Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
FW_ RE_ Financials for Krohns Appliance (#Ud83d#Udceb Action Required).msg

Overview

General Information

Sample name:FW_ RE_ Financials for Krohns Appliance (#Ud83d#Udceb Action Required).msg
renamed because original name is a hash value
Original sample name:FW_ RE_ Financials for Krohns Appliance ( Action Required).msg
Analysis ID:1628392
MD5:916348269c0b40b60980f1966ea42a8e
SHA1:cc36a87863453320809f6d51d97b128e38436618
SHA256:f3d3111dffef11055c746b67e9608e2f7d094a86fbca295cc5607e808e50f4ed
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected suspicious elements in Email content
HTML body contains low number of good links
HTML body contains password input but no form action
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 5892 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ RE_ Financials for Krohns Appliance (#Ud83d#Udceb Action Required).msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6240 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D9C1F8ED-5BB4-4034-87C3-D676F2F5F098" "10A60071-035E-4BEC-8CE2-1058332984DC" "5892" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://clicktime.cloud.postoffice.net/clicktime.php?U=https://info.sparkpost.com/f/a/CNyCkSwPajmKPIoolVaUPA%7E%7E/AAAAfRA%7E/d_X8jMGpgsxcQOgfoVgtCicTQGe89dcNY2qTo8bQ7BXR95MyCRYFUQj_85HYgaSTlAa45C0eYoREfkFG1qHHfxjKOD9KKltKqXqUReEB5he8XaeOCC6zKcCgfVQ41qTTCJsc_gE9JAd-ijYqgkYi1yybLhuLgmiC1fkvpM01TCBtzPkoXQEvMjXjrSfRZtS2-OCkz2njdcoTlnySjyZPCnrtVmhcTnTk3r97AyYrk74NreVxkgenbUdjcpZhxf4m6SefA2fmd5oMX-dFbhoqzA%7E%7E&E=tjourney%40firstfedweb.com&X=XID226dccsjE8316Xd1&T=FF1001&HV=U,E,X,T&H=6cddfe47d52c5c20ea25f98d57b6a32ce380177b MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 4856 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1948,i,11901686451565618312,2359293476580080647,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 5892, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Networking
  • System Summary
  • Boot Survival
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: EmailJoe Sandbox AI: Email contains prominent button: 'click here to deliver your message'
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email claims to be from Boxbe but uses SparkPost infrastructure and contains multiple suspicious tracking links. The message attempts to get the recipient to click on links to 'deliver your message' or join a 'Guest List', which is a common phishing tactic. Multiple clicktime.cloud.postoffice.net redirects are used to mask the actual destination URLs
Source: https://www.boxbe.com/signup/?email=TJourney%40firstfedweb.com&redirected=courtesy-noticeHTTP Parser: Number of links: 0
Source: https://www.boxbe.com/signup/?email=TJourney%40firstfedweb.com&redirected=courtesy-noticeHTTP Parser: <input type="password" .../> found but no <form action="...
Source: EmailClassification: Credential Stealer
Source: https://www.boxbe.com/signup/?email=TJourney%40firstfedweb.com&redirected=courtesy-noticeHTTP Parser: <input type="password" .../> found
Source: https://www.boxbe.com/signup/?email=TJourney%40firstfedweb.com&redirected=courtesy-noticeHTTP Parser: No <meta name="author".. found
Source: https://www.boxbe.com/signup/?email=TJourney%40firstfedweb.com&redirected=courtesy-noticeHTTP Parser: No <meta name="author".. found
Source: https://www.boxbe.com/signup/?email=TJourney%40firstfedweb.com&redirected=courtesy-noticeHTTP Parser: No <meta name="copyright".. found
Source: https://www.boxbe.com/signup/?email=TJourney%40firstfedweb.com&redirected=courtesy-noticeHTTP Parser: No <meta name="copyright".. found
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.73
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /clicktime.php?U=https://info.sparkpost.com/f/a/CNyCkSwPajmKPIoolVaUPA%7E%7E/AAAAfRA%7E/d_X8jMGpgsxcQOgfoVgtCicTQGe89dcNY2qTo8bQ7BXR95MyCRYFUQj_85HYgaSTlAa45C0eYoREfkFG1qHHfxjKOD9KKltKqXqUReEB5he8XaeOCC6zKcCgfVQ41qTTCJsc_gE9JAd-ijYqgkYi1yybLhuLgmiC1fkvpM01TCBtzPkoXQEvMjXjrSfRZtS2-OCkz2njdcoTlnySjyZPCnrtVmhcTnTk3r97AyYrk74NreVxkgenbUdjcpZhxf4m6SefA2fmd5oMX-dFbhoqzA%7E%7E&E=tjourney%40firstfedweb.com&X=XID226dccsjE8316Xd1&T=FF1001&HV=U,E,X,T&H=6cddfe47d52c5c20ea25f98d57b6a32ce380177b HTTP/1.1Host: clicktime.cloud.postoffice.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /f/a/CNyCkSwPajmKPIoolVaUPA~~/AAAAfRA~/d_X8jMGpgsxcQOgfoVgtCicTQGe89dcNY2qTo8bQ7BXR95MyCRYFUQj_85HYgaSTlAa45C0eYoREfkFG1qHHfxjKOD9KKltKqXqUReEB5he8XaeOCC6zKcCgfVQ41qTTCJsc_gE9JAd-ijYqgkYi1yybLhuLgmiC1fkvpM01TCBtzPkoXQEvMjXjrSfRZtS2-OCkz2njdcoTlnySjyZPCnrtVmhcTnTk3r97AyYrk74NreVxkgenbUdjcpZhxf4m6SefA2fmd5oMX-dFbhoqzA~~ HTTP/1.1Host: info.sparkpost.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /crs?tc_serial=60956511344&tc_rand=524786563&utm_source=stf&utm_medium=email&utm_campaign=CN_STDW_v6&utm_content=002 HTTP/1.1Host: www.boxbe.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /courtesy-notice/?tracking_code=60956511344&tracking_code_random=524786563&utm_source=stf&utm_medium=email&utm_campaign=CN_STDW_v6&utm_content=002& HTTP/1.1Host: www.boxbe.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/bootstrap.css HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/courtesy-notice/bundle-42dfae3a94d6ae436c10f599a0195b84.js HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.boxbe.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rest/courtesy_notice/info?tracking_code=60956511344&tracking_code_random=524786563 HTTP/1.1Host: www.boxbe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/courtesy-notice/bundle-42dfae3a94d6ae436c10f599a0195b84.js HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v1.1/rudder-analytics.min.js HTTP/1.1Host: cdn.rudderlabs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rest/courtesy_notice/captcha2_key?tracking_code=60956511344&tracking_code_random=524786563 HTTP/1.1Host: www.boxbe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rest/courtesy_notice/info?tracking_code=60956511344&tracking_code_random=524786563 HTTP/1.1Host: www.boxbe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rest/courtesy_notice/captcha2_key?tracking_code=60956511344&tracking_code_random=524786563 HTTP/1.1Host: www.boxbe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/favicon.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v1.1/rudder-analytics.min.js HTTP/1.1Host: cdn.rudderlabs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /courtesy-notice/courtesy-notice-signup.html?recipient=cristimcelderry%40yahoo.com&fromEmail=TJourney%40firstfedweb.com HTTP/1.1Host: www.boxbe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rl_session=RudderEncrypt%3AU2FsdGVkX1%2BEy3f%2FfSjIndhdwmtoszzS6BkvdcA1IDyMsRCBxGv8cPTafvUzAz05m8RRZiHfe7Jp%2BBcQXgPJe7CUnTp6WzXrkWb%2FykfrAIDvGZA6rd%2BNhB%2F753T4Y5zCe8SU6wcMHPThRJXgPym7hw%3D%3D; rl_user_id=RudderEncrypt%3AU2FsdGVkX19FZrH9WPa919sjhMJtDdOd42PtA51FBvg%3D; rl_trait=RudderEncrypt%3AU2FsdGVkX19OXsHzmiCGIsKG2ipykcw9mDGOni1rwHI%3D; rl_group_id=RudderEncrypt%3AU2FsdGVkX19hCDQ8AHJ4pyWSggNegslSWmviGIc%2BccI%3D; rl_group_trait=RudderEncrypt%3AU2FsdGVkX18I3pbllNiFxEPcfEES6b0F8TmYPGbAF3I%3D; rl_anonymous_id=RudderEncrypt%3AU2FsdGVkX1%2BeuqEWnQVlwIb%2BUhvJI7k3ZcHUX6iw4YkpZYM4vVmDgXNFJCYb9%2Fqv7UloyGB%2FGLSVFF6uxqR1xw%3D%3D; rl_page_init_referrer=RudderEncrypt%3AU2FsdGVkX1%2FriG5n%2FV8KSFshVBOu2edSrp%2F%2BKp3WY58%3D; rl_page_init_referring_domain=RudderEncrypt%3AU2FsdGVkX1%2Fmfca6HjF%2BIQd%2BIpLFP8itC9g088vBhnI%3D
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/favicon.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v1.1/rudder-analytics.min.js HTTP/1.1Host: cdn.rudderlabs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/courtesy-notice/bundle-9ccf8626b315e437cfd6cb5254348aed.js HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.boxbe.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rest/imap_flavor?emailAddress=TJourney%40firstfedweb.com HTTP/1.1Host: www.boxbe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rl_session=RudderEncrypt%3AU2FsdGVkX1%2BEy3f%2FfSjIndhdwmtoszzS6BkvdcA1IDyMsRCBxGv8cPTafvUzAz05m8RRZiHfe7Jp%2BBcQXgPJe7CUnTp6WzXrkWb%2FykfrAIDvGZA6rd%2BNhB%2F753T4Y5zCe8SU6wcMHPThRJXgPym7hw%3D%3D; rl_user_id=RudderEncrypt%3AU2FsdGVkX19FZrH9WPa919sjhMJtDdOd42PtA51FBvg%3D; rl_trait=RudderEncrypt%3AU2FsdGVkX19OXsHzmiCGIsKG2ipykcw9mDGOni1rwHI%3D; rl_group_id=RudderEncrypt%3AU2FsdGVkX19hCDQ8AHJ4pyWSggNegslSWmviGIc%2BccI%3D; rl_group_trait=RudderEncrypt%3AU2FsdGVkX18I3pbllNiFxEPcfEES6b0F8TmYPGbAF3I%3D; rl_anonymous_id=RudderEncrypt%3AU2FsdGVkX1%2BeuqEWnQVlwIb%2BUhvJI7k3ZcHUX6iw4YkpZYM4vVmDgXNFJCYb9%2Fqv7UloyGB%2FGLSVFF6uxqR1xw%3D%3D; rl_page_init_referrer=RudderEncrypt%3AU2FsdGVkX1%2FriG5n%2FV8KSFshVBOu2edSrp%2F%2BKp3WY58%3D; rl_page_init_referring_domain=RudderEncrypt%3AU2FsdGVkX1%2Fmfca6HjF%2BIQd%2BIpLFP8itC9g088vBhnI%3D
Source: global trafficHTTP traffic detected: GET /sourceConfig/?p=cdn&v=2.51.0&writeKey=2MnFZZ5XITmcPpuh7BPoOH634HE HTTP/1.1Host: api.rudderstack.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0Authorization: Basic Mk1uRlpaNVhJVG1jUHB1aDdCUG9PSDYzNEhFOg==User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.boxbe.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rest/imap_flavor?emailAddress=TJourney%40firstfedweb.com HTTP/1.1Host: www.boxbe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rl_session=RudderEncrypt%3AU2FsdGVkX1%2BEy3f%2FfSjIndhdwmtoszzS6BkvdcA1IDyMsRCBxGv8cPTafvUzAz05m8RRZiHfe7Jp%2BBcQXgPJe7CUnTp6WzXrkWb%2FykfrAIDvGZA6rd%2BNhB%2F753T4Y5zCe8SU6wcMHPThRJXgPym7hw%3D%3D; rl_user_id=RudderEncrypt%3AU2FsdGVkX19FZrH9WPa919sjhMJtDdOd42PtA51FBvg%3D; rl_trait=RudderEncrypt%3AU2FsdGVkX19OXsHzmiCGIsKG2ipykcw9mDGOni1rwHI%3D; rl_group_id=RudderEncrypt%3AU2FsdGVkX19hCDQ8AHJ4pyWSggNegslSWmviGIc%2BccI%3D; rl_group_trait=RudderEncrypt%3AU2FsdGVkX18I3pbllNiFxEPcfEES6b0F8TmYPGbAF3I%3D; rl_anonymous_id=RudderEncrypt%3AU2FsdGVkX1%2BeuqEWnQVlwIb%2BUhvJI7k3ZcHUX6iw4YkpZYM4vVmDgXNFJCYb9%2Fqv7UloyGB%2FGLSVFF6uxqR1xw%3D%3D; rl_page_init_referrer=RudderEncrypt%3AU2FsdGVkX1%2FriG5n%2FV8KSFshVBOu2edSrp%2F%2BKp3WY58%3D; rl_page_init_referring_domain=RudderEncrypt%3AU2FsdGVkX1%2Fmfca6HjF%2BIQd%2BIpLFP8itC9g088vBhnI%3D
Source: global trafficHTTP traffic detected: GET /v6.15.5/courtesy-notice/bundle-9ccf8626b315e437cfd6cb5254348aed.js HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/world-icon.svg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/whale.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v1.1/rudder-analytics.min.js HTTP/1.1Host: cdn.rudderlabs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/boxbe_logo.svg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/email_icon.svg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/boxbe_logo_b.svg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-gmail.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sourceConfig/?p=cdn&v=2.51.0&writeKey=2MnFZZ5XITmcPpuh7BPoOH634HE HTTP/1.1Host: api.rudderstack.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/yahoo_logo.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/outlook_logo.svg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/world-icon.svg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/whale.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-aol.svg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-outlook.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/boxbe_logo_b.svg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-aol.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-gmail.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/email_icon.svg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/boxbe_logo.svg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v1/page HTTP/1.1Host: messagebird-dataplane.rudderstack.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v1/track HTTP/1.1Host: messagebird-dataplane.rudderstack.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/yahoo_logo.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-outlook.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-aol.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/outlook_logo.svg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v1/track HTTP/1.1Host: messagebird-dataplane.rudderstack.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /signup/?email=TJourney%40firstfedweb.com&redirected=courtesy-notice HTTP/1.1Host: www.boxbe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rl_page_init_referrer=RudderEncrypt%3AU2FsdGVkX1%2FriG5n%2FV8KSFshVBOu2edSrp%2F%2BKp3WY58%3D; rl_page_init_referring_domain=RudderEncrypt%3AU2FsdGVkX1%2Fmfca6HjF%2BIQd%2BIpLFP8itC9g088vBhnI%3D; rl_user_id=RudderEncrypt%3AU2FsdGVkX1%2F6AEarvIgD%2FIyyg3eEuEIaO6oMRik0MOM%3D; rl_trait=RudderEncrypt%3AU2FsdGVkX19HpR%2FtzWb4oWr%2BkcTXhNrFyKc57k%2Biws0%3D; rl_group_id=RudderEncrypt%3AU2FsdGVkX18COMHyUM3IIo8vfF8PI8jofkN0dFaV9kk%3D; rl_group_trait=RudderEncrypt%3AU2FsdGVkX18xZGR2CeiB%2FNYN1FOw99synx3N3YCKhA4%3D; rl_anonymous_id=RudderEncrypt%3AU2FsdGVkX1%2FO4dSB7y%2F4Bi%2BDGAegBi23us44ERT%2FkcaCNWwnHkhXzaC5ggRU3jSCFe%2Fh%2BKL3DXTB97VTqk5FoQ%3D%3D; rl_session=RudderEncrypt%3AU2FsdGVkX1%2BtywFW1obJ5stRbBi%2FY31ffdUXMp2u0gWCQ4EqCvvuZZtDUvk%2FCYHzoHzdaKQKsORCfhOsW%2FZzqaXh73pnd0zyZ1VUh%2BFLof3tK26gnKTw1Y78Ch2wRKAnVo0R9VuvqvgdvJ1AQeq0rA%3D%3D
Source: global trafficHTTP traffic detected: GET /v6.15.5/bootstrap-and-reset.css HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /releases/v5.8.1/css/all.css HTTP/1.1Host: use.fontawesome.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/signup/bundle-047635c10c275de5b0edf17f55030b4c.js HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.boxbe.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v1.1/rudder-analytics.min.js HTTP/1.1Host: cdn.rudderlabs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rest/auth/logged_in_user HTTP/1.1Host: www.boxbe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rl_page_init_referrer=RudderEncrypt%3AU2FsdGVkX1%2FriG5n%2FV8KSFshVBOu2edSrp%2F%2BKp3WY58%3D; rl_page_init_referring_domain=RudderEncrypt%3AU2FsdGVkX1%2Fmfca6HjF%2BIQd%2BIpLFP8itC9g088vBhnI%3D; rl_user_id=RudderEncrypt%3AU2FsdGVkX1%2F6AEarvIgD%2FIyyg3eEuEIaO6oMRik0MOM%3D; rl_trait=RudderEncrypt%3AU2FsdGVkX19HpR%2FtzWb4oWr%2BkcTXhNrFyKc57k%2Biws0%3D; rl_group_id=RudderEncrypt%3AU2FsdGVkX18COMHyUM3IIo8vfF8PI8jofkN0dFaV9kk%3D; rl_group_trait=RudderEncrypt%3AU2FsdGVkX18xZGR2CeiB%2FNYN1FOw99synx3N3YCKhA4%3D; rl_anonymous_id=RudderEncrypt%3AU2FsdGVkX1%2FO4dSB7y%2F4Bi%2BDGAegBi23us44ERT%2FkcaCNWwnHkhXzaC5ggRU3jSCFe%2Fh%2BKL3DXTB97VTqk5FoQ%3D%3D; rl_session=RudderEncrypt%3AU2FsdGVkX1%2BtywFW1obJ5stRbBi%2FY31ffdUXMp2u0gWCQ4EqCvvuZZtDUvk%2FCYHzoHzdaKQKsORCfhOsW%2FZzqaXh73pnd0zyZ1VUh%2BFLof3tK26gnKTw1Y78Ch2wRKAnVo0R9VuvqvgdvJ1AQeq0rA%3D%3D
Source: global trafficHTTP traffic detected: GET /rest/imap_flavor?emailAddress=TJourney%40firstfedweb.com HTTP/1.1Host: www.boxbe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rl_page_init_referrer=RudderEncrypt%3AU2FsdGVkX1%2FriG5n%2FV8KSFshVBOu2edSrp%2F%2BKp3WY58%3D; rl_page_init_referring_domain=RudderEncrypt%3AU2FsdGVkX1%2Fmfca6HjF%2BIQd%2BIpLFP8itC9g088vBhnI%3D; rl_user_id=RudderEncrypt%3AU2FsdGVkX1%2F6AEarvIgD%2FIyyg3eEuEIaO6oMRik0MOM%3D; rl_trait=RudderEncrypt%3AU2FsdGVkX19HpR%2FtzWb4oWr%2BkcTXhNrFyKc57k%2Biws0%3D; rl_group_id=RudderEncrypt%3AU2FsdGVkX18COMHyUM3IIo8vfF8PI8jofkN0dFaV9kk%3D; rl_group_trait=RudderEncrypt%3AU2FsdGVkX18xZGR2CeiB%2FNYN1FOw99synx3N3YCKhA4%3D; rl_anonymous_id=RudderEncrypt%3AU2FsdGVkX1%2FO4dSB7y%2F4Bi%2BDGAegBi23us44ERT%2FkcaCNWwnHkhXzaC5ggRU3jSCFe%2Fh%2BKL3DXTB97VTqk5FoQ%3D%3D; rl_session=RudderEncrypt%3AU2FsdGVkX1%2BtywFW1obJ5stRbBi%2FY31ffdUXMp2u0gWCQ4EqCvvuZZtDUvk%2FCYHzoHzdaKQKsORCfhOsW%2FZzqaXh73pnd0zyZ1VUh%2BFLof3tK26gnKTw1Y78Ch2wRKAnVo0R9VuvqvgdvJ1AQeq0rA%3D%3D
Source: global trafficHTTP traffic detected: GET /rest/oauth/flavor_enabled HTTP/1.1Host: www.boxbe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rl_page_init_referrer=RudderEncrypt%3AU2FsdGVkX1%2FriG5n%2FV8KSFshVBOu2edSrp%2F%2BKp3WY58%3D; rl_page_init_referring_domain=RudderEncrypt%3AU2FsdGVkX1%2Fmfca6HjF%2BIQd%2BIpLFP8itC9g088vBhnI%3D; rl_user_id=RudderEncrypt%3AU2FsdGVkX1%2F6AEarvIgD%2FIyyg3eEuEIaO6oMRik0MOM%3D; rl_trait=RudderEncrypt%3AU2FsdGVkX19HpR%2FtzWb4oWr%2BkcTXhNrFyKc57k%2Biws0%3D; rl_group_id=RudderEncrypt%3AU2FsdGVkX18COMHyUM3IIo8vfF8PI8jofkN0dFaV9kk%3D; rl_group_trait=RudderEncrypt%3AU2FsdGVkX18xZGR2CeiB%2FNYN1FOw99synx3N3YCKhA4%3D; rl_anonymous_id=RudderEncrypt%3AU2FsdGVkX1%2FO4dSB7y%2F4Bi%2BDGAegBi23us44ERT%2FkcaCNWwnHkhXzaC5ggRU3jSCFe%2Fh%2BKL3DXTB97VTqk5FoQ%3D%3D; rl_session=RudderEncrypt%3AU2FsdGVkX1%2BtywFW1obJ5stRbBi%2FY31ffdUXMp2u0gWCQ4EqCvvuZZtDUvk%2FCYHzoHzdaKQKsORCfhOsW%2FZzqaXh73pnd0zyZ1VUh%2BFLof3tK26gnKTw1Y78Ch2wRKAnVo0R9VuvqvgdvJ1AQeq0rA%3D%3D
Source: global trafficHTTP traffic detected: GET /rest/user_password/flavor_enabled HTTP/1.1Host: www.boxbe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rl_page_init_referrer=RudderEncrypt%3AU2FsdGVkX1%2FriG5n%2FV8KSFshVBOu2edSrp%2F%2BKp3WY58%3D; rl_page_init_referring_domain=RudderEncrypt%3AU2FsdGVkX1%2Fmfca6HjF%2BIQd%2BIpLFP8itC9g088vBhnI%3D; rl_user_id=RudderEncrypt%3AU2FsdGVkX1%2F6AEarvIgD%2FIyyg3eEuEIaO6oMRik0MOM%3D; rl_trait=RudderEncrypt%3AU2FsdGVkX19HpR%2FtzWb4oWr%2BkcTXhNrFyKc57k%2Biws0%3D; rl_group_id=RudderEncrypt%3AU2FsdGVkX18COMHyUM3IIo8vfF8PI8jofkN0dFaV9kk%3D; rl_group_trait=RudderEncrypt%3AU2FsdGVkX18xZGR2CeiB%2FNYN1FOw99synx3N3YCKhA4%3D; rl_anonymous_id=RudderEncrypt%3AU2FsdGVkX1%2FO4dSB7y%2F4Bi%2BDGAegBi23us44ERT%2FkcaCNWwnHkhXzaC5ggRU3jSCFe%2Fh%2BKL3DXTB97VTqk5FoQ%3D%3D; rl_session=RudderEncrypt%3AU2FsdGVkX1%2BtywFW1obJ5stRbBi%2FY31ffdUXMp2u0gWCQ4EqCvvuZZtDUvk%2FCYHzoHzdaKQKsORCfhOsW%2FZzqaXh73pnd0zyZ1VUh%2BFLof3tK26gnKTw1Y78Ch2wRKAnVo0R9VuvqvgdvJ1AQeq0rA%3D%3D
Source: global trafficHTTP traffic detected: GET /v6.15.5/signup/bundle-047635c10c275de5b0edf17f55030b4c.js HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rest/imap_flavor?emailAddress=TJourney%40firstfedweb.com HTTP/1.1Host: www.boxbe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rl_page_init_referrer=RudderEncrypt%3AU2FsdGVkX1%2FriG5n%2FV8KSFshVBOu2edSrp%2F%2BKp3WY58%3D; rl_page_init_referring_domain=RudderEncrypt%3AU2FsdGVkX1%2Fmfca6HjF%2BIQd%2BIpLFP8itC9g088vBhnI%3D; rl_user_id=RudderEncrypt%3AU2FsdGVkX1%2F6AEarvIgD%2FIyyg3eEuEIaO6oMRik0MOM%3D; rl_trait=RudderEncrypt%3AU2FsdGVkX19HpR%2FtzWb4oWr%2BkcTXhNrFyKc57k%2Biws0%3D; rl_group_id=RudderEncrypt%3AU2FsdGVkX18COMHyUM3IIo8vfF8PI8jofkN0dFaV9kk%3D; rl_group_trait=RudderEncrypt%3AU2FsdGVkX18xZGR2CeiB%2FNYN1FOw99synx3N3YCKhA4%3D; rl_anonymous_id=RudderEncrypt%3AU2FsdGVkX1%2FO4dSB7y%2F4Bi%2BDGAegBi23us44ERT%2FkcaCNWwnHkhXzaC5ggRU3jSCFe%2Fh%2BKL3DXTB97VTqk5FoQ%3D%3D; rl_session=RudderEncrypt%3AU2FsdGVkX1%2BtywFW1obJ5stRbBi%2FY31ffdUXMp2u0gWCQ4EqCvvuZZtDUvk%2FCYHzoHzdaKQKsORCfhOsW%2FZzqaXh73pnd0zyZ1VUh%2BFLof3tK26gnKTw1Y78Ch2wRKAnVo0R9VuvqvgdvJ1AQeq0rA%3D%3D
Source: global trafficHTTP traffic detected: GET /rest/user_password/flavor_enabled HTTP/1.1Host: www.boxbe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rl_page_init_referrer=RudderEncrypt%3AU2FsdGVkX1%2FriG5n%2FV8KSFshVBOu2edSrp%2F%2BKp3WY58%3D; rl_page_init_referring_domain=RudderEncrypt%3AU2FsdGVkX1%2Fmfca6HjF%2BIQd%2BIpLFP8itC9g088vBhnI%3D; rl_user_id=RudderEncrypt%3AU2FsdGVkX1%2F6AEarvIgD%2FIyyg3eEuEIaO6oMRik0MOM%3D; rl_trait=RudderEncrypt%3AU2FsdGVkX19HpR%2FtzWb4oWr%2BkcTXhNrFyKc57k%2Biws0%3D; rl_group_id=RudderEncrypt%3AU2FsdGVkX18COMHyUM3IIo8vfF8PI8jofkN0dFaV9kk%3D; rl_group_trait=RudderEncrypt%3AU2FsdGVkX18xZGR2CeiB%2FNYN1FOw99synx3N3YCKhA4%3D; rl_anonymous_id=RudderEncrypt%3AU2FsdGVkX1%2FO4dSB7y%2F4Bi%2BDGAegBi23us44ERT%2FkcaCNWwnHkhXzaC5ggRU3jSCFe%2Fh%2BKL3DXTB97VTqk5FoQ%3D%3D; rl_session=RudderEncrypt%3AU2FsdGVkX1%2BtywFW1obJ5stRbBi%2FY31ffdUXMp2u0gWCQ4EqCvvuZZtDUvk%2FCYHzoHzdaKQKsORCfhOsW%2FZzqaXh73pnd0zyZ1VUh%2BFLof3tK26gnKTw1Y78Ch2wRKAnVo0R9VuvqvgdvJ1AQeq0rA%3D%3D
Source: global trafficHTTP traffic detected: GET /rest/oauth/flavor_enabled HTTP/1.1Host: www.boxbe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rl_page_init_referrer=RudderEncrypt%3AU2FsdGVkX1%2FriG5n%2FV8KSFshVBOu2edSrp%2F%2BKp3WY58%3D; rl_page_init_referring_domain=RudderEncrypt%3AU2FsdGVkX1%2Fmfca6HjF%2BIQd%2BIpLFP8itC9g088vBhnI%3D; rl_user_id=RudderEncrypt%3AU2FsdGVkX1%2F6AEarvIgD%2FIyyg3eEuEIaO6oMRik0MOM%3D; rl_trait=RudderEncrypt%3AU2FsdGVkX19HpR%2FtzWb4oWr%2BkcTXhNrFyKc57k%2Biws0%3D; rl_group_id=RudderEncrypt%3AU2FsdGVkX18COMHyUM3IIo8vfF8PI8jofkN0dFaV9kk%3D; rl_group_trait=RudderEncrypt%3AU2FsdGVkX18xZGR2CeiB%2FNYN1FOw99synx3N3YCKhA4%3D; rl_anonymous_id=RudderEncrypt%3AU2FsdGVkX1%2FO4dSB7y%2F4Bi%2BDGAegBi23us44ERT%2FkcaCNWwnHkhXzaC5ggRU3jSCFe%2Fh%2BKL3DXTB97VTqk5FoQ%3D%3D; rl_session=RudderEncrypt%3AU2FsdGVkX1%2BtywFW1obJ5stRbBi%2FY31ffdUXMp2u0gWCQ4EqCvvuZZtDUvk%2FCYHzoHzdaKQKsORCfhOsW%2FZzqaXh73pnd0zyZ1VUh%2BFLof3tK26gnKTw1Y78Ch2wRKAnVo0R9VuvqvgdvJ1AQeq0rA%3D%3D
Source: global trafficHTTP traffic detected: GET /rest/auth/logged_in_user HTTP/1.1Host: www.boxbe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rl_page_init_referrer=RudderEncrypt%3AU2FsdGVkX1%2FriG5n%2FV8KSFshVBOu2edSrp%2F%2BKp3WY58%3D; rl_page_init_referring_domain=RudderEncrypt%3AU2FsdGVkX1%2Fmfca6HjF%2BIQd%2BIpLFP8itC9g088vBhnI%3D; rl_user_id=RudderEncrypt%3AU2FsdGVkX1%2F6AEarvIgD%2FIyyg3eEuEIaO6oMRik0MOM%3D; rl_trait=RudderEncrypt%3AU2FsdGVkX19HpR%2FtzWb4oWr%2BkcTXhNrFyKc57k%2Biws0%3D; rl_group_id=RudderEncrypt%3AU2FsdGVkX18COMHyUM3IIo8vfF8PI8jofkN0dFaV9kk%3D; rl_group_trait=RudderEncrypt%3AU2FsdGVkX18xZGR2CeiB%2FNYN1FOw99synx3N3YCKhA4%3D; rl_anonymous_id=RudderEncrypt%3AU2FsdGVkX1%2FO4dSB7y%2F4Bi%2BDGAegBi23us44ERT%2FkcaCNWwnHkhXzaC5ggRU3jSCFe%2Fh%2BKL3DXTB97VTqk5FoQ%3D%3D; rl_session=RudderEncrypt%3AU2FsdGVkX1%2BtywFW1obJ5stRbBi%2FY31ffdUXMp2u0gWCQ4EqCvvuZZtDUvk%2FCYHzoHzdaKQKsORCfhOsW%2FZzqaXh73pnd0zyZ1VUh%2BFLof3tK26gnKTw1Y78Ch2wRKAnVo0R9VuvqvgdvJ1AQeq0rA%3D%3D
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-outlook.jpg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-gmail-fav.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-yahoo.svg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-gmail.ico HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sourceConfig/?p=cdn&v=2.51.0&writeKey=2MnFZZ5XITmcPpuh7BPoOH634HE HTTP/1.1Host: api.rudderstack.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0Authorization: Basic Mk1uRlpaNVhJVG1jUHB1aDdCUG9PSDYzNEhFOg==User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.boxbe.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v1.1/rudder-analytics.min.js HTTP/1.1Host: cdn.rudderlabs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-yahoo.svg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-outlook.jpg HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-gmail.ico HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/ HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sourceConfig/?p=cdn&v=2.51.0&writeKey=2MnFZZ5XITmcPpuh7BPoOH634HE HTTP/1.1Host: api.rudderstack.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v1/page HTTP/1.1Host: messagebird-dataplane.rudderstack.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v1/track HTTP/1.1Host: messagebird-dataplane.rudderstack.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /releases/v5.8.1/webfonts/fa-solid-900.woff2 HTTP/1.1Host: use.fontawesome.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.boxbe.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://use.fontawesome.com/releases/v5.8.1/css/all.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/oauth-preview-exchange.postoffice.net.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v6.15.5/assets/img/logo-gmail-fav.png HTTP/1.1Host: d25lk0qhi6nhi8.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v1/track HTTP/1.1Host: messagebird-dataplane.rudderstack.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v1/track HTTP/1.1Host: messagebird-dataplane.rudderstack.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: clicktime.cloud.postoffice.net
Source: global trafficDNS traffic detected: DNS query: info.sparkpost.com
Source: global trafficDNS traffic detected: DNS query: www.boxbe.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: d25lk0qhi6nhi8.cloudfront.net
Source: global trafficDNS traffic detected: DNS query: cdn.rudderlabs.com
Source: global trafficDNS traffic detected: DNS query: api.rudderstack.com
Source: global trafficDNS traffic detected: DNS query: messagebird-dataplane.rudderstack.com
Source: global trafficDNS traffic detected: DNS query: use.fontawesome.com
Source: unknownHTTP traffic detected: POST /rest/courtesy_notice/captcha2_approve?tracking_code=60956511344&tracking_code_random=524786563 HTTP/1.1Host: www.boxbe.comConnection: keep-aliveContent-Length: 42sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/jsonContent-Type: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.boxbe.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.boxbe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closeServer: AmazonS3Date: Mon, 03 Mar 2025 19:00:56 GMTX-Cache: Error from cloudfrontVia: 1.1 6278ee254a7d35c23aae5e936b5a56ee.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA56-P6X-Amz-Cf-Id: lAePsFGLhnfLROoDzdaZa3VEi74-T8fSiuS6u-CjFxkYHPaR20R_OA==
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closeServer: AmazonS3Date: Mon, 03 Mar 2025 19:01:13 GMTX-Cache: Error from cloudfrontVia: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA56-P6X-Amz-Cf-Id: dkFnDAcH_cpohxUVUgV1YXyCGeZGYd-JCSxcVQZ-mvB-IuF4iMP_-A==
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closeServer: AmazonS3Date: Mon, 03 Mar 2025 19:01:12 GMTX-Cache: Error from cloudfrontVia: 1.1 6c2674fb15c38f5458794dd680986b8e.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA56-P6X-Amz-Cf-Id: aX753R04YkglSnJ-evFcmXbugVwJIhBPyVgKPxAOtMFScVvmFXcA4w==
Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49929
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
Source: classification engineClassification label: mal48.winMSG@18/10@28/211
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250303T1400300770-5892.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\FW_ RE_ Financials for Krohns Appliance (#Ud83d#Udceb Action Required).msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D9C1F8ED-5BB4-4034-87C3-D676F2F5F098" "10A60071-035E-4BEC-8CE2-1058332984DC" "5892" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://clicktime.cloud.postoffice.net/clicktime.php?U=https://info.sparkpost.com/f/a/CNyCkSwPajmKPIoolVaUPA%7E%7E/AAAAfRA%7E/d_X8jMGpgsxcQOgfoVgtCicTQGe89dcNY2qTo8bQ7BXR95MyCRYFUQj_85HYgaSTlAa45C0eYoREfkFG1qHHfxjKOD9KKltKqXqUReEB5he8XaeOCC6zKcCgfVQ41qTTCJsc_gE9JAd-ijYqgkYi1yybLhuLgmiC1fkvpM01TCBtzPkoXQEvMjXjrSfRZtS2-OCkz2njdcoTlnySjyZPCnrtVmhcTnTk3r97AyYrk74NreVxkgenbUdjcpZhxf4m6SefA2fmd5oMX-dFbhoqzA%7E%7E&E=tjourney%40firstfedweb.com&X=XID226dccsjE8316Xd1&T=FF1001&HV=U,E,X,T&H=6cddfe47d52c5c20ea25f98d57b6a32ce380177b
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1948,i,11901686451565618312,2359293476580080647,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D9C1F8ED-5BB4-4034-87C3-D676F2F5F098" "10A60071-035E-4BEC-8CE2-1058332984DC" "5892" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://clicktime.cloud.postoffice.net/clicktime.php?U=https://info.sparkpost.com/f/a/CNyCkSwPajmKPIoolVaUPA%7E%7E/AAAAfRA%7E/d_X8jMGpgsxcQOgfoVgtCicTQGe89dcNY2qTo8bQ7BXR95MyCRYFUQj_85HYgaSTlAa45C0eYoREfkFG1qHHfxjKOD9KKltKqXqUReEB5he8XaeOCC6zKcCgfVQ41qTTCJsc_gE9JAd-ijYqgkYi1yybLhuLgmiC1fkvpM01TCBtzPkoXQEvMjXjrSfRZtS2-OCkz2njdcoTlnySjyZPCnrtVmhcTnTk3r97AyYrk74NreVxkgenbUdjcpZhxf4m6SefA2fmd5oMX-dFbhoqzA%7E%7E&E=tjourney%40firstfedweb.com&X=XID226dccsjE8316Xd1&T=FF1001&HV=U,E,X,T&H=6cddfe47d52c5c20ea25f98d57b6a32ce380177b
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1948,i,11901686451565618312,2359293476580080647,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} DeviceTicket
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/world-icon.svg0%Avira URL Cloudsafe
https://clicktime.cloud.postoffice.net/clicktime.php?U=https://info.sparkpost.com/f/a/CNyCkSwPajmKPIoolVaUPA%7E%7E/AAAAfRA%7E/d_X8jMGpgsxcQOgfoVgtCicTQGe89dcNY2qTo8bQ7BXR95MyCRYFUQj_85HYgaSTlAa45C0eYoREfkFG1qHHfxjKOD9KKltKqXqUReEB5he8XaeOCC6zKcCgfVQ41qTTCJsc_gE9JAd-ijYqgkYi1yybLhuLgmiC1fkvpM01TCBtzPkoXQEvMjXjrSfRZtS2-OCkz2njdcoTlnySjyZPCnrtVmhcTnTk3r97AyYrk74NreVxkgenbUdjcpZhxf4m6SefA2fmd5oMX-dFbhoqzA%7E%7E&E=tjourney%40firstfedweb.com&X=XID226dccsjE8316Xd1&T=FF1001&HV=U,E,X,T&H=6cddfe47d52c5c20ea25f98d57b6a32ce380177b0%Avira URL Cloudsafe
https://www.boxbe.com/rest/courtesy_notice/info?tracking_code=60956511344&tracking_code_random=5247865630%Avira URL Cloudsafe
https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js0%Avira URL Cloudsafe
https://messagebird-dataplane.rudderstack.com/v1/track0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/courtesy-notice/bundle-42dfae3a94d6ae436c10f599a0195b84.js0%Avira URL Cloudsafe
https://www.boxbe.com/crs?tc_serial=60956511344&tc_rand=524786563&utm_source=stf&utm_medium=email&utm_campaign=CN_STDW_v6&utm_content=0020%Avira URL Cloudsafe
https://info.sparkpost.com/f/a/CNyCkSwPajmKPIoolVaUPA~~/AAAAfRA~/d_X8jMGpgsxcQOgfoVgtCicTQGe89dcNY2qTo8bQ7BXR95MyCRYFUQj_85HYgaSTlAa45C0eYoREfkFG1qHHfxjKOD9KKltKqXqUReEB5he8XaeOCC6zKcCgfVQ41qTTCJsc_gE9JAd-ijYqgkYi1yybLhuLgmiC1fkvpM01TCBtzPkoXQEvMjXjrSfRZtS2-OCkz2njdcoTlnySjyZPCnrtVmhcTnTk3r97AyYrk74NreVxkgenbUdjcpZhxf4m6SefA2fmd5oMX-dFbhoqzA~~0%Avira URL Cloudsafe
https://www.boxbe.com/rest/courtesy_notice/captcha2_key?tracking_code=60956511344&tracking_code_random=5247865630%Avira URL Cloudsafe
https://messagebird-dataplane.rudderstack.com/v1/page0%Avira URL Cloudsafe
https://www.boxbe.com/rest/courtesy_notice/captcha2_approve?tracking_code=60956511344&tracking_code_random=5247865630%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/courtesy-notice/bundle-9ccf8626b315e437cfd6cb5254348aed.js0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/favicon.png0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/whale.png0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/bootstrap.css0%Avira URL Cloudsafe
https://api.rudderstack.com/sourceConfig/?p=cdn&v=2.51.0&writeKey=2MnFZZ5XITmcPpuh7BPoOH634HE0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/email_icon.svg0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-outlook.png0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-gmail.png0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/yahoo_logo.png0%Avira URL Cloudsafe
https://www.boxbe.com/rest/imap_flavor?emailAddress=TJourney%40firstfedweb.com0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/outlook_logo.svg0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/boxbe_logo.svg0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-aol.svg0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/boxbe_logo_b.svg0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-aol.png0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-yahoo.svg0%Avira URL Cloudsafe
https://www.boxbe.com/rest/oauth/flavor_enabled0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/bootstrap-and-reset.css0%Avira URL Cloudsafe
https://www.boxbe.com/rest/user_password/flavor_enabled0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-outlook.jpg0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-gmail-fav.png0%Avira URL Cloudsafe
https://www.boxbe.com/rest/auth/logged_in_user0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-gmail.ico0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/signup/bundle-047635c10c275de5b0edf17f55030b4c.js0%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/oauth-preview-exchange.postoffice.net.png0%Avira URL Cloudsafe
https://use.fontawesome.com/releases/v5.8.1/webfonts/fa-solid-900.woff20%Avira URL Cloudsafe
https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
boxbe.com
18.204.73.86
truefalse
    		unknown
    d330tt87tgwpr0.cloudfront.net
    		18.244.18.77
    		truefalse
      		high
      api.rudderstack.com
      		18.245.86.58
      		truefalse
        		high
        messagebird-dataplane.rudderstack.com
        		52.22.248.30
        		truefalse
          		high
          clicktime.cloud.postoffice.net
          		165.212.65.140
          		truefalse
            		high
            www.google.com
            		172.217.18.4
            		truefalse
              		high
              d25lk0qhi6nhi8.cloudfront.net
              		108.138.2.122
              		truefalse
                		high
                d3egwh0myn07qx.cloudfront.net
                		18.66.122.58
                		truefalse
                  		unknown
                  s-0005.dual-s-msedge.net
                  		52.123.129.14
                  		truefalse
                    		high
                    use.fontawesome.com.cdn.cloudflare.net
                    		104.21.27.152
                    		truefalse
                      		high
                      use.fontawesome.com
                      		unknown
                      		unknownfalse
                        		high
                        www.boxbe.com
                        		unknown
                        		unknownfalse
                          		high
                          info.sparkpost.com
                          		unknown
                          		unknownfalse
                            		unknown
                            cdn.rudderlabs.com
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://www.boxbe.com/courtesy-notice/?tracking_code=60956511344&tracking_code_random=524786563&utm_source=stf&utm_medium=email&utm_campaign=CN_STDW_v6&utm_content=002&false
                                		unknown
                                https://messagebird-dataplane.rudderstack.com/v1/trackfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.boxbe.com/rest/oauth/flavor_enabledfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.boxbe.com/rest/courtesy_notice/info?tracking_code=60956511344&tracking_code_random=524786563false
                                • Avira URL Cloud: safe
                                		unknown
                                https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.jsfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://info.sparkpost.com/f/a/CNyCkSwPajmKPIoolVaUPA~~/AAAAfRA~/d_X8jMGpgsxcQOgfoVgtCicTQGe89dcNY2qTo8bQ7BXR95MyCRYFUQj_85HYgaSTlAa45C0eYoREfkFG1qHHfxjKOD9KKltKqXqUReEB5he8XaeOCC6zKcCgfVQ41qTTCJsc_gE9JAd-ijYqgkYi1yybLhuLgmiC1fkvpM01TCBtzPkoXQEvMjXjrSfRZtS2-OCkz2njdcoTlnySjyZPCnrtVmhcTnTk3r97AyYrk74NreVxkgenbUdjcpZhxf4m6SefA2fmd5oMX-dFbhoqzA~~false
                                • Avira URL Cloud: safe
                                		unknown
                                https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/courtesy-notice/bundle-42dfae3a94d6ae436c10f599a0195b84.jsfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.boxbe.com/rest/courtesy_notice/captcha2_key?tracking_code=60956511344&tracking_code_random=524786563false
                                • Avira URL Cloud: safe
                                		unknown
                                https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-yahoo.svgfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.boxbe.com/crs?tc_serial=60956511344&tc_rand=524786563&utm_source=stf&utm_medium=email&utm_campaign=CN_STDW_v6&utm_content=002false
                                • Avira URL Cloud: safe
                                		unknown
                                https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/world-icon.svgfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://clicktime.cloud.postoffice.net/clicktime.php?U=https://info.sparkpost.com/f/a/CNyCkSwPajmKPIoolVaUPA%7E%7E/AAAAfRA%7E/d_X8jMGpgsxcQOgfoVgtCicTQGe89dcNY2qTo8bQ7BXR95MyCRYFUQj_85HYgaSTlAa45C0eYoREfkFG1qHHfxjKOD9KKltKqXqUReEB5he8XaeOCC6zKcCgfVQ41qTTCJsc_gE9JAd-ijYqgkYi1yybLhuLgmiC1fkvpM01TCBtzPkoXQEvMjXjrSfRZtS2-OCkz2njdcoTlnySjyZPCnrtVmhcTnTk3r97AyYrk74NreVxkgenbUdjcpZhxf4m6SefA2fmd5oMX-dFbhoqzA%7E%7E&E=tjourney%40firstfedweb.com&X=XID226dccsjE8316Xd1&T=FF1001&HV=U,E,X,T&H=6cddfe47d52c5c20ea25f98d57b6a32ce380177bfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.boxbe.com/courtesy-notice/courtesy-notice-signup.html?recipient=cristimcelderry%40yahoo.com&fromEmail=TJourney%40firstfedweb.comtrue
                                  		unknown
                                  https://messagebird-dataplane.rudderstack.com/v1/pagefalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-outlook.pngfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.boxbe.com/rest/courtesy_notice/captcha2_approve?tracking_code=60956511344&tracking_code_random=524786563false
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.boxbe.com/signup/?email=TJourney%40firstfedweb.com&redirected=courtesy-noticefalse
                                    		unknown
                                    https://use.fontawesome.com/releases/v5.8.1/css/all.cssfalse
                                      		high
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/courtesy-notice/bundle-9ccf8626b315e437cfd6cb5254348aed.jsfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/signup/bundle-047635c10c275de5b0edf17f55030b4c.jsfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.boxbe.com/rest/auth/logged_in_userfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/favicon.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://api.rudderstack.com/sourceConfig/?p=cdn&v=2.51.0&writeKey=2MnFZZ5XITmcPpuh7BPoOH634HEfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/whale.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/email_icon.svgfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/bootstrap.cssfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-gmail.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/bootstrap-and-reset.cssfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-outlook.jpgfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/oauth-preview-exchange.postoffice.net.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/yahoo_logo.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/outlook_logo.svgfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.boxbe.com/rest/imap_flavor?emailAddress=TJourney%40firstfedweb.comfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/boxbe_logo_b.svgfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/boxbe_logo.svgfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-aol.svgfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-aol.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.boxbe.com/rest/user_password/flavor_enabledfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-gmail-fav.pngfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://d25lk0qhi6nhi8.cloudfront.net/v6.15.5/assets/img/logo-gmail.icofalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://use.fontawesome.com/releases/v5.8.1/webfonts/fa-solid-900.woff2false
                                      • Avira URL Cloud: safe
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      18.244.18.77
                                      		d330tt87tgwpr0.cloudfront.netUnited States
                                      		16509AMAZON-02USfalse
                                      1.1.1.1
                                      		unknownAustralia
                                      		13335CLOUDFLARENETUSfalse
                                      18.204.73.86
                                      		boxbe.comUnited States
                                      		14618AMAZON-AESUSfalse
                                      52.111.236.32
                                      		unknownUnited States
                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                      172.217.16.138
                                      		unknownUnited States
                                      		15169GOOGLEUSfalse
                                      172.217.18.4
                                      		www.google.comUnited States
                                      		15169GOOGLEUSfalse
                                      216.58.206.67
                                      		unknownUnited States
                                      		15169GOOGLEUSfalse
                                      108.138.2.122
                                      		d25lk0qhi6nhi8.cloudfront.netUnited States
                                      		16509AMAZON-02USfalse
                                      52.123.129.14
                                      		s-0005.dual-s-msedge.netUnited States
                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                      18.244.18.4
                                      		unknownUnited States
                                      		16509AMAZON-02USfalse
                                      165.212.65.140
                                      		clicktime.cloud.postoffice.netUnited States
                                      		14454PERIMETER-ESECURITYUSfalse
                                      64.233.166.84
                                      		unknownUnited States
                                      		15169GOOGLEUSfalse
                                      239.255.255.250
                                      		unknownReserved
                                      		unknownunknownfalse
                                      104.21.27.152
                                      		use.fontawesome.com.cdn.cloudflare.netUnited States
                                      		13335CLOUDFLARENETUSfalse
                                      142.250.185.142
                                      		unknownUnited States
                                      		15169GOOGLEUSfalse
                                      52.22.248.30
                                      		messagebird-dataplane.rudderstack.comUnited States
                                      		14618AMAZON-AESUSfalse
                                      18.66.122.58
                                      		d3egwh0myn07qx.cloudfront.netUnited States
                                      		3MIT-GATEWAYSUSfalse
                                      20.42.73.24
                                      		unknownUnited States
                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                      18.245.86.58
                                      		api.rudderstack.comUnited States
                                      		16509AMAZON-02USfalse
                                      18.245.86.25
                                      		unknownUnited States
                                      		16509AMAZON-02USfalse
                                      23.199.214.10
                                      		unknownUnited States
                                      		16625AKAMAI-ASUSfalse
                                      172.217.16.131
                                      		unknownUnited States
                                      		15169GOOGLEUSfalse

                                      Private

                                      IP
                                      192.168.2.16

                                      General Information

                                      Joe Sandbox version:42.0.0 Malachite
                                      Analysis ID:1628392
                                      Start date and time:2025-03-03 19:59:58 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:15
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • EGA enabled
                                      Analysis Mode:stream
                                      Analysis stop reason:Timeout
                                      Sample name:FW_ RE_ Financials for Krohns Appliance (#Ud83d#Udceb Action Required).msg
                                      renamed because original name is a hash value
                                      Original Sample Name:FW_ RE_ Financials for Krohns Appliance ( Action Required).msg
                                      Detection:MAL
                                      Classification:mal48.winMSG@18/10@28/211
                                      Cookbook Comments:
                                      • Found application associated with file extension: .msg
                                      • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 23.199.214.10, 52.123.129.14
                                      • Excluded domains from analysis (whitelisted): ecs.office.com, dual-s-0005-office.config.skype.com, fs.microsoft.com, e16604.f.akamaiedge.net, ecs.office.trafficmanager.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                      • VT rate limit hit for: boxbe.com

                                      Created / dropped Files

                                      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250303T1400300770-5892.etl

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:modified
                                      Size (bytes):94208
                                      Entropy (8bit):4.463214815145503
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D2604744FB36C17CBD585CAB14C06064
                                      SHA1:0C49C59C73AEDD7DE6087E6A359C4E76FE5DB2F8
                                      SHA-256:ED18BD337CA0B503A991F0F6D002D56B66B31BF47C25D66033C4F5B6C23B10A2
                                      SHA-512:99DBD2901BCFC383CF686A84BC8A2828B5E2C17F43FB15DEC9412FADD8AC5B623F6ED3B07DE4CA14548975BEECC923832912D9E50895E4C724893826D38AB6B5
                                      Malicious:false
                                      Reputation:unknown
                                      Preview:............................................................................`..............n...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................p.'..Y.............n...........v.2._.O.U.T.L.O.O.K.:.1.7.0.4.:.4.2.e.e.f.2.b.c.0.c.0.6.4.c.0.7.b.e.1.d.7.b.c.1.0.b.a.c.3.3.a.3...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.3.0.3.T.1.4.0.0.3.0.0.7.7.0.-.5.8.9.2...e.t.l.......P.P..........E.n...........................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\~DFE5C12C8F494F7608.TMP

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):163840
                                      Entropy (8bit):0.4613815424985172
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:35F78B1891D7095F77AFDBEFBF168283
                                      SHA1:22B9BA4C33CB04D4C7B6759CF404B6DAFDE8F56C
                                      SHA-256:4825A5FFEE5555D8011F195F21225EC2E7370FD3F0D5E696393DD43DDD9BB3A8
                                      SHA-512:B544198F8393BC965FEBAE2A2F24D34300EDC399354C30F6F56159214ADD4010BF1434117EA46944F4D69D34125FB46CD029D9A31F99D7FFCCA5605C258B5F57
                                      Malicious:false
                                      Reputation:unknown
                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 3 18:00:42 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                      Category:dropped
                                      Size (bytes):2673
                                      Entropy (8bit):3.9786302339817583
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:2735AD23A8B72C180DB295461FA94458
                                      SHA1:E8E3F05535910D8A4691FBBE43A95432457881D1
                                      SHA-256:884E937681C47B9FB6FBAEDDC5799E81967DB9E230C31672CF379589B5A465F3
                                      SHA-512:469D6D8CB43543C2C1FD34AE30CB32870AA9043640E4DCBB58A218BD9142664A46B50FE5B7893D0EC2D97FFC824AA3DEDB58C77B72ADA7A78F052FA1989FEBFC
                                      Malicious:false
                                      Reputation:unknown
                                      Preview:L..................F.@.. ...$+.,....3...n...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IcZ......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VcZ......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VcZ......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VcZ............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VcZ.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'..K.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 3 18:00:42 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                      Category:dropped
                                      Size (bytes):2675
                                      Entropy (8bit):3.997731207471808
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:1FF2B8DFA7BB7EE614835CC9DC1D6900
                                      SHA1:680F30E9D306BAB980B463B8E7768FAEB467FB9C
                                      SHA-256:91CED73F17B92A53C81A0024983355FDBB8895E597DF4CD4F42332250CAEDA58
                                      SHA-512:2A65240E7D641021EBB4DEA67106B4AE25E1A71547614F86D4C23D3CD1E93AFC2C99027ACB63AC1DB3F9296C8C1FE7B82180F91BCDC6BF9565D33699A8488672
                                      Malicious:false
                                      Reputation:unknown
                                      Preview:L..................F.@.. ...$+.,.......n...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IcZ......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VcZ......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VcZ......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VcZ............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VcZ.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'..K.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                      Category:dropped
                                      Size (bytes):2689
                                      Entropy (8bit):4.0073579266591235
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:296F07135909D3399CE1C0FB2073CD27
                                      SHA1:174C2A20B468FC2FB6E77289C9C787112C601E54
                                      SHA-256:24CD8E4B34C4655E73617EA1FE94F4CF5468DC4AA23778540293F2C8EEB01647
                                      SHA-512:8C7ECF81552FC79EF4FCF2FBD900BE3584F4164CCCF64492F98E066CCC34FC2B7D5939A8A880941011324B69F633020FF1824D9CAE995AC10C9E0CFCC60E8D97
                                      Malicious:false
                                      Reputation:unknown
                                      Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IcZ......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VcZ......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VcZ......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VcZ............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'..K.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 3 18:00:42 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                      Category:dropped
                                      Size (bytes):2677
                                      Entropy (8bit):3.9953757305102826
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:FB855384B2363CBDCFB13669F2A85333
                                      SHA1:6F6792645F2546E19AD02686B776F8A361D946EB
                                      SHA-256:81AF71B5B75727690C8A2E7B5435949B872F0D551A2281FE81FF9729B18FF7F9
                                      SHA-512:0BC6B1AA3E2CBA3E83552A01A2E60794A9B96BF3F1DCA708A233F7CC7942A85DBC4107DD3BC2794D74D147E440D16B16C899080099461CAADCFB9BF6E9F00D34
                                      Malicious:false
                                      Reputation:unknown
                                      Preview:L..................F.@.. ...$+.,.......n...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IcZ......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VcZ......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VcZ......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VcZ............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VcZ.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'..K.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 3 18:00:42 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                      Category:dropped
                                      Size (bytes):2677
                                      Entropy (8bit):3.9821098648633653
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:D8805C30F9BEF64E60CEC788E0DABFC0
                                      SHA1:8CF1D00F4E523761C998CEA86E7367F49C3A63CD
                                      SHA-256:62E34CD2E2420C6F1761DCC5F1DC5EA88D174A2BC9DD64979233CEDF0D9F5E2C
                                      SHA-512:F6F1BF717739FBC6EEB09CBABC099804AEEF755A383AFAC2B6D5F8AF2A6ACEE3AD737FEBACCED9029C9FCB3851F0A3319E12E38115EEEF6034FE04533FBD03F2
                                      Malicious:false
                                      Reputation:unknown
                                      Preview:L..................F.@.. ...$+.,.....a..n...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IcZ......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VcZ......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VcZ......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VcZ............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VcZ.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'..K.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                      Download File
                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Mar 3 18:00:42 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                      Category:dropped
                                      Size (bytes):2679
                                      Entropy (8bit):3.9948988797703313
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:355B02AE896D51F178493DA1CEECC139
                                      SHA1:D25CB1A6DB49CFA206C4B18240EA75D80FCFBE31
                                      SHA-256:E55ECCBE47FFE053E96A0192E3267A8C0CA0B3289BAE63867CE553E2A6BE6C61
                                      SHA-512:2B78DD29336E83291222AFB89E522F6D177453138EE3C3B2E4017C51DE4725D54557C9E2253CFB67D307175304AD2042D986574C61D47DF46BB0E23543537BD2
                                      Malicious:false
                                      Reputation:unknown
                                      Preview:L..................F.@.. ...$+.,......n...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IcZ......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VcZ......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VcZ......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VcZ............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VcZ.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........'..K.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:Microsoft Outlook email folder (>=2003)
                                      Category:dropped
                                      Size (bytes):271360
                                      Entropy (8bit):1.2700786073948356
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:F3AA56C2E3F47CF6D152D9D243D73631
                                      SHA1:4E33CBC799569D1D2F56AC22CAAD80F1ED35D99D
                                      SHA-256:0BF07C0585EB85B4E86D285E4999A56557AC85296FEFF18AEB9C3BE1E0C5C567
                                      SHA-512:9C5117C3E7A85B40452EC1A8A865D31E6C4699254805DD3AD47C3A11F016D2EEAB9775AB323A6CEF276600BAB9E705D190806B6C9A7BCAF8331945B2AC72D614
                                      Malicious:true
                                      Reputation:unknown
                                      Preview:!BDN.Bs.SM......\...............).......U................@...........@...@...................................@...........................................................................$.......D.......T..............%...............(...........................................................................................................................................................................................................................................................................................x........8..".l.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                      Download File
                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):131072
                                      Entropy (8bit):0.9440303414045434
                                      Encrypted:false
                                      SSDEEP:
                                      MD5:C60040E3927C7DE6EC1A19B82A56E05D
                                      SHA1:6258D846B8817A6D3D06E14714DD9BF5FB2C5055
                                      SHA-256:0DCA7EE17ACAC320FE1AC0F5640AC6E3633DBB731242FF5AA20B4D98B00C4D67
                                      SHA-512:58B93C5D2834070462B7F275DDA49BC35ED3C3294596BC4B8754E6E6B807C168F7CE4E05EC7AAC08895FB7B1B53AC6971866D2D08E7043FD3A52172A8FEC4F61
                                      Malicious:true
                                      Reputation:unknown
                                      Preview:N..!C...G............M..n.....................#.!BDN.Bs.SM......\...............).......U................@...........@...@...................................@...........................................................................$.......D.......T..............%...............(...........................................................................................................................................................................................................................................................................................x........8..".l..M..n........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                      Static File Info

                                      General

                                      File type:CDFV2 Microsoft Outlook Message
                                      Entropy (8bit):5.579394912429517
                                      TrID:
                                      • Outlook Message (71009/1) 58.92%
                                      • Outlook Form Template (41509/1) 34.44%
                                      • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                      File name:FW_ RE_ Financials for Krohns Appliance (#Ud83d#Udceb Action Required).msg
                                      File size:217'600 bytes
                                      MD5:916348269c0b40b60980f1966ea42a8e
                                      SHA1:cc36a87863453320809f6d51d97b128e38436618
                                      SHA256:f3d3111dffef11055c746b67e9608e2f7d094a86fbca295cc5607e808e50f4ed
                                      SHA512:0e6aef64f791ab321d1d3f17bbc470f9444f1822363b416d9005574d60bd451aab8da1b260eb6d03d34d1894695bcbceef7a46e846ba84f59d732329660151a2
                                      SSDEEP:3072:BSfdHprNu44H9bI+gUNaESu79g8ZunJ/akWaS7ylpWSErN:u2441g8ZqpWSE
                                      TLSH:7224A72436E54A09F37B9F724EE390979526FF82AD10D78F3195730E0572A41A862F2F
                                      File Content Preview:........................>.......................................................~.......e......................................................................................................................................................................

                                      Static Mail

                                      General

                                      Subject:FW: RE: Financials for Krohns Appliance ( Action Required)
                                      From:Tony Journey <TJourney@FirstFedWeb.com>
                                      To:Luis Maciel <LMaciel@firstfedweb.com>
                                      Cc:
                                      BCC:
                                      Date:Mon, 03 Mar 2025 19:52:12 +0100
                                      Communications:
                                      • Does this seem odd? (see email below) I have sent her an email as she is the accountant for a client and I didnt get this bounce back the last time. Kind Regards, Tony Journey VP, Commercial Relationship Manager, NMLS #650449 <http://www.firstfedweb.com/> Phone 503.435.3225 Cell 503.583.1647 Email tjourney@firstfedweb.com 118 NE Third Street, McMinnville, OR 97128 <https://www.facebook.com/firstfederal/> <https://www.instagram.com/first_federal/> <https://www.linkedin.com/company/first-federal-savings-&-loan-of-mcminnville/?viewAsMember=true> <https://www.youtube.com/channel/UCgGrkBPKOtKE-dMx-23qnwA>
                                      • From: Boxbe Notification <boxbe-notifications@boxbe.com> Sent: Monday, March 3, 2025 10:35 AM To: Tony Journey <TJourney@FirstFedWeb.com> Subject: Re: RE: Financials for Krohns Appliance ( Action Required) [EXTERNAL EMAIL: Take caution with links and attachments. ] <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://info.sparkpost.com/f/a/JsAX3jl21_3WHtNKFQR4SA%7E%7E/AAAAfRA%7E/oYsDChyBk6u5qQiwdGaWMW6vBgg3Th5djLxXwC-TGOKDDlE9IZ9GO747dEAnlcH76-tiHQBX-Wa5HulbJqzCex2bg87D2id9t5f-5i-coKpKof45I0EiGXW6pyT6xg15&E=tjourney%40firstfedweb.com&X=XID226dccsjE8316Xd1&T=FF1001&HV=U,E,X,T&H=f53f9283e287219b00858e3b0c62a2c7e0778d8b> Hello Tony Journey, Your message about "RE: Financials for Krohns Appliance" was waitlisted. Please add yourself to my Guest List so your messages will be delivered to my Inbox. Use the link below. Click here to deliver your message <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://info.sparkpost.com/f/a/CNyCkSwPajmKPIoolVaUPA%7E%7E/AAAAfRA%7E/d_X8jMGpgsxcQOgfoVgtCicTQGe89dcNY2qTo8bQ7BXR95MyCRYFUQj_85HYgaSTlAa45C0eYoREfkFG1qHHfxjKOD9KKltKqXqUReEB5he8XaeOCC6zKcCgfVQ41qTTCJsc_gE9JAd-ijYqgkYi1yybLhuLgmiC1fkvpM01TCBtzPkoXQEvMjXjrSfRZtS2-OCkz2njdcoTlnySjyZPCnrtVmhcTnTk3r97AyYrk74NreVxkgenbUdjcpZhxf4m6SefA2fmd5oMX-dFbhoqzA%7E%7E&E=tjourney%40firstfedweb.com&X=XID226dccsjE8316Xd1&T=FF1001&HV=U,E,X,T&H=6cddfe47d52c5c20ea25f98d57b6a32ce380177b> Thank you, cristimcelderry@yahoo.com ________________________________ Boxbe c/o SparkPost | Attn: Legal | 4701 Sangamore Road, suite 100N-139 | Bethesda, MD 20816 Powered by Boxbe "End Email Overload" Privacy Policy <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://info.sparkpost.com/f/a/tqFL8YPYpnQhiKOj6onV4w%7E%7E/AAAAfRA%7E/TvAYP_B5aDZCpKRoEGb0Zu4n9ETP8GtK1YxoAqDi3uqLxrYpe7ISIJexSnu_bYgqwaAb1yfaKGgyOR8A-yIMw25xYq9ODTFYvaYK208slF2FWKBe-Y0zV8miYyJtfQ-DL7djzufldyZDbRMwC0ol2p7QDENbLiLRrGjawzBn827_UdkFTQVZCh-DLhcpl1XfS_AxtkVap9fFgITTU_w0EQGirvNciUcM2oCcFj-MP0zLTq8N69EuRGm8M0TeEybllNNeIKZ7YAS5I8-C49jIqA%7E%7E&E=tjourney%40firstfedweb.com&X=XID226dccsjE8316Xd1&T=FF1001&HV=U,E,X,T&H=9a5eb56c0c478400aeed2f1374c5382d2bc9d7d8> | Unsubscribe <https://clicktime.cloud.postoffice.net/clicktime.php?U=https://info.sparkpost.com/f/a/NBCa47_yo6wafUDK9BGDCw%7E%7E/AAAAfRA%7E/PMrQVDaL9klokRNgxwYms4rFQw-F6KIt0IKxGAk9gJTOENILYyDPxMnicnJyrjjfqFkYpOIdQWZopeYpDYTMkusywbh7ci7f01hYI5kRL_W1qdUQ_ucrw1Epqk2Ipute4d3qCSmW2mJpYVBurXSwiDmzf4hpweKvzyDrHkZtYoUNfX_KoTRCE_aGx2qBqnZIyrtQdOZygzI6jB8gqgM5SNdkEqt5TV8iVYd2ZRjdKdFuwc_EbX2N4LU2CJkj2y163xPFqkwPo292cXp0qUdysQ%7E%7E&E=tjourney%40firstfedweb.com&X=XID226dccsjE8316Xd1&T=FF1001&HV=U,E,X,T&H=c6f7ff3a18550fdf5da3c60d5f8d150e8efb1f15> Boxbe.com 2025 All Rights Reserved
                                      Attachments:
                                      • ~WRD0001.jpg
                                      • image001.png
                                      • image002.png
                                      • image003.png
                                      • image004.png
                                      • image005.png
                                      • image006.png
                                      • image007.png
                                      • image008.jpg
                                      • image009.png
                                      Key Value
                                      Receivedfrom SJ2PR22MB3800.namprd22.prod.outlook.com
                                      1852:12 +0000
                                      Authentication-Resultsdkim=none (message not signed)
                                      by CH3PR22MB5642.namprd22.prod.outlook.com (260310b6:610:1d4::6) with
                                      2025 1852:12 +0000
                                      ([fe80:34f:3555:6ef5:718c%6]) with mapi id 15.20.8511.014; Mon, 3 Mar 2025
                                      Content-Typeapplication/ms-tnef; name="winmail.dat"
                                      Content-Transfer-Encodingbinary
                                      FromTony Journey <TJourney@FirstFedWeb.com>
                                      ToLuis Maciel <LMaciel@firstfedweb.com>
                                      Subject=?utf-8?B?Rlc6IFJFOiBGaW5hbmNpYWxzIGZvciBLcm9obnMgQXBwbGlhbmNlICjwn5Or?=
                                      Thread-Topic=?utf-8?B?UkU6IEZpbmFuY2lhbHMgZm9yIEtyb2hucyBBcHBsaWFuY2UgKPCfk6sgQWN0?=
                                      Thread-IndexAQHbjGtFMYmMD82zfkabTvLKXn4/47NhwamA
                                      DateMon, 3 Mar 2025 18:52:12 +0000
                                      Message-ID<SJ2PR22MB38002F3B8FECAD3EF992D762DCC92@SJ2PR22MB3800.namprd22.prod.outlook.com>
                                      References<8F.B3.22199.176F5C76@i-05ccf63a6594d3a7a.mta1vrest.sd.prd.sparkpost>
                                      In-Reply-To<8F.B3.22199.176F5C76@i-05ccf63a6594d3a7a.mta1vrest.sd.prd.sparkpost>
                                      Accept-Languageen-US
                                      Content-Languageen-US
                                      X-MS-Has-Attachyes
                                      X-MS-Exchange-Organization-SCL1
                                      X-MS-TNEF-Correlator<SJ2PR22MB38002F3B8FECAD3EF992D762DCC92@SJ2PR22MB3800.namprd22.prod.outlook.com>
                                      x-sf-inspectorhandled1
                                      MIME-Version1.0
                                      X-MS-Exchange-Organization-MessageDirectionalityOriginating
                                      X-MS-Exchange-Organization-AuthSourceSJ2PR22MB3800.namprd22.prod.outlook.com
                                      X-MS-Exchange-Organization-AuthAsInternal
                                      X-MS-Exchange-Organization-AuthMechanism04
                                      X-MS-Exchange-Organization-Network-Message-Id15619bbf-9ef5-4b00-03a8-08dd5a84825a
                                      X-MS-PublicTrafficTypeEmail
                                      X-MS-TrafficTypeDiagnosticSJ2PR22MB3800:EE_|CH3PR22MB5642:EE_|LV8PR22MB5166:EE_
                                      Return-PathTJourney@FirstFedWeb.com
                                      X-MS-Exchange-Organization-ExpirationStartTime03 Mar 2025 18:52:12.8544
                                      X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                      X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                      X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                      X-MS-Office365-Filtering-Correlation-Id15619bbf-9ef5-4b00-03a8-08dd5a84825a
                                      X-MS-Exchange-Organization-BypassClutter$true
                                      X-Microsoft-AntispamBCL:0;ARA:13230040|4022899009|366016|8096899003|41050700001;
                                      X-Forefront-Antispam-ReportCIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ2PR22MB3800.namprd22.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(4022899009)(366016)(8096899003)(41050700001);DIR:INT;
                                      X-MS-Exchange-CrossTenant-OriginalArrivalTime03 Mar 2025 18:52:12.5192
                                      X-MS-Exchange-CrossTenant-FromEntityHeaderHosted
                                      X-MS-Exchange-CrossTenant-Id3778f0b2-789a-4d43-b25e-d4fe25a4c3c0
                                      X-MS-Exchange-CrossTenant-AuthSourceSJ2PR22MB3800.namprd22.prod.outlook.com
                                      X-MS-Exchange-CrossTenant-AuthAsInternal
                                      X-MS-Exchange-CrossTenant-Network-Message-Id15619bbf-9ef5-4b00-03a8-08dd5a84825a
                                      X-MS-Exchange-CrossTenant-MailboxTypeHOSTED
                                      X-MS-Exchange-CrossTenant-UserPrincipalName+0CxasSrBYJ6OZDKIevyv7H3eXmn45B6KwlbUMJBE3/i8rrW3dkK5zC4S9UiQpWDbOkhpg5DyHLqiVCILzJodJej78rGeongqlskA9s9Vx0=
                                      X-MS-Exchange-Transport-CrossTenantHeadersStampedCH3PR22MB5642
                                      X-MS-Exchange-Transport-EndToEndLatency00:00:04.2294848
                                      X-MS-Exchange-Processed-By-BccFoldering15.20.8511.011
                                      X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(425001)(930097)(140003);
                                      X-Microsoft-Antispam-Message-Info2kkUrEVD6F0Ko4bZx+erFz2Uc17AmFf+6JSL73UGJVSH/b0/vrEF4aDtco8iGpVBSerpFrrKSckGQ4TvbkjIr5w4qrsJoEy/Af7JnMXIPA4n/8EMrrRgh69mQVd2VLGP9z0n7ghu8zz3OwC80+Np4igOZF8QvmCn/qQlhrImlXd/T95/TiT2Mq5PNlqB8LeNMFW5ACJleznOBVCrZ+M2ttF5NbGEh072KvwpFIYb1UjQfkV8JD9+CSofJpOIUeZxUFBdsCCv+5OAWNyxpLzplT8m4uHLIqT3acUeqKLdFqdGiyp53t36hmQInLXpV20/pvdyqUnnenSbXozc62rxwQmL3XmDbqtCBgSvUP3Abk92uDf9jLA50ulkCGH3AEFn059Iqk8azSURIoVXLORqJsmVnMjKddBsg6KyfbH2j3qLGS1vudHusF94lBVXP2xh0iIpdXgP/500ODwy76BR7ZfdauWkdellXhewPCRrGxYMoOwXIY3E5DMHPrFbTrPs/X0+quGaEZvsdZFMMS/B65OtCknjqe4OZ96FveA/ldx35quL8Kbe5C/CKVL/GbnM5PJjdpSt2GynSYuz0T1zwSy5IEUNSV2neLR8fUW+kmyuAdWu5cLtzyY2Ph9kM3mBWBlSprUGUVb9+GqaENikL3X0LWfasubXY85y9fmSCGwc1m/mpBM4wZzlncTAOh4xn3BHlpjPingnmpFRcQxDYCaQaAo5mg3G5vTmE8Uf6ArtS/LS1CU2cmPr0GqkcOK0CBQCTGusnDI0CvAOTSEh/9LxhbQhIRjWlzqMRvB129g=
                                      dateMon, 03 Mar 2025 19:52:12 +0100

                                      File Icon

                                      Icon Hash:c4e1928eacb280a2