number of embedded images detected

Source: https://oneforms.americanexpress.com/iForms/open/paKycOptions_en_US?page=1

HTTP Parser: Total embedded image size: 15766

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.68.63:443 -> 192.168.2.17:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.68.63:443 -> 192.168.2.17:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.17:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.17:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49806 version: TLS 1.2

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63

Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.0.0&d_fieldgroup=A&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&mid=10156722043248159620305584607496081974&ts=1713274424642 HTTP/1.1Host: omns.americanexpress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: https://oneforms.americanexpress.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C10156722043248159620305584607496081974%7CvVersion%7C5.0.0
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.0.0&d_fieldgroup=A&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&mid=10156722043248159620305584607496081974&ts=1713274424642 HTTP/1.1Host: omns.americanexpress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%7C10156722043248159620305584607496081974; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C10156722043248159620305584607496081974%7CMCAID%7CNONE%7CvVersion%7C5.0.0
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s65150841158414?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A33%3A45%202%20-120&mid=10156722043248159620305584607496081974&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&g=https%3A%2F%2Foneforms.americanexpress.com%2FiForms%2Fopen%2FpaKycOptions_en_US%3Fpage%3D1&c.&visitorCheck=VisitorAPI%20Present&cm.&ssf=1&.cm&omn.&lob=ser&country=us&language=en&.omn&.c&h.&architecture=x86&bitness=64&platformVersion=10.0.0&.h&cc=USD&server=oneforms.americanexpress.com&events=event140&h1=us%7Coneamex%7Cser%7Ciforms%7Copen&c3=en&c4=US&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c19=US%7Coneamex%7Cser&c24=US%7Coneamex%7Cser%7CiForms&v27=US&c30=US%7Coneamex%7Cser%7CiForms%7Copen&c31=US&c38=US%7Coneamex%7Cser%7CiForms%7Copen&c43=New%20Visitor&c44=D%3Dv44&v45=prospect&c46=DLS%20Navigation&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c50=authenticated&c56=oneamex&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&c75=Launch&v75=10156722043248159620305584607496081974&v94=D%3Dagent-id&v140=UCM%3A%20en-US%7C%20docEle%3A%20en-US%7C&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%7C10156722043248159620305584607496081974; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=8700
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s65150841158414?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A33%3A45%202%20-120&mid=10156722043248159620305584607496081974&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&g=https%3A%2F%2Foneforms.americanexpress.com%2FiForms%2Fopen%2FpaKycOptions_en_US%3Fpage%3D1&c.&visitorCheck=VisitorAPI%20Present&cm.&ssf=1&.cm&omn.&lob=ser&country=us&language=en&.omn&.c&h.&architecture=x86&bitness=64&platformVersion=10.0.0&.h&cc=USD&server=oneforms.americanexpress.com&events=event140&h1=us%7Coneamex%7Cser%7Ciforms%7Copen&c3=en&c4=US&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c19=US%7Coneamex%7Cser&c24=US%7Coneamex%7Cser%7CiForms&v27=US&c30=US%7Coneamex%7Cser%7CiForms%7Copen&c31=US&c38=US%7Coneamex%7Cser%7CiForms%7Copen&c43=New%20Visitor&c44=D%3Dv44&v45=prospect&c46=DLS%20Navigation&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c50=authenticated&c56=oneamex&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&c75=Launch&v75=10156722043248159620305584607496081974&v94=D%3Dagent-id&v140=UCM%3A%20en-US%7C%20docEle%3A%20en-US%7C&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%7C10156722043248159620305584607496081974; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C10156722043248159620305584607496081974%7CMCAID%7CNONE%7CMCOPTOUT-1713281625s%7CNONE%7CvVersion%7C5.0.0; s_sess=%20s_tp%3D1022%3B%20s_ppv%3Dus%25257Coneamex%25257Cser%25257CiForms%2525
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s66786050574872?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A33%3A45%202%20-120&mid=10156722043248159620305584607496081974&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&g=https%3A%2F%2Foneforms.americanexpress.com%2FiForms%2Fopen%2FpaKycOptions_en_US%3Fpage%3D1&c.&visitorCheck=VisitorAPI%20Present&omn.&ppvpage=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&ppvtotal=89&ppvinitial=89&lob=ser&country=us&language=en&.omn&cm.&ssf=1&.cm&.c&h.&architecture=x86&bitness=64&platformVersion=10.0.0&.h&cc=USD&server=oneforms.americanexpress.com&events=event140&h1=us%7Coneamex%7Cser%7Ciforms%7Copen&c3=en&c4=US&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c19=US%7Coneamex%7Cser&c24=US%7Coneamex%7Cser%7CiForms&v27=US&c30=US%7Coneamex%7Cser%7CiForms%7Copen&c31=US&c38=US%7Coneamex%7Cser%7CiForms%7Copen&v41=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&c44=D%3Dv44&v45=prospect&c46=DLS%20Navigation&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c50=authenticated&c56=oneamex&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&c75=Launch&v75=10156722043248159620305584607496081974&v94=D%3Dagent-id&v140=UCM%3A%20en-US%7C%20docEle%3A%20en-US%7C&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s62158091623535?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A33%3A45%202%20-120&mid=10156722043248159620305584607496081974&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&g=https%3A%2F%2Foneforms.americanexpress.com%2FiForms%2Fopen%2FpaKycOptions_en_US%3Fpage%3D1&c.&cm.&ssf=1&.cm&omn.&identifier=iForms&element=On%20page%201%20form%20load&lob=ser&detail=page%201%20visited&.omn&.c&cc=USD&events=event141&c3=en&c4=US&v4=iForms&v5=us%3E%3EiForms%3E%3Eimpression%3E%3EOn%20page%201%20form%20load%3E%3Epage%201%20visited&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c21=iForms&c22=us%3E%3EiForms%3E%3Eimpression%3E%3EOn%20page%201%20form%20load%3E%3Epage%201%20visited&v27=US&c44=D%3Dv44&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c56=oneamex&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&v75=10156722043248159620305584607496081974&pe=lnk_o&pev2=Dynamic%20Page%20Action&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%7C10156722043248159620305584607496081974; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C10156722043248159620305584607496081974%7CMCAID%7CNONE%7CMCOPTOUT-1713281625s%7CNONE%7CvVersion%7C5.0.0; s_sess=%20s_tp%3D1022%3B%20s_p
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s66786050574872?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A33%3A45%202%20-120&mid=10156722043248159620305584607496081974&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&g=https%3A%2F%2Foneforms.americanexpress.com%2FiForms%2Fopen%2FpaKycOptions_en_US%3Fpage%3D1&c.&visitorCheck=VisitorAPI%20Present&omn.&ppvpage=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&ppvtotal=89&ppvinitial=89&lob=ser&country=us&language=en&.omn&cm.&ssf=1&.cm&.c&h.&architecture=x86&bitness=64&platformVersion=10.0.0&.h&cc=USD&server=oneforms.americanexpress.com&events=event140&h1=us%7Coneamex%7Cser%7Ciforms%7Copen&c3=en&c4=US&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c19=US%7Coneamex%7Cser&c24=US%7Coneamex%7Cser%7CiForms&v27=US&c30=US%7Coneamex%7Cser%7CiForms%7Copen&c31=US&c38=US%7Coneamex%7Cser%7CiForms%7Copen&v41=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&c44=D%3Dv44&v45=prospect&c46=DLS%20Navigation&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c50=authenticated&c56=oneamex&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&c75=Launch&v75=10156722043248159620305584607496081974&v94=D%3Dagent-id&v140=UCM%3A%20en-US%7C%20docEle%3A%20en-US%7C&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%7C10156722043248159620305584607496081974; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C10156722043248159620305584607496081974%7CMCAID%7CNO
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s62158091623535?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A33%3A45%202%20-120&mid=10156722043248159620305584607496081974&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&g=https%3A%2F%2Foneforms.americanexpress.com%2FiForms%2Fopen%2FpaKycOptions_en_US%3Fpage%3D1&c.&cm.&ssf=1&.cm&omn.&identifier=iForms&element=On%20page%201%20form%20load&lob=ser&detail=page%201%20visited&.omn&.c&cc=USD&events=event141&c3=en&c4=US&v4=iForms&v5=us%3E%3EiForms%3E%3Eimpression%3E%3EOn%20page%201%20form%20load%3E%3Epage%201%20visited&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c21=iForms&c22=us%3E%3EiForms%3E%3Eimpression%3E%3EOn%20page%201%20form%20load%3E%3Epage%201%20visited&v27=US&c44=D%3Dv44&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c56=oneamex&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&v75=10156722043248159620305584607496081974&pe=lnk_o&pev2=Dynamic%20Page%20Action&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%7C10156722043248159620305584607496081974; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C10156722043248159620305584607496081974%7CMCAID%7CNONE%7CMCOPTOUT-1713281625s%7CNONE%7CvVersion%7C5.0.0; s_sess=%20s_tp%3D1022%3B%20s_ppv%3Dus%25257Coneamex%25257Cser%25257CiForms%25257Copen%25257CpaKycOptions_en_US%252C89%252C89%252C907%3B%20s_cc%3Dtrue%3B; s_pers=%20s_tslv%3D1713274425317%7C1776346425317%3B%20s_tbm%3Dtrue%7C171327
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=aRAnk+tG2VV4rGs&MD=dvu3AKno HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAZ018joKFt9ONlJduRp0qgN4q0hEVgbtyzwhNOAQGHdiJ/WvF5CgahoZEynXJhIj56iTukhgVUPTic3eRyYR66fmSTdDW3LZw/IwxowvJNO42yNYmggOVq0grbDpD4QdDBVM9tWomORZ6Yhc//Dhybj55G1bMVl6gWid3LX185%2BHPvRzCdiW7tPCZaapPO7gKeTL3oDg104em5KKXTB%2BceyTUab5TPh2hCfSfz3ROVCrQakad6ZQ37pn7Jq55%2B49mfT4CA7pYaH/XGU53tm06AVeElWzPkyU/J4Yr1r8h47zRUwOcxGjC0T6BxpX7IwaaJwfyVT2Tevj23PMjumVtDYDZgAACJApzEW9bdlTqAHCfce4H//0LkQQF0iYmZWxtt1dWvSzGNKs6NAaiIu4m%2BImJYSHXcOmZtDwUL0%2BUymlprTmxloTHEuQDijkcU5PqlrdEYhHSlVnLrvUTCnDR1vmk543DEPCdFtnaUl609OaNAQkb/e7nPcl%2B67G5Dc29nT/V8B5U9lchFW7xWqPHkQuCZA50rluvxrcN4wb18tGScFXkYUxmkRTxh93rRO8rLxlvdYWNZq5kqFskFA1QjSBfNkY3jOMCqKAaeYCUVvq2O2DG8Vic09hMubc3IxZABXSl1PjuWzKnxEYxtVO8td1XElRuZE3fMhWvRHVZ1MY3aEAtAlxR/5N3EK7zTjPwWNXdFtFPokX/X%2BIfUv4QiqoLEgN1b71FA0Gp50%2BF1wsch2c1SV4l/9L%2BGgkJjGLe5ANJP9Ov1A5bIwE7mZo0/wK3xjUQicZVES9SX1weCg1fPypsz%2ByLcBGVnr32oxtbCUtGaDIx6GQ4i1VArCR24r76ss4R%2BHjWm2FgtfEERi/x8MHiXiD9JZNn7Fg1z79isM6w2qo6CKvtYyMrM1lO7HMfUI0IcyK2AE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1713274460User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: F16DF180308E4A4591A546EFF0544AB2X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=aRAnk+tG2VV4rGs&MD=dvu3AKno HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: www.americanexpress.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: chromecache_144.1.dr, chromecache_151.1.dr	String found in binary or memory: http://feross.org
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-4454a9ef97c1c8cd89
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-bea3c9697c62409967
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-c5299abd23ef05bd6d
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-f424e4c1e880782914
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/333b39a46679/launch-df6a13efe609-staging.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/61650f53735f/launch-77374eae9c9b-staging.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/66bfa1f1c370/launch-a84bcfcd9f88-staging.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/6ea2f89ca33d/launch-25c1ded7854b-staging.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/6ea2f89ca33d/launch-ffeccfbfebd3.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/8e98299b4e37/launch-186af9da7404-staging.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/8e98299b4e37/launch-f60a62d583bd.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/8fe231718838/launch-5a77dcd96b5f-staging.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://cdaas-dev.americanexpress.com/cdaas/api/axpi/omniture/launch/1.4.9/launch-688f678fbf27-stagi
Source: chromecache_144.1.dr, chromecache_151.1.dr	String found in binary or memory: https://feross.org/opensource
Source: chromecache_131.1.dr	String found in binary or memory: https://github.com/facebook/regenerator/blob/main/LICENSE
Source: chromecache_118.1.dr, chromecache_138.1.dr, chromecache_107.1.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_144.1.dr	String found in binary or memory: https://hertzen.com
Source: chromecache_144.1.dr	String found in binary or memory: https://html2canvas.hertzen.com
Source: chromecache_134.1.dr, chromecache_123.1.dr	String found in binary or memory: https://oneforms.americanexpress.com/iForms/at-secure/paKycLanding_en_US
Source: chromecache_134.1.dr, chromecache_123.1.dr	String found in binary or memory: https://oneforms.americanexpress.com/iForms/open/paSelfKyc2_en_US
Source: chromecache_128.1.dr	String found in binary or memory: https://qwww.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/intranet/1.4.1/launch-80e343e58fb8
Source: chromecache_128.1.dr	String found in binary or memory: https://qwww.aexp-static.com/cdaas/api/axpi/omniture/launch/1.4.9/launch-688f678fbf27-staging.min.js
Source: chromecache_131.1.dr	String found in binary or memory: https://ucmapi.americanexpress.com/api/consent/ext/record/
Source: chromecache_131.1.dr	String found in binary or memory: https://ucmapi.americanexpress.com/api/consent/management/
Source: chromecache_131.1.dr	String found in binary or memory: https://ucmapi.americanexpress.com/api/v1/geo_location/check
Source: chromecache_128.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/intranet/1.4.1/launch-355955701c68.
Source: chromecache_148.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/api/axpi/omniture/launch/1.4.9/dcb19cbd6cbf/b4385da1798a/74e098123
Source: chromecache_128.1.dr, chromecache_155.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/api/axpi/omniture/launch/1.4.9/launch-b363d6c28b7c.min.js
Source: chromecache_120.1.dr, chromecache_139.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/dxt-vendor-shared-scripts/adobe-wrapper/1.6.6/adobe-wrapper.js
Source: chromecache_146.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one-tag/tagging/entrypoints/v1.43.0/entrypoint-15983.js
Source: chromecache_122.1.dr, chromecache_125.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one/one-identity-session/1.38.3/timeout.js
Source: chromecache_156.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/
Source: chromecache_154.1.dr, chromecache_145.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/qualtricsIntercept.js
Source: chromecache_110.1.dr, chromecache_102.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/user-consent-management/ucm/v1.13.0/UCM.js
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/be/fr/legal/politique-cookie.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/be/nl/legal/cookiebeleid.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/content/dam/amex/us/company/Privacy/California_Privacy_Notice.pdf
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/cz-cz/spolecnost/pravni/centrum-ochrany-osobnich-udaju/o-souborech-c
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/da-dk/selskab/legal/privatlivspolitik/angaende-cookies?showoverlay=f
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/de-at/firma/legal/datenschutz-center/cookie-informationen?showoverla
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/en-ca/company/legal/privacy-centre/about-cookies/?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/en-ca/company/legal/privacy-centre/privacy-statement/?showoverlay=fa
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/en-cz/company/legal/privacy-centre/about-cookies/?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/en-hu/company/legal/privacy-centre/about-cookies/?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/about-cookies/?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/es/legal/informacion-sobre-los-cookies.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/fi/legal/yksityisyys/cookies/index.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/fr-ca/societes/legale/centre-de-confidentialite/a-propos-des-cookies
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/fr-ca/societes/legale/centre-de-confidentialite/declaration-de-confi
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/fr/legal/about-cookies.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/germany/legal/about_cookies.shtml?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/hu-hu/ceg/jogi/adatvedelem/a-sutikrol/index.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/icc/cookies.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/italy/legal/about_cookies.shtml?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/nl/about-cookies.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/no/legal/personvern/cookies/index.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/pl-pl/firma/prawny/centrum-prywatnosci/o-ciasteczkach/?showoverlay=f
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/se/legal/sekretess/cookies/index.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/uk/legal/about-cookies.shtml?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/us/privacy-center/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.68.63:443 -> 192.168.2.17:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.68.63:443 -> 192.168.2.17:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.17:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.17:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49806 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@15/110@36/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.americanexpress.com/us/pakyc/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2008,i,11165410213512412256,6401227915527638973,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2008,i,11165410213512412256,6401227915527638973,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.9.105	www.google.com	United States	15169	GOOGLEUS	false
63.140.38.132	americanexpress.com.ssl.d2.sc.omtrdc.net	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
63.140.39.35	unknown	United States	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false

Private

IP
192.168.2.17

Contacted Domains

Name	IP	Active
d2pz9khpjpljz2.cloudfront.net	108.138.85.124	true
www.google.com	142.250.9.105	true
americanexpress.com.ssl.d2.sc.omtrdc.net	63.140.38.132	true
omns.americanexpress.com	unknown	unknown
functions.americanexpress.com	unknown	unknown
assets.adobedtm.com	unknown	unknown
iformservice.americanexpress.com	unknown	unknown
siteintercept.qualtrics.com	unknown	unknown
www.americanexpress.com	unknown	unknown
icm.aexp-static.com	unknown	unknown
lptag.liveperson.net	unknown	unknown
www.aexp-static.com	unknown	unknown
nexus.ensighten.com	unknown	unknown
oneforms.americanexpress.com	unknown	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:33:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	1747FBE3D1783CE289764D8335F930C3	38B8E346AE7258B3CA8F127091BAFCCEE6E3FF05	C4C5565A03D38017A745E96E6886205003F33EEE19B4FE74034F724CB04E1A70
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:33:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	FBBF9210BD9E81AF508F67F576E51D31	EE48587CA7CBC577B3355DE8B78E0DDF9F5FB62B	BB316B51996E0CDF6DD8CA691CCD572ECD86CEFE1BE4F44044113E552C862B98
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	930F1110D58F6EDA5202B746571C5143	34F709206D3DB156A31BF9AD7C1F3DD94F9640E2	E93A1C8E1792C8BF7897C8F31F25ECC4A400F5A7A761DE1E8FAF4D28E4A64F98
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:33:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	182BD874AB56EB48504C82A42C13DCAE	2B232D4066A518230A14159FF8ACDDDD3EE25589	6FE932B0407352D593C555B137A6B12F97A1D219C86FD546E604289593FE60ED
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:33:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	BCCA723EBBEB8BCE4F92B3727D7B8F85	8EC67311D387E043D27546B9A2410652B211004B	F924ABC2AB931E3A68C8C75F0DE79117312B54907B64F6892E28344FC6D7AD2B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 12:33:40 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	C9E51FD80B6742F21A7C24634D52BD84	869C7A2683DC04F5EC8E0078CEF8525B23442AAA	0D1B488A118F493CBF1489B43FD832058F1622E618AF74A30DD7CBD779DBD3A0
Chrome Cache Entry: 100	ASCII text, with very long lines (15984), with no line terminators	C6CCD302D5A00A34E1851C2CC4E609D4	86A93913A5EB3F803AC41BF6255E2E3FF31B609E	F1C2FDA9627351E28491AB6832E1B716B32DDD416DA7E2715F62140721866F91
Chrome Cache Entry: 101	SVG Scalable Vector Graphics image	EBBBAFAE5BDC09D7DED7CEF405413AC5	7A635ABED6420B798397C62270D2DF8B084CD8A8	C39E8554624A4B74E596D2BFA96BDD4D30DBC395532AB32E67591C0E929080E9
Chrome Cache Entry: 102	JSON data	916F4DEB59BD17DE8B5474BCCB93C39F	198C8B3A77F4647A87FFDDC549ACB82B99CB2DE3	40ED13E02BA025D1293A29A08A785179FF0B4A21F6802CB39711023FF6B915E8
Chrome Cache Entry: 103	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	974CCC6C4C6E1C7F04606973BEB3BA20	0F96F86D488A4B5805744FA067C3CFD57C928406	265D3F591D92FADFE95F4660C382EE64A23538A7353B9880434205A102833DE0
Chrome Cache Entry: 104	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	974CCC6C4C6E1C7F04606973BEB3BA20	0F96F86D488A4B5805744FA067C3CFD57C928406	265D3F591D92FADFE95F4660C382EE64A23538A7353B9880434205A102833DE0
Chrome Cache Entry: 105	ASCII text, with very long lines (65536), with no line terminators	BB4911420ED06BA38C2B8405D0DF0B87	1E9169617A346849A90947988922139D17B0F621	7B4A8E4E32FEB3F1F5C722D1D74C76CA1E5135D8CDF78152EC9182D22D1C59C1
Chrome Cache Entry: 106	ASCII text, with very long lines (6634)	11035D0E5B17C7D24618CC621868835B	FAD32FE8FC600ECCE0B068C6280093EDA0267799	F449F148911AE735D587601C573A6552193C154666AE58390ABB3517A3368719
Chrome Cache Entry: 107	Unicode text, UTF-8 text, with very long lines (45233)	E54E9062A1BF908CBD54A46D96F30DF3	FF2A5BB71810BCBCAB32457259772A5B3940B4EE	77F26C37870B9F2F423827EF89CD03B978407F2B09F705C071D4A6B632CC38ED
Chrome Cache Entry: 108	SVG Scalable Vector Graphics image	EBBBAFAE5BDC09D7DED7CEF405413AC5	7A635ABED6420B798397C62270D2DF8B084CD8A8	C39E8554624A4B74E596D2BFA96BDD4D30DBC395532AB32E67591C0E929080E9
Chrome Cache Entry: 109	SVG Scalable Vector Graphics image	F7326C6C49F49371982DB46383885A3B	BD62DECE6F43AE1A82271E19C9850D152454468B	7066A1BD1FC62016F82E111B3A3253BB0306D9E5F69BCBBCFBDFC20BDDADB640
Chrome Cache Entry: 110	JSON data	916F4DEB59BD17DE8B5474BCCB93C39F	198C8B3A77F4647A87FFDDC549ACB82B99CB2DE3	40ED13E02BA025D1293A29A08A785179FF0B4A21F6802CB39711023FF6B915E8
Chrome Cache Entry: 111	SVG Scalable Vector Graphics image	7C6C3493F958764FD6B2A550A98AB676	0D89801FF7089BCFDDDA2F22AB37DA7155948FF7	56B8E90244C34621E294D3357EDFEF9A1467E501773ED21B25DC6367AB3D7803
Chrome Cache Entry: 112	Unicode text, UTF-8 text, with very long lines (36630)	4D934616023DCBA2D1C1D6A9739495D5	4C117BD694A7E757E4336D96EE290DBDB51E7831	FC1074A620037AC3A3A8DFC1D42856938B371D4E63E9B8ECD783CECBB3213B9B
Chrome Cache Entry: 113	ASCII text, with no line terminators	251ADC649EFBFBD154FAADFA6432C6FB	03767513EFB478E0804DC95E8CF8AB7361904479	E6F48C54E0C4880C8D11AA153EA798B5386CC3989B440DDDA26B6B128EDC7FBE
Chrome Cache Entry: 114	ASCII text, with very long lines (15184), with no line terminators	960E42553EE034758219FD21EAE36774	6EBB9FBD36BC1C656E9B14C85C7FC46CD42AE65F	01668730D8FCA1FEBF2236526DF686405139FFB54BED11F7311B1F5D6F53BC60
Chrome Cache Entry: 115	SVG Scalable Vector Graphics image	56ADDBA553083EB384B100CBB7E8632F	F718526F1EF720E5D361536615595D5BFC3C9688	5E60A20DA0F769A6260D4ED755D615DA930B87C62436F807A6FF32D000017D18
Chrome Cache Entry: 116	SVG Scalable Vector Graphics image	D97D46FE48D19D2C4F236B9A2CFEE5F3	A164F3588BB4B601C472461A24A6EEC265BCF8C8	028F643755987211BF2F3ADD6C62AE1870A888CF2F4FE3040A4FAC7DCE2543AB
Chrome Cache Entry: 117	Web Open Font Format, TrueType, length 37153, version 1.0	C0E3B5653C803F69C05862736A765E4A	4AE2328614D48C62388C8409CBD1D9E7B5D4DFDA	48050D8EEB740BB31AAAD9EB82BCD4A493B474C9385EEDA5FC2CA2EA279CFFAD
Chrome Cache Entry: 118	ASCII text, with very long lines (65536), with no line terminators	6F37DE5318936C257E273E5AA99702F0	05B30223708553E1E63C5CBE300EF44EE7D69CEC	01F469EC742E0A6CB26EC2721D5B80575A7ACA9676C8D26E7D8FC85BE47A02E5
Chrome Cache Entry: 119	JSON data	0B50EF449E4F7E2F144227475599FE01	669B5FC411E5ADB05A71A56A6F6BE28606622642	FC0EE9476197548DBFB6314915F5E97A80D1983E7DD441572CA23771F351A5C5
Chrome Cache Entry: 120	JSON data	8BF46C197704989FDE486CE5ED850F55	423A97F9A922D0D0AEC5686A09D9D47338CF33C7	2672ADE62E67E5A4B923D63F058BBBA1761B5828EE4947F9D898EA462F848A3F
Chrome Cache Entry: 121	ASCII text, with no line terminators	C3295ABE9DCA3935EBF6EEABD6E8B7A5	BE06F58E051B7A544333A13E971765B1FBA29BDE	53B28D3040D42A0F9330149CCA113A715451ABB33A6FD8EC93EB06E9A470F8C6
Chrome Cache Entry: 122	JSON data	B6CEE86A96644943DDAC571EBE1CC852	83808E10F2D6753E2A4567A0D3371362C2B676CF	6B6547C3D2BCC0BE2BC211C334A40DEC4014B2ED1FBFD37AADCBFF99548F901B
Chrome Cache Entry: 123	Generic INItialization configuration []	C1449D2568ACE2693AC9E77127F44950	143AA1B710FDC6C153CC1D4E58A2CC342FBA2AFC	C8CD53C3B419249755C757D058DAEBEAC40A3597A923FCBBA60EFC0CE242C7B2
Chrome Cache Entry: 124	ASCII text, with very long lines (41563), with no line terminators	055F7DFC98A0FEAFB64849C0B3F8CF00	270B19DB02D34A10E5CFA4A85E20DF891B858B83	0BEF20665559ABFF909F34959125D98FE735812E5825F1A5C46259C826B9FCA2
Chrome Cache Entry: 125	JSON data	B6CEE86A96644943DDAC571EBE1CC852	83808E10F2D6753E2A4567A0D3371362C2B676CF	6B6547C3D2BCC0BE2BC211C334A40DEC4014B2ED1FBFD37AADCBFF99548F901B
Chrome Cache Entry: 126	SVG Scalable Vector Graphics image	78AF472D7F07AACD83D8E224C119950A	B04F7889C9277106B40EF90B7B19C1091884D876	FC69234936C0DF004440641A5DF9EE1E3C3532DF5780984F0F636E85E8788519
Chrome Cache Entry: 127	ASCII text, with very long lines (8951), with no line terminators	0A02B6FF3E99F83F160BEC00CD366856	6C5392C46DDE0F21635E12BF3EFE93540B0DCCE6	D9BF8162599D770B24E927BB63C9A729013172B9E57BED674A2CDE3031C50458
Chrome Cache Entry: 128	ASCII text, with very long lines (3960)	695D125ACCD65C79295710518B5A0044	CD8E5670358F9CECC242C0C8A9F1509740EF42C4	084DD46DC302D2047631A5B788A4ACA672CCCA4D44092B861F0C3899F1439D09
Chrome Cache Entry: 129	ASCII text, with very long lines (65536), with no line terminators	90E43DB0F3215BFBE7229E9E2284297D	76E20AFAE485273F95AC8A72B3CBE30CD3225AEA	14C04247D19F6A4D916E4692C7B4945C0E5B6C5CD29EC85F3DBB36F9F121C63D
Chrome Cache Entry: 130	SVG Scalable Vector Graphics image	D97D46FE48D19D2C4F236B9A2CFEE5F3	A164F3588BB4B601C472461A24A6EEC265BCF8C8	028F643755987211BF2F3ADD6C62AE1870A888CF2F4FE3040A4FAC7DCE2543AB
Chrome Cache Entry: 131	Unicode text, UTF-8 text, with very long lines (41211), with LF, NEL line terminators	57AE1D958042CC8EC2AA3013918E0ABB	823F22D5C41EC934D5E8ECB9F07D21EA0F7E4D23	9E132670E82B75096193AA981F828376B85B3F9002F2ED24EC2CF0109743B182
Chrome Cache Entry: 132	JSON data	A98C547494F050CF2F675AE10B22516A	8DA2D4B7360B3F627198F2248C4083363E908D14	9001BF621868909AEF7C7A9120DFF21496F1BF86E7CDF40948D3E23B288C155E
Chrome Cache Entry: 133	Unicode text, UTF-8 text, with very long lines (61600)	52BC6482CB246A3FF69FCDB18E4E9116	FDFE8BA31136DFF4BFA06B508EFC23407CFDC08C	782530C1D658C24A44D4459A3C2CF33D819241E0C56EF8670267243E1F737B7C
Chrome Cache Entry: 134	Generic INItialization configuration []	C1449D2568ACE2693AC9E77127F44950	143AA1B710FDC6C153CC1D4E58A2CC342FBA2AFC	C8CD53C3B419249755C757D058DAEBEAC40A3597A923FCBBA60EFC0CE242C7B2
Chrome Cache Entry: 135	ASCII text, with no line terminators	4FE778B72E4E3D0930E27EA469142912	F4FED25E4141D6F34544D8592748600A9C14CC2C	1C0CEDD9344EBA764D5D842050767745FA35E47312A6AB2459C426D39C9FC25F
Chrome Cache Entry: 136	JSON data	88E2E5168022B27D574DA2CDA2CF23B0	1418728CB56B2D08051D8AD71E398D2DAB99CEFA	ED6B4F997A11DA7D338CEA6951AFC89F2BAEDB886CE54A48A2AE421C6BBB4DC6
Chrome Cache Entry: 137	SVG Scalable Vector Graphics image	F7326C6C49F49371982DB46383885A3B	BD62DECE6F43AE1A82271E19C9850D152454468B	7066A1BD1FC62016F82E111B3A3253BB0306D9E5F69BCBBCFBDFC20BDDADB640
Chrome Cache Entry: 138	ASCII text, with very long lines (31804)	E1E62C6FD480104C6672A9BAD6E7EFAD	6273392F6FD4115102A57018C4AD64783D2DB529	80CF3A4E8105ECBB5C12B2C40E2585905234601CBB9866EE076FDC5360A0A145
Chrome Cache Entry: 139	JSON data	8BF46C197704989FDE486CE5ED850F55	423A97F9A922D0D0AEC5686A09D9D47338CF33C7	2672ADE62E67E5A4B923D63F058BBBA1761B5828EE4947F9D898EA462F848A3F
Chrome Cache Entry: 140	Web Open Font Format, TrueType, length 57172, version 1.0	6A27307AA65B3E8F24402FA54D248602	EF1F66FEC37527543C028832DAD394DE0A783A11	F3396806C86925CA53EC5C1F36403584BE824E7C571462DDC1CBCF2CAADB4488
Chrome Cache Entry: 141	SVG Scalable Vector Graphics image	56ADDBA553083EB384B100CBB7E8632F	F718526F1EF720E5D361536615595D5BFC3C9688	5E60A20DA0F769A6260D4ED755D615DA930B87C62436F807A6FF32D000017D18
Chrome Cache Entry: 142	JSON data	C41FC3BAE52AF4FC4E9CC969DF43EC24	53FBA47D8B350D1B982473686EECA2FBBA798F0D	98F4B327ED0FD6B3E900E4CA60438D1E84DDA979774F209C789243066673DD76
Chrome Cache Entry: 143	Unicode text, UTF-8 text, with very long lines (3256), with no line terminators	54E3C7D0D780719CAD234DEDB2E604C5	25194655AD1CD50C019D95F65B4AF1B1F983AE42	46FAD9AEB66AC3BAF2E8EACF596E710EEA39B0C8AED83D9B09D1CAAB3CCA72D3
Chrome Cache Entry: 144	ASCII text, with very long lines (65536), with no line terminators	20758C2025246030146ED7D0EF799186	D348E44441842FB9EAF5CF44A71442ECEE27069D	AB3744EA61C445DEB637E1CE4FADEE61D72AAC256C748A63DABF2F20F4EBCB0B
Chrome Cache Entry: 145	JSON data	65BE367FFE272ED2D34889BF7EE53263	EA28802282CB61E59A6469CC1393F50422EC91F5	E4975BE7A823EE4FF14C61A92F0232C2D1D89DD9B441139110EC0422836E3C2F
Chrome Cache Entry: 146	JSON data	A98C547494F050CF2F675AE10B22516A	8DA2D4B7360B3F627198F2248C4083363E908D14	9001BF621868909AEF7C7A9120DFF21496F1BF86E7CDF40948D3E23B288C155E
Chrome Cache Entry: 147	SVG Scalable Vector Graphics image	7C6C3493F958764FD6B2A550A98AB676	0D89801FF7089BCFDDDA2F22AB37DA7155948FF7	56B8E90244C34621E294D3357EDFEF9A1467E501773ED21B25DC6367AB3D7803
Chrome Cache Entry: 148	ASCII text, with very long lines (32092), with CRLF line terminators	289D5AC7BC28C5DBCED03A38D2D59420	6162CC0200EFEADE667EF660E81053B404CB0A0C	EDE20A36B682BB11E6705DB547356DF875EB07B93A1AB64AE47C705F9CA24816
Chrome Cache Entry: 149	ASCII text, with very long lines (20686), with no line terminators	AC337192B3E6CB0E98D2FBBA8177D4E3	0953BE941F50ABB980EB352047D4E12C0325B0E0	C9A40A96BF3298A046FBB01A8E61C9AF688A8C8FD8559703C08AD225C30A4703
Chrome Cache Entry: 150	JSON data	88E2E5168022B27D574DA2CDA2CF23B0	1418728CB56B2D08051D8AD71E398D2DAB99CEFA	ED6B4F997A11DA7D338CEA6951AFC89F2BAEDB886CE54A48A2AE421C6BBB4DC6
Chrome Cache Entry: 151	Unicode text, UTF-8 text, with very long lines (65136), with no line terminators	19A75775CC137089A9644F8051199AC8	B26900BE955B0CDEF42D4218FA5F6491A96AAC2F	1A7391B8F629B696FB5FAB606ACDDF06D9E51CB6A227C41A82DB2EE989E6DF25
Chrome Cache Entry: 152	SVG Scalable Vector Graphics image	78AF472D7F07AACD83D8E224C119950A	B04F7889C9277106B40EF90B7B19C1091884D876	FC69234936C0DF004440641A5DF9EE1E3C3532DF5780984F0F636E85E8788519
Chrome Cache Entry: 153	SVG Scalable Vector Graphics image	56ADDBA553083EB384B100CBB7E8632F	F718526F1EF720E5D361536615595D5BFC3C9688	5E60A20DA0F769A6260D4ED755D615DA930B87C62436F807A6FF32D000017D18
Chrome Cache Entry: 154	JSON data	65BE367FFE272ED2D34889BF7EE53263	EA28802282CB61E59A6469CC1393F50422EC91F5	E4975BE7A823EE4FF14C61A92F0232C2D1D89DD9B441139110EC0422836E3C2F
Chrome Cache Entry: 155	ASCII text, with very long lines (31923), with CRLF line terminators	4BCA4EA1CEEA06EF75AF710832B239A0	F310BED2271FDCD0BA7A962E75769D8BCE286DE4	8D87473C8E2D25564D0BB02751D779E97B48B0FB61B898DC5BE4B6AF57C0B298
Chrome Cache Entry: 156	ASCII text, with very long lines (2693), with no line terminators	3C6742374D4A35EA65CF09C23BFB6097	C79F2953D08F9FEB221713147BB27A2BFB19D77F	41029EA4BA33803A2F020354931D35EA37A6EADE8D9936EA134718F4F24BE935
Chrome Cache Entry: 97	Unicode text, UTF-8 text, with very long lines (40350), with NEL line terminators	B4B6783BBEDA4FBFA2924B6D701E0EB7	1305021333694703674EDAD6F4A0C48E1BAF3102	1993D483DE6AC6F9D818408DFC8C2CF53361154E406551F1018BD707AF3CC460
Chrome Cache Entry: 98	ASCII text, with very long lines (65536), with no line terminators	174146B970EAB220DD273E3EDC12075F	2847931C4FD49F2F1E4A47CAAA1BB9B94D12238D	1C2DC7E9DDD11C277666EF692B89E2FB954916B34AD7DB28D64772FFF9747016
Chrome Cache Entry: 99	SVG Scalable Vector Graphics image	56ADDBA553083EB384B100CBB7E8632F	F718526F1EF720E5D361536615595D5BFC3C9688	5E60A20DA0F769A6260D4ED755D615DA930B87C62436F807A6FF32D000017D18

HTML body with high number of embedded images detected

Source: https://oneforms.americanexpress.com/iForms/open/paKycOptions_en_US?page=1

HTTP Parser: Total embedded image size: 15766

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.68.63:443 -> 192.168.2.17:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.68.63:443 -> 192.168.2.17:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.17:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.17:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49806 version: TLS 1.2

HTTP GET or POST without a user agent

Source: global traffic

Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 184.30.122.249
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.222.123
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63
Source: unknown	TCP traffic detected without corresponding DNS query: 23.36.68.63

Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.0.0&d_fieldgroup=A&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&mid=10156722043248159620305584607496081974&ts=1713274424642 HTTP/1.1Host: omns.americanexpress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: https://oneforms.americanexpress.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C10156722043248159620305584607496081974%7CvVersion%7C5.0.0
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.0.0&d_fieldgroup=A&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&mid=10156722043248159620305584607496081974&ts=1713274424642 HTTP/1.1Host: omns.americanexpress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%7C10156722043248159620305584607496081974; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C10156722043248159620305584607496081974%7CMCAID%7CNONE%7CvVersion%7C5.0.0
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s65150841158414?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A33%3A45%202%20-120&mid=10156722043248159620305584607496081974&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&g=https%3A%2F%2Foneforms.americanexpress.com%2FiForms%2Fopen%2FpaKycOptions_en_US%3Fpage%3D1&c.&visitorCheck=VisitorAPI%20Present&cm.&ssf=1&.cm&omn.&lob=ser&country=us&language=en&.omn&.c&h.&architecture=x86&bitness=64&platformVersion=10.0.0&.h&cc=USD&server=oneforms.americanexpress.com&events=event140&h1=us%7Coneamex%7Cser%7Ciforms%7Copen&c3=en&c4=US&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c19=US%7Coneamex%7Cser&c24=US%7Coneamex%7Cser%7CiForms&v27=US&c30=US%7Coneamex%7Cser%7CiForms%7Copen&c31=US&c38=US%7Coneamex%7Cser%7CiForms%7Copen&c43=New%20Visitor&c44=D%3Dv44&v45=prospect&c46=DLS%20Navigation&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c50=authenticated&c56=oneamex&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&c75=Launch&v75=10156722043248159620305584607496081974&v94=D%3Dagent-id&v140=UCM%3A%20en-US%7C%20docEle%3A%20en-US%7C&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%7C10156722043248159620305584607496081974; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=8700
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s65150841158414?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A33%3A45%202%20-120&mid=10156722043248159620305584607496081974&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&g=https%3A%2F%2Foneforms.americanexpress.com%2FiForms%2Fopen%2FpaKycOptions_en_US%3Fpage%3D1&c.&visitorCheck=VisitorAPI%20Present&cm.&ssf=1&.cm&omn.&lob=ser&country=us&language=en&.omn&.c&h.&architecture=x86&bitness=64&platformVersion=10.0.0&.h&cc=USD&server=oneforms.americanexpress.com&events=event140&h1=us%7Coneamex%7Cser%7Ciforms%7Copen&c3=en&c4=US&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c19=US%7Coneamex%7Cser&c24=US%7Coneamex%7Cser%7CiForms&v27=US&c30=US%7Coneamex%7Cser%7CiForms%7Copen&c31=US&c38=US%7Coneamex%7Cser%7CiForms%7Copen&c43=New%20Visitor&c44=D%3Dv44&v45=prospect&c46=DLS%20Navigation&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c50=authenticated&c56=oneamex&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&c75=Launch&v75=10156722043248159620305584607496081974&v94=D%3Dagent-id&v140=UCM%3A%20en-US%7C%20docEle%3A%20en-US%7C&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%7C10156722043248159620305584607496081974; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C10156722043248159620305584607496081974%7CMCAID%7CNONE%7CMCOPTOUT-1713281625s%7CNONE%7CvVersion%7C5.0.0; s_sess=%20s_tp%3D1022%3B%20s_ppv%3Dus%25257Coneamex%25257Cser%25257CiForms%2525
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s66786050574872?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A33%3A45%202%20-120&mid=10156722043248159620305584607496081974&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&g=https%3A%2F%2Foneforms.americanexpress.com%2FiForms%2Fopen%2FpaKycOptions_en_US%3Fpage%3D1&c.&visitorCheck=VisitorAPI%20Present&omn.&ppvpage=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&ppvtotal=89&ppvinitial=89&lob=ser&country=us&language=en&.omn&cm.&ssf=1&.cm&.c&h.&architecture=x86&bitness=64&platformVersion=10.0.0&.h&cc=USD&server=oneforms.americanexpress.com&events=event140&h1=us%7Coneamex%7Cser%7Ciforms%7Copen&c3=en&c4=US&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c19=US%7Coneamex%7Cser&c24=US%7Coneamex%7Cser%7CiForms&v27=US&c30=US%7Coneamex%7Cser%7CiForms%7Copen&c31=US&c38=US%7Coneamex%7Cser%7CiForms%7Copen&v41=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&c44=D%3Dv44&v45=prospect&c46=DLS%20Navigation&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c50=authenticated&c56=oneamex&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&c75=Launch&v75=10156722043248159620305584607496081974&v94=D%3Dagent-id&v140=UCM%3A%20en-US%7C%20docEle%3A%20en-US%7C&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s62158091623535?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A33%3A45%202%20-120&mid=10156722043248159620305584607496081974&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&g=https%3A%2F%2Foneforms.americanexpress.com%2FiForms%2Fopen%2FpaKycOptions_en_US%3Fpage%3D1&c.&cm.&ssf=1&.cm&omn.&identifier=iForms&element=On%20page%201%20form%20load&lob=ser&detail=page%201%20visited&.omn&.c&cc=USD&events=event141&c3=en&c4=US&v4=iForms&v5=us%3E%3EiForms%3E%3Eimpression%3E%3EOn%20page%201%20form%20load%3E%3Epage%201%20visited&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c21=iForms&c22=us%3E%3EiForms%3E%3Eimpression%3E%3EOn%20page%201%20form%20load%3E%3Epage%201%20visited&v27=US&c44=D%3Dv44&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c56=oneamex&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&v75=10156722043248159620305584607496081974&pe=lnk_o&pev2=Dynamic%20Page%20Action&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%7C10156722043248159620305584607496081974; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C10156722043248159620305584607496081974%7CMCAID%7CNONE%7CMCOPTOUT-1713281625s%7CNONE%7CvVersion%7C5.0.0; s_sess=%20s_tp%3D1022%3B%20s_p
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s66786050574872?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A33%3A45%202%20-120&mid=10156722043248159620305584607496081974&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&g=https%3A%2F%2Foneforms.americanexpress.com%2FiForms%2Fopen%2FpaKycOptions_en_US%3Fpage%3D1&c.&visitorCheck=VisitorAPI%20Present&omn.&ppvpage=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&ppvtotal=89&ppvinitial=89&lob=ser&country=us&language=en&.omn&cm.&ssf=1&.cm&.c&h.&architecture=x86&bitness=64&platformVersion=10.0.0&.h&cc=USD&server=oneforms.americanexpress.com&events=event140&h1=us%7Coneamex%7Cser%7Ciforms%7Copen&c3=en&c4=US&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c19=US%7Coneamex%7Cser&c24=US%7Coneamex%7Cser%7CiForms&v27=US&c30=US%7Coneamex%7Cser%7CiForms%7Copen&c31=US&c38=US%7Coneamex%7Cser%7CiForms%7Copen&v41=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&c44=D%3Dv44&v45=prospect&c46=DLS%20Navigation&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c50=authenticated&c56=oneamex&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&c75=Launch&v75=10156722043248159620305584607496081974&v94=D%3Dagent-id&v140=UCM%3A%20en-US%7C%20docEle%3A%20en-US%7C&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%7C10156722043248159620305584607496081974; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C10156722043248159620305584607496081974%7CMCAID%7CNO
Source: global traffic	HTTP traffic detected: GET /b/ss/amexpressenterpriseprod/1/JS-2.23.0-LDQM/s62158091623535?AQB=1&ndh=1&pf=1&t=16%2F3%2F2024%2015%3A33%3A45%202%20-120&mid=10156722043248159620305584607496081974&ce=UTF-8&cl=34128000&pageName=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&g=https%3A%2F%2Foneforms.americanexpress.com%2FiForms%2Fopen%2FpaKycOptions_en_US%3Fpage%3D1&c.&cm.&ssf=1&.cm&omn.&identifier=iForms&element=On%20page%201%20form%20load&lob=ser&detail=page%201%20visited&.omn&.c&cc=USD&events=event141&c3=en&c4=US&v4=iForms&v5=us%3E%3EiForms%3E%3Eimpression%3E%3EOn%20page%201%20form%20load%3E%3Epage%201%20visited&c6=D%3Dv6&c10=prospect&c12=D%3Dv12&c14=D%3Dv14&c15=D%3Dv15&c16=D%3Dv16&c21=iForms&c22=us%3E%3EiForms%3E%3Eimpression%3E%3EOn%20page%201%20form%20load%3E%3Epage%201%20visited&v27=US&c44=D%3Dv44&c49=Launch-OneAmex%3Av1.4.9-AM%3A2.23.0-VISID%3A5.0.0-DIL%3ANA-SS%3AY-msuite%3Atrue-PD%3A2024-04-03&c56=oneamex&c64=D%3Dv64&c65=D%3Dv65&c67=D%3Dv67&c69=D%3Dv69&v74=us%7Coneamex%7Cser%7CiForms%7Copen%7CpaKycOptions_en_US&v75=10156722043248159620305584607496081974&pe=lnk_o&pev2=Dynamic%20Page%20Action&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1 HTTP/1.1Host: omns.americanexpress.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: agent-id=37788017-6d8c-40c0-b907-7d0c51c59294; _abck=CD668B8AC8490496902A17437D90DE0B~-1~YAAQUGgBF+U+8dWOAQAAIfwc5wskFUJ9IC78PnrJsuJwpjstryDKWUoiCPDRakQWEz1chgoKthBmk9WPVpZZgjVUAywhEeF5r0VKHro7V8uL1eJY++H9hoRD7QkkHdgZeSI9TESMFQkR8bdY0Fcik3jjbD2e6oIicLGFjB3UpEi1RTGwOJSHoIoXuBfmO7eVzfWnI5uhTj7vCq/DeFAIFOZ95w/rE5i25uO/DF1wksONEhc33QJtOkIA7yyVOn4RJFAqLavNiRJMEfHTlcMzXzZFpMyQVSy5feYf1ejuzsHLb5TbftUnOxZIp17YhPpZdjRrFdERF9uw5DuY/H2SDo1m/P9A9PAYgT/b/m/M3IqoQRr6HaospK2Oe88ChgUjg8uc9Ys=~-1~-1~-1; bm_sz=C650B8EA0335EA14B32869312432139B~YAAQUGgBF+Y+8dWOAQAAIfwc5xe7DcAr8t3oxIUU12i438zDrgbcv9XBGUAg9DYij95YlkOPMVIoaAZAk+WAdBw5TS2WIbDQBRmVXPPuOs1yx8/C4nLhtD9V9JXaItuOOCQzcLi4VhuvyLQu6PZTsv/FS8vAlM84f6WL2jJkXqws7sC+mcLz8HDMaxxtYop21iYTHEUtU01k5M4vOsM4Db2jRuw2HQWz/YnSB3ePwzc2776r3vRp3QpJkT+cUlxq4z/uFSz6QWATpmAR5ftfQkEc9FGUa3Y1naf2UHAD3vEoH1Zkp8qd016eTMxr327aRmYz7TFsNig+1u9FRwku4Qb68f7Yu2sLFsH0Gn/DqIWCMX2/qMGht8jDcYfg+CTElEJuuMtjsMvePiiJ~3294516~4602160; axplocale=en-US; s_ecid=MCMID%7C10156722043248159620305584607496081974; AMCVS_5C36123F5245AF470A490D45%40AdobeOrg=1; AMCV_5C36123F5245AF470A490D45%40AdobeOrg=870038026%7CMCMID%7C10156722043248159620305584607496081974%7CMCAID%7CNONE%7CMCOPTOUT-1713281625s%7CNONE%7CvVersion%7C5.0.0; s_sess=%20s_tp%3D1022%3B%20s_ppv%3Dus%25257Coneamex%25257Cser%25257CiForms%25257Copen%25257CpaKycOptions_en_US%252C89%252C89%252C907%3B%20s_cc%3Dtrue%3B; s_pers=%20s_tslv%3D1713274425317%7C1776346425317%3B%20s_tbm%3Dtrue%7C171327
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=aRAnk+tG2VV4rGs&MD=dvu3AKno HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAZ018joKFt9ONlJduRp0qgN4q0hEVgbtyzwhNOAQGHdiJ/WvF5CgahoZEynXJhIj56iTukhgVUPTic3eRyYR66fmSTdDW3LZw/IwxowvJNO42yNYmggOVq0grbDpD4QdDBVM9tWomORZ6Yhc//Dhybj55G1bMVl6gWid3LX185%2BHPvRzCdiW7tPCZaapPO7gKeTL3oDg104em5KKXTB%2BceyTUab5TPh2hCfSfz3ROVCrQakad6ZQ37pn7Jq55%2B49mfT4CA7pYaH/XGU53tm06AVeElWzPkyU/J4Yr1r8h47zRUwOcxGjC0T6BxpX7IwaaJwfyVT2Tevj23PMjumVtDYDZgAACJApzEW9bdlTqAHCfce4H//0LkQQF0iYmZWxtt1dWvSzGNKs6NAaiIu4m%2BImJYSHXcOmZtDwUL0%2BUymlprTmxloTHEuQDijkcU5PqlrdEYhHSlVnLrvUTCnDR1vmk543DEPCdFtnaUl609OaNAQkb/e7nPcl%2B67G5Dc29nT/V8B5U9lchFW7xWqPHkQuCZA50rluvxrcN4wb18tGScFXkYUxmkRTxh93rRO8rLxlvdYWNZq5kqFskFA1QjSBfNkY3jOMCqKAaeYCUVvq2O2DG8Vic09hMubc3IxZABXSl1PjuWzKnxEYxtVO8td1XElRuZE3fMhWvRHVZ1MY3aEAtAlxR/5N3EK7zTjPwWNXdFtFPokX/X%2BIfUv4QiqoLEgN1b71FA0Gp50%2BF1wsch2c1SV4l/9L%2BGgkJjGLe5ANJP9Ov1A5bIwE7mZo0/wK3xjUQicZVES9SX1weCg1fPypsz%2ByLcBGVnr32oxtbCUtGaDIx6GQ4i1VArCR24r76ss4R%2BHjWm2FgtfEERi/x8MHiXiD9JZNn7Fg1z79isM6w2qo6CKvtYyMrM1lO7HMfUI0IcyK2AE%3D%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1713274460User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: F16DF180308E4A4591A546EFF0544AB2X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=aRAnk+tG2VV4rGs&MD=dvu3AKno HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: www.americanexpress.com

Source: unknown

Source: chromecache_144.1.dr, chromecache_151.1.dr	String found in binary or memory: http://feross.org
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-4454a9ef97c1c8cd89
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-bea3c9697c62409967
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-c5299abd23ef05bd6d
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-f424e4c1e880782914
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/333b39a46679/launch-df6a13efe609-staging.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/61650f53735f/launch-77374eae9c9b-staging.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/66bfa1f1c370/launch-a84bcfcd9f88-staging.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/6ea2f89ca33d/launch-25c1ded7854b-staging.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/6ea2f89ca33d/launch-ffeccfbfebd3.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/8e98299b4e37/launch-186af9da7404-staging.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/8e98299b4e37/launch-f60a62d583bd.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://assets.adobedtm.com/dcb19cbd6cbf/8fe231718838/launch-5a77dcd96b5f-staging.min.js
Source: chromecache_128.1.dr	String found in binary or memory: https://cdaas-dev.americanexpress.com/cdaas/api/axpi/omniture/launch/1.4.9/launch-688f678fbf27-stagi
Source: chromecache_144.1.dr, chromecache_151.1.dr	String found in binary or memory: https://feross.org/opensource
Source: chromecache_131.1.dr	String found in binary or memory: https://github.com/facebook/regenerator/blob/main/LICENSE
Source: chromecache_118.1.dr, chromecache_138.1.dr, chromecache_107.1.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_144.1.dr	String found in binary or memory: https://hertzen.com
Source: chromecache_144.1.dr	String found in binary or memory: https://html2canvas.hertzen.com
Source: chromecache_134.1.dr, chromecache_123.1.dr	String found in binary or memory: https://oneforms.americanexpress.com/iForms/at-secure/paKycLanding_en_US
Source: chromecache_134.1.dr, chromecache_123.1.dr	String found in binary or memory: https://oneforms.americanexpress.com/iForms/open/paSelfKyc2_en_US
Source: chromecache_128.1.dr	String found in binary or memory: https://qwww.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/intranet/1.4.1/launch-80e343e58fb8
Source: chromecache_128.1.dr	String found in binary or memory: https://qwww.aexp-static.com/cdaas/api/axpi/omniture/launch/1.4.9/launch-688f678fbf27-staging.min.js
Source: chromecache_131.1.dr	String found in binary or memory: https://ucmapi.americanexpress.com/api/consent/ext/record/
Source: chromecache_131.1.dr	String found in binary or memory: https://ucmapi.americanexpress.com/api/consent/management/
Source: chromecache_131.1.dr	String found in binary or memory: https://ucmapi.americanexpress.com/api/v1/geo_location/check
Source: chromecache_128.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/intranet/1.4.1/launch-355955701c68.
Source: chromecache_148.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/api/axpi/omniture/launch/1.4.9/dcb19cbd6cbf/b4385da1798a/74e098123
Source: chromecache_128.1.dr, chromecache_155.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/api/axpi/omniture/launch/1.4.9/launch-b363d6c28b7c.min.js
Source: chromecache_120.1.dr, chromecache_139.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/dxt-vendor-shared-scripts/adobe-wrapper/1.6.6/adobe-wrapper.js
Source: chromecache_146.1.dr, chromecache_132.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one-tag/tagging/entrypoints/v1.43.0/entrypoint-15983.js
Source: chromecache_122.1.dr, chromecache_125.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one/one-identity-session/1.38.3/timeout.js
Source: chromecache_156.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/
Source: chromecache_154.1.dr, chromecache_145.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/one/qualtrics/1.71.0/qualtricsIntercept.js
Source: chromecache_110.1.dr, chromecache_102.1.dr	String found in binary or memory: https://www.aexp-static.com/cdaas/user-consent-management/ucm/v1.13.0/UCM.js
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/be/fr/legal/politique-cookie.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/be/nl/legal/cookiebeleid.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/content/dam/amex/us/company/Privacy/California_Privacy_Notice.pdf
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/cz-cz/spolecnost/pravni/centrum-ochrany-osobnich-udaju/o-souborech-c
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/da-dk/selskab/legal/privatlivspolitik/angaende-cookies?showoverlay=f
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/de-at/firma/legal/datenschutz-center/cookie-informationen?showoverla
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/en-ca/company/legal/privacy-centre/about-cookies/?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/en-ca/company/legal/privacy-centre/privacy-statement/?showoverlay=fa
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/en-cz/company/legal/privacy-centre/about-cookies/?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/en-hu/company/legal/privacy-centre/about-cookies/?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/about-cookies/?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/es/legal/informacion-sobre-los-cookies.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/fi/legal/yksityisyys/cookies/index.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/fr-ca/societes/legale/centre-de-confidentialite/a-propos-des-cookies
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/fr-ca/societes/legale/centre-de-confidentialite/declaration-de-confi
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/fr/legal/about-cookies.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/germany/legal/about_cookies.shtml?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/hu-hu/ceg/jogi/adatvedelem/a-sutikrol/index.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/icc/cookies.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/italy/legal/about_cookies.shtml?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/nl/about-cookies.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/no/legal/personvern/cookies/index.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/pl-pl/firma/prawny/centrum-prywatnosci/o-ciasteczkach/?showoverlay=f
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/se/legal/sekretess/cookies/index.html?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/uk/legal/about-cookies.shtml?showoverlay=false
Source: chromecache_131.1.dr	String found in binary or memory: https://www.americanexpress.com/us/privacy-center/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.68.63:443 -> 192.168.2.17:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.36.68.63:443 -> 192.168.2.17:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.17:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.29.9:443 -> 192.168.2.17:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49802 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49806 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@15/110@36/5

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.americanexpress.com/us/pakyc/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2008,i,11165410213512412256,6401227915527638973,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=2008,i,11165410213512412256,6401227915527638973,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1426764
Product:	CloudBasic
Start time:	15:33:12
Start date:	16.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://www.americanexpress.com/us/pakyc/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report http://www.americanexpress.com/us/pakyc/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Windows Analysis Report
http://www.americanexpress.com/us/pakyc/