Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0.eml

Overview

General Information

Sample name:phish_alert_sp2_2.0.0.0.eml
Analysis ID:1634264
MD5:db7475997d4da17d99018db894360cb4
SHA1:01e740bb444d88a2a43baebb420db675d5fe2810
SHA256:bb4551aa7e317972eb18edd6b2f4691d44a53b0934d3b61f48d38a463da037e1
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected suspicious elements in Email content
Suspicious MSG / EML detected (based on various text indicators)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected suspicious crossdomain redirect
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 852 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 3884 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B5307F62-35D3-406B-921E-6BB90BD61992" "4DB0D72B-D284-49AD-873D-BFF419BEC227" "852" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 2276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046541097%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=g7JJDorgoEU9nzEGqo%2B2l3xuwSkI6hduY7Gc%2FzZ%2FLYY%3D&reserved=0 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 2132 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,10021154810342745965,13909913859253319619,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 1200 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046520586%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=6lWRX4nrvG%2BLS2vcbm5wL7ILwRN9m0CN1gT2TQxmT8c%3D&reserved=0 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 852, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: EmailJoe Sandbox AI: Page contains button: 'OPEN FULL PDF HERE' Source: 'Email'
Source: EmailJoe Sandbox AI: Email contains prominent button: 'open full pdf here'
AI detected suspicious elements in Email content
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email contains suspicious 'OPEN FULL PDF HERE' links that are repeated multiple times, a common phishing tactic. The email claims to be from Molly Maid but contains multiple unrelated contact information and signatures from different companies. The message is unnecessarily repetitive and poorly formatted, typical of automated phishing attempts
Suspicious MSG / EML detected (based on various text indicators)
Source: MSG / EMLOCR Text: This email originated from outside of the organization and has no company addresses listed in the TO or CC boxes, which is CAUTION: suspicious. Please use caution before opening any attachments, clicking any links, or following instructions below. Do not sign-in with your corporate account and please report email as phishing if in doubt. Warning Code: [OH2] Please see attached fax message for your review and approval. Kindly get back to me with your review option. OPEN FULL PDF HERE Received & processed: Mon, 10 Mar 2025 - 11:31 AM UTC Pages: 5 Resolution:200x200 DPI Best Regards, Leon Nguyen President Molly Maid of El Monte-La Puente-Yorba Linda 9650 Telstar Ave Unit B El Monte, CA 91731 Office: 714.406.4995 Mobile: 949.259.3984 MollyMaid.com I Neighborly.com Our Vision: To be so remarkable we become a beloved household
Source: EmailClassification: Lure-Based Attack
Source: chrome.exeMemory has grown: Private usage: 2MB later: 35MB
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: nam04.safelinks.protection.outlook.com to https://app.box.com/s/mpx71ual6nd616io8rjfkzvuk5v7e563
Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Redirect from: nam04.safelinks.protection.outlook.com to https://app.box.com/s/mpx71ual6nd616io8rjfkzvuk5v7e563
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.67
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.67
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.253.72
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.66
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046541097%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=g7JJDorgoEU9nzEGqo%2B2l3xuwSkI6hduY7Gc%2FzZ%2FLYY%3D&reserved=0 HTTP/1.1Host: nam04.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /s/mpx71ual6nd616io8rjfkzvuk5v7e563 HTTP/1.1Host: app.box.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notes/1799157467009?s=mpx71ual6nd616io8rjfkzvuk5v7e563 HTTP/1.1Host: app.box.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: z=k6kgthsa2rnmu1kq0ph4m1qsif; box_visitor_id=67cf3dd7752ad4.15522925; bv=MDP-2651; cn=83; site_preference=desktop
Source: global trafficHTTP traffic detected: GET /webapp_assets/js/notes-0ae7a9cc10.min.js HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://app.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /p/note?fileId=1799157467009&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&hostname=app.box.com HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://app.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: box_visitor_id=67cf3dd7752ad4.15522925; site_preference=desktop; _notes_oauth_csrf_=1
Source: global trafficHTTP traffic detected: GET /notes-frontend/notes/css/bundle_0a32f7787aa7af90.min.css HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notes-frontend/l10n/en-i18n_eac75ee14d729fea.min.js HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notes-frontend/l10n/box-react-ui/en-i18n_50ca35eb8ac1e34d.min.js HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notes-frontend/img/question_badge_icon_ead41679627c7323.min.svg HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notes-frontend/notes/js/bundle_56529860b48249b7.min.js HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_assets/img/notes_favicon-NIfakL.png HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://app.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046520586%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=6lWRX4nrvG%2BLS2vcbm5wL7ILwRN9m0CN1gT2TQxmT8c%3D&reserved=0 HTTP/1.1Host: nam04.safelinks.protection.outlook.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /s/mpx71ual6nd616io8rjfkzvuk5v7e563 HTTP/1.1Host: app.box.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: z=k6kgthsa2rnmu1kq0ph4m1qsif; box_visitor_id=67cf3dd7752ad4.15522925; bv=MDP-2651; cn=83; site_preference=desktop; _notes_oauth_csrf_=1
Source: global trafficHTTP traffic detected: GET /notes/1799157467009?s=mpx71ual6nd616io8rjfkzvuk5v7e563 HTTP/1.1Host: app.box.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: z=k6kgthsa2rnmu1kq0ph4m1qsif; box_visitor_id=67cf3dd7752ad4.15522925; bv=MDP-2651; cn=83; site_preference=desktop; _notes_oauth_csrf_=1
Source: global trafficHTTP traffic detected: GET /webapp_assets/js/notes-0ae7a9cc10.min.js HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://app.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /p/note?fileId=1799157467009&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&hostname=app.box.com HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://app.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: box_visitor_id=67cf3dd7752ad4.15522925; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=hauKCupA1RDLYS0JVRQxJ81l; csrf-token=TRCtRXnu-6OCuvd4UzMz4LLFju6bslksuP5s; express_sid=s%3Ay1iK-nJ0H6BpQjlsa2eAUTxAjjC6r5Sj.lM5h7Zzb76jpCY47r7dVzBWVG3f%2BQXeJiX8s5pwrKlI
Source: global trafficHTTP traffic detected: GET /notes-frontend/notes/css/bundle_0a32f7787aa7af90.min.css HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notes-frontend/l10n/en-i18n_eac75ee14d729fea.min.js HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notes-frontend/l10n/box-react-ui/en-i18n_50ca35eb8ac1e34d.min.js HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notes-frontend/img/question_badge_icon_ead41679627c7323.min.svg HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notes-frontend/notes/js/bundle_56529860b48249b7.min.js HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_assets/img/notes_favicon-NIfakL.png HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://app.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /p/note?fileId=1799157467009&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&hostname=app.box.com HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://notes.services.box.com/p/note?fileId=1799157467009&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&hostname=app.box.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: box_visitor_id=67cf3dd7752ad4.15522925; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=hauKCupA1RDLYS0JVRQxJ81l; express_sid=s%3Ay1iK-nJ0H6BpQjlsa2eAUTxAjjC6r5Sj.lM5h7Zzb76jpCY47r7dVzBWVG3f%2BQXeJiX8s5pwrKlI; csrf-token=MuUUX7hV-6hf7vupYMF9JFjwNzqIfB9PKEDs
Source: global trafficHTTP traffic detected: GET /notes-frontend/notes/css/bundle_0a32f7787aa7af90.min.css HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notes-frontend/l10n/en-i18n_eac75ee14d729fea.min.js HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notes-frontend/l10n/box-react-ui/en-i18n_50ca35eb8ac1e34d.min.js HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notes-frontend/img/question_badge_icon_ead41679627c7323.min.svg HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /notes-frontend/notes/js/bundle_56529860b48249b7.min.js HTTP/1.1Host: cdn01.boxcdn.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://notes.services.box.com/p/note?fileId=1799157467009&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&hostname=app.box.comAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: box_visitor_id=67cf3dd7752ad4.15522925; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=hauKCupA1RDLYS0JVRQxJ81l; express_sid=s%3Ay1iK-nJ0H6BpQjlsa2eAUTxAjjC6r5Sj.lM5h7Zzb76jpCY47r7dVzBWVG3f%2BQXeJiX8s5pwrKlI; csrf-token=Dt2aFCga-0i3Hn1PwTxq9FIhnl8hWxn93Q8k
Source: global trafficDNS traffic detected: DNS query: nam04.safelinks.protection.outlook.com
Source: global trafficDNS traffic detected: DNS query: app.box.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: cdn01.boxcdn.net
Source: global trafficDNS traffic detected: DNS query: notes.services.box.com
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:30:37 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53a4828c5a582-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:30:40 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53a5b1b373343-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:30:40 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53a5b3aa10a16-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:30:40 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53a5b69fe8de4-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:30:43 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53a6b6b0b74b2-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:30:43 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53a6cab9c7485-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:30:46 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53a7eba15a53c-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:31:18 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53b4adf34da7f-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:31:21 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53b5c2deb2887-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:31:21 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53b5cbf3ba4f4-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:31:21 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53b5cfc2e25b5-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:31:24 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53b6caef2bc83-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:31:24 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53b6d0b16b883-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:31:27 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53b7e5bb313ca-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:32:09 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53c84ddac2293-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:32:09 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53c84e87cb136-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:32:09 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53c854f65747a-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:32:11 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53c96692f7424-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Mon, 10 Mar 2025 19:32:11 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91e53c96ce8967d2-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 10 Mar 2025 19:32:12 GMTcontent-type: text/html; charset=utf-8Content-Length: 15access-control-expose-headers: Server-Timingserver-timing: traceparent;desc="00-878c7a53c0ce8a543e9bfb2c574525b9-f86e33e0683727aa-00"x-powered-by: Expressset-cookie: csrf-token=HIG7kWnd-P43rkE5zEmGR8qHsf4i5ylKbAew; Path=/; Secure; SameSite=Nonestrict-transport-security: max-age=31536000x-frame-options: ALLOW-FROM https://app.box.comcontent-security-policy: frame-ancestors https://app.box.cometag: W/"f-Z280BOLXUGgeynAe/z2VTx5EI7Q"x-envoy-upstream-service-time: 3via: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir2276_1464225127
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir2276_1464225127
Source: classification engineClassification label: mal52.phis.winEML@28/2@14/148
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250310T1530080260-852.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B5307F62-35D3-406B-921E-6BB90BD61992" "4DB0D72B-D284-49AD-873D-BFF419BEC227" "852" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046541097%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=g7JJDorgoEU9nzEGqo%2B2l3xuwSkI6hduY7Gc%2FzZ%2FLYY%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,10021154810342745965,13909913859253319619,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B5307F62-35D3-406B-921E-6BB90BD61992" "4DB0D72B-D284-49AD-873D-BFF419BEC227" "852" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046541097%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=g7JJDorgoEU9nzEGqo%2B2l3xuwSkI6hduY7Gc%2FzZ%2FLYY%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2012,i,10021154810342745965,13909913859253319619,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046520586%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=6lWRX4nrvG%2BLS2vcbm5wL7ILwRN9m0CN1gT2TQxmT8c%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046520586%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=6lWRX4nrvG%2BLS2vcbm5wL7ILwRN9m0CN1gT2TQxmT8c%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions		1
Process Injection		11
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
File Deletion		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://cdn01.boxcdn.net/notes-frontend/l10n/box-react-ui/en-i18n_50ca35eb8ac1e34d.min.js0%Avira URL Cloudsafe
https://cdn01.boxcdn.net/webapp_assets/js/notes-0ae7a9cc10.min.js0%Avira URL Cloudsafe
https://cdn01.boxcdn.net/notes-frontend/l10n/en-i18n_eac75ee14d729fea.min.js0%Avira URL Cloudsafe
https://notes.services.box.com/p/note?fileId=1799157467009&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&hostname=app.box.com0%Avira URL Cloudsafe
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046541097%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=g7JJDorgoEU9nzEGqo%2B2l3xuwSkI6hduY7Gc%2FzZ%2FLYY%3D&reserved=00%Avira URL Cloudsafe
https://app.box.com/s/mpx71ual6nd616io8rjfkzvuk5v7e5630%Avira URL Cloudsafe
https://cdn01.boxcdn.net/notes-frontend/notes/css/bundle_0a32f7787aa7af90.min.css0%Avira URL Cloudsafe
https://cdn01.boxcdn.net/notes-frontend/notes/js/bundle_56529860b48249b7.min.js0%Avira URL Cloudsafe
https://cdn01.boxcdn.net/notes-frontend/img/question_badge_icon_ead41679627c7323.min.svg0%Avira URL Cloudsafe
https://cdn01.boxcdn.net/_assets/img/notes_favicon-NIfakL.png0%Avira URL Cloudsafe
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046520586%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=6lWRX4nrvG%2BLS2vcbm5wL7ILwRN9m0CN1gT2TQxmT8c%3D&reserved=00%Avira URL Cloudsafe
https://notes.services.box.com/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
nam04.safelinks.eop-tm2.outlook.com
104.47.73.156
truefalse
    		high
    notes.services.box.com
    		74.112.186.157
    		truefalse
      		high
      www.google.com
      		216.58.212.164
      		truefalse
        		high
        s-0005.dual-s-msedge.net
        		52.123.129.14
        		truefalse
          		high
          app.box.com
          		74.112.186.157
          		truefalse
            		high
            cdn01.boxcdn.net.cdn.cloudflare.net
            		104.16.144.15
            		truefalse
              		high
              nam04.safelinks.protection.outlook.com
              		unknown
              		unknownfalse
                		high
                cdn01.boxcdn.net
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://cdn01.boxcdn.net/webapp_assets/js/notes-0ae7a9cc10.min.jsfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://cdn01.boxcdn.net/_assets/img/notes_favicon-NIfakL.pngfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://notes.services.box.com/p/note?fileId=1799157467009&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&hostname=app.box.com#false
                    		unknown
                    https://app.box.com/s/mpx71ual6nd616io8rjfkzvuk5v7e563false
                    • Avira URL Cloud: safe
                    		unknown
                    https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046541097%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=g7JJDorgoEU9nzEGqo%2B2l3xuwSkI6hduY7Gc%2FzZ%2FLYY%3D&reserved=0false
                    • Avira URL Cloud: safe
                    		unknown
                    https://cdn01.boxcdn.net/notes-frontend/l10n/box-react-ui/en-i18n_50ca35eb8ac1e34d.min.jsfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://app.box.com/notes/1799157467009?s=mpx71ual6nd616io8rjfkzvuk5v7e563false
                      		unknown
                      https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046520586%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=6lWRX4nrvG%2BLS2vcbm5wL7ILwRN9m0CN1gT2TQxmT8c%3D&reserved=0false
                      • Avira URL Cloud: safe
                      		unknown
                      https://cdn01.boxcdn.net/notes-frontend/l10n/en-i18n_eac75ee14d729fea.min.jsfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://cdn01.boxcdn.net/notes-frontend/img/question_badge_icon_ead41679627c7323.min.svgfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://notes.services.box.com/favicon.icofalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://notes.services.box.com/p/note?fileId=1799157467009&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&hostname=app.box.comfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://cdn01.boxcdn.net/notes-frontend/notes/css/bundle_0a32f7787aa7af90.min.cssfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://cdn01.boxcdn.net/notes-frontend/notes/js/bundle_56529860b48249b7.min.jsfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      74.112.186.157
                      		notes.services.box.comUnited States
                      		33011BOXNETUSfalse
                      142.250.185.67
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      104.16.144.15
                      		cdn01.boxcdn.net.cdn.cloudflare.netUnited States
                      		13335CLOUDFLARENETUSfalse
                      1.1.1.1
                      		unknownAustralia
                      		13335CLOUDFLARENETUSfalse
                      108.177.15.84
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      216.58.212.164
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      104.16.145.15
                      		unknownUnited States
                      		13335CLOUDFLARENETUSfalse
                      142.250.185.110
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      20.42.65.94
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      52.123.129.14
                      		s-0005.dual-s-msedge.netUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      142.250.185.238
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      52.111.231.23
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      216.58.206.35
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      216.58.206.46
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      52.109.28.46
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      104.47.73.156
                      		nam04.safelinks.eop-tm2.outlook.comUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      142.250.185.74
                      		unknownUnited States
                      		15169GOOGLEUSfalse

                      Private

                      IP
                      192.168.2.17
                      192.168.2.23

                      General Information

                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1634264
                      Start date and time:2025-03-10 20:29:31 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:17
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Sample name:phish_alert_sp2_2.0.0.0.eml
                      Detection:MAL
                      Classification:mal52.phis.winEML@28/2@14/148
                      Cookbook Comments:
                      • Found application associated with file extension: .eml

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe
                      • Excluded IPs from analysis (whitelisted): 52.109.28.46
                      • Excluded domains from analysis (whitelisted): config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, officeclient.microsoft.com, europe.configsvc1.live.com.akadns.net, uks-azsc-config.officeapps.live.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtOpenFile calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • VT rate limit hit for: notes.services.box.com

                      Created / dropped Files

                      Chrome Cache Entry: 63

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with no line terminators
                      Category:downloaded
                      Size (bytes):15
                      Entropy (8bit):3.323231428797621
                      Encrypted:false
                      SSDEEP:
                      MD5:DE9219E425CC35B85E0FA0222F625269
                      SHA1:676F3404E2D750681ECA701EFF3D954F1E4423B4
                      SHA-256:2D857A3660E0240BAC3AE9F98E2287F46EB6AEBF724775FE130AF2A6C7DFC3C4
                      SHA-512:AB9B3B066EA4FF0AF3A36B4EEBFCBB8789503C2DFC64D75E94F038CC1B57DB7F5C55F0C72D9C7910EB4D3BD133D4F8F6DF321E57660C55D2CE5648DF2A7670D8
                      Malicious:false
                      Reputation:unknown
                      URL:https://notes.services.box.com/favicon.ico
                      Preview:404 - Not Found

                      Chrome Cache Entry: 64

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with no line terminators
                      Category:downloaded
                      Size (bytes):56
                      Entropy (8bit):4.824862957617357
                      Encrypted:false
                      SSDEEP:
                      MD5:8672D802BB4A0493D39E73BA9D6261B7
                      SHA1:0BCB6C17CBD38BC47E95785DBEEE49E799A43131
                      SHA-256:C507F872DC381ABB17C9CBFF3CBC73241104CC662E5C82224AF019B6A2949ADF
                      SHA-512:2461A2A174BCB23D6E9F49D6B2AA606EDF6BCE71FD787816AB863EFBB9D6241838BE49450C3254699E403C4D68F44AD6B212E75E215654FF276622C6496AC093
                      Malicious:false
                      Reputation:unknown
                      URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCSKRHd_zmXwTEgUNBu27_xIFDUqFnlIhSxX_672f2AoSIAm_98CdFBUVJxIFDQbtu_8SBQ1KhZ5SIUsV_-u9n9gK?alt=proto
                      Preview:ChIKBw0G7bv/GgAKBw1KhZ5SGgAKEgoHDQbtu/8aAAoHDUqFnlIaAA==

                      Static File Info

                      General

                      File type:RFC 822 mail, ASCII text, with very long lines (2049), with CRLF line terminators
                      Entropy (8bit):6.060130578684187
                      TrID:
                      • E-Mail message (Var. 5) (54515/1) 100.00%
                      File name:phish_alert_sp2_2.0.0.0.eml
                      File size:400'697 bytes
                      MD5:db7475997d4da17d99018db894360cb4
                      SHA1:01e740bb444d88a2a43baebb420db675d5fe2810
                      SHA256:bb4551aa7e317972eb18edd6b2f4691d44a53b0934d3b61f48d38a463da037e1
                      SHA512:b375a9620abdfadf9cbdd8ec71b8749ee81566388da636a40825386e190c848be81497f27aafef086fdf5beda1af739c1432c97e5fcb7a5fd073888f17a18455
                      SSDEEP:12288:gs02EvCCSRgJaVw1/9oLremAhmrX07Wbrm:LCOiYwJCVzrm
                      TLSH:E984E0318D4C2BCF223319ADDB172A3E7D8955DDB24194CF299FB1E8D79A0205A6DCE0
                      File Content Preview:Received: from PH7PR08MB8533.namprd08.prod.outlook.com.. (2603:10b6:510:248::17) by LV8PR08MB9317.namprd08.prod.outlook.com with.. HTTPS; Mon, 10 Mar 2025 18:48:24 +0000..Received: from SJ0PR03CA0384.namprd03.prod.outlook.com.. (2603:10b6:a03:3a1::29) by

                      Static Mail

                      General

                      Subject:[EXTERNAL] Purchase Order #248251 From Molly Maid
                      From:El Monte and Montebello Molly Maid of La Puente <vy.nguyen@mollymaid.com>
                      To:El Monte and Montebello Molly Maid of La Puente <vy.nguyen@mollymaid.com>
                      Cc:"Molly Maid of La Puente, El Monte and Montebello" <vy.nguyen@mollymaid.com>
                      BCC:"Molly Maid of La Puente, El Monte and Montebello" <vy.nguyen@mollymaid.com>
                      Date:Mon, 10 Mar 2025 18:48:10 +0000
                      Communications:
                      • CAUTION: This email originated from outside of the organization and has no company addresses listed in the TO or CC boxes, which is suspicious. Please use caution before opening any attachments, clicking any links, or following instructions below. Do not sign-in with your corporate account and please report email as phishing if in doubt.Warning Code: [OH2] Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Best Regards, Leon NguyenPresidentMolly Maid of El Monte-La Puente-Yorba Linda9650 Telstar Ave Unit BEl Monte, CA 91731Office: 714.406.4995Mobile: 949.259.3984MollyMaid.com | Neighborly.comOur Vision: To be so remarkable we become a beloved household Louisa Nitz, Advertising & Sales,402-371-1020 ext. 226/402-644-2026 Direct Linelnitz@norfolkdailynews.com www.norfolkdailynews.com | Book a meeting hereYour News, Your Way Print - Online - Mobile - This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation Travis ArbogastSales Manager One Chestnut StreetNashua, NH 03060HQ: (603) 880-4420 X102Fax: (603) 880-4536Direct: (603) 836-4744 Tarbogast@criticalprocess.com Please consider the environment before printing this emailCONFIDENTIALITY NOTICE. This email transmission may contain confidential information. It is intended only for the recipient(s) identified above. If you are not the intended recipient, you are hereby notified that the disclosure, copying, distribution or use of the contents of this transmission is strictly prohibited, and no privilege or protection has been waived. If you received this email in error, please (1) do not read it, (2) reply to the sender that you received the message in error, and (3) delete or destroy the message. Thank You,Matthew Reid One Chestnut StreetNashua, NH 03060HQ: (603) 880-4420 , Ext. 106Fax: (603) 880-4536Direct: (603) 782-0545matthew@criticalprocess.com Please consider the environment before printing this emailCONFIDENTIALITY NOTICE. This email transmission may contain confidential information. It is intended only for the recipient(s) identified above. If you are not the intended recipient, you are hereby notified that the disclosure, copying, distribution or use of the contents of this transmission is strictly prohibited, and no privilege or protection has been waived. If you received this email in error, please (1) do not read it, (2) reply to the sender that you received the message in error, and (3) delete or destroy the message. <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4;} @font-face {font-family:Aptos;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; font-size:12.0pt; font-family:"Aptos",sans-serif; mso-ligatures:standardcontextual;} a:link, span.MsoHyperlink {mso-style-priority:99; color:#467886; text-decoration:underline;} span.EmailStyle18 {mso-style-type:personal-compose; font-family:"Aptos",sans-serif; color:windowtext;} .MsoChpDefault {mso-style-type:export-only; font-size:10.0pt; mso-ligatures:none;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in;} div.WordSection1 {page:WordSection1;} --> CAUTION: This email originated from outside of the organization and has no company addresses listed in the TO or CC boxes, which is suspicious. Please use caution before opening any attachments, clicking any links, or following instructions below. Do not sign-in with your corporate account and please report email as phishing if in doubt.Warning Code: [OH2] Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Best Regards, Leon NguyenPresidentMolly Maid of El Monte-La Puente-Yorba Linda9650 Telstar Ave Unit BEl Monte, CA 91731Office: 714.406.4995Mobile: 949.259.3984MollyMaid.com | Neighborly.comOur Vision: To be so remarkable we become a beloved household Louisa Nitz, Advertising & Sales,402-371-1020 ext. 226/402-644-2026 Direct Linelnitz@norfolkdailynews.com www.norfolkdailynews.com | Book a meeting hereYour News, Your Way Print - Online - Mobile - This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation Travis ArbogastSales Manager One Chestnut StreetNashua, NH 03060HQ: (603) 880-4420 X102Fax: (603) 880-4536Direct: (603) 836-4744 Tarbogast@criticalprocess.com Please consider the environment before printing this emailCONFIDENTIALITY NOTICE. This email transmission may contain confidential information. It is intended only for the recipient(s) identified above. If you are not the intended recipient, you are hereby notified that the disclosure, copying, distribution or use of the contents of this transmission is strictly prohibited, and no privilege or protection has been waived. If you received this email in error, please (1) do not read it, (2) reply to the sender that you received the message in error, and (3) delete or destroy the message. Thank You,Matthew Reid One Chestnut StreetNashua, NH 03060HQ: (603) 880-4420 , Ext. 106Fax: (603) 880-4536Direct: (603) 782-0545matthew@criticalprocess.com Please consider the environment before printing this emailCONFIDENTIALITY NOTICE. This email transmission may contain confidential information. It is intended only for the recipient(s) identified above. If you are not the intended recipient, you are hereby notified that the disclosure, copying, distribution or use of the contents of this transmission is strictly prohibited, and no privilege or protection has been waived. If you received this email in error, please (1) do not read it, (2) reply to the sender that you received the message in error, and (3) delete or destroy the message. CAUTION: This email originated from outside of the organization and has no company addresses listed in the TO or CC boxes, which is suspicious. Please use caution before opening any attachments, clicking any links, or following instructions below. Do not sign-in with your corporate account and please report email as phishing if in doubt.Warning Code: [OH2] CAUTION: Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Best Regards, Leon NguyenPresidentMolly Maid of El Monte-La Puente-Yorba Linda9650 Telstar Ave Unit BEl Monte, CA 91731Office: 714.406.4995Mobile: 949.259.3984MollyMaid.com | Neighborly.comOur Vision: To be so remarkable we become a beloved household Louisa Nitz, Advertising & Sales,402-371-1020 ext. 226/402-644-2026 Direct Linelnitz@norfolkdailynews.com www.norfolkdailynews.com | Book a meeting hereYour News, Your Way Print - Online - Mobile - This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation Travis ArbogastSales Manager One Chestnut StreetNashua, NH 03060HQ: (603) 880-4420 X102Fax: (603) 880-4536Direct: (603) 836-4744 Tarbogast@criticalprocess.com Please consider the environment before printing this emailCONFIDENTIALITY NOTICE. This email transmission may contain confidential information. It is intended only for the recipient(s) identified above. If you are not the intended recipient, you are hereby notified that the disclosure, copying, distribution or use of the contents of this transmission is strictly prohibited, and no privilege or protection has been waived. If you received this email in error, please (1) do not read it, (2) reply to the sender that you received the message in error, and (3) delete or destroy the message. Thank You,Matthew Reid One Chestnut StreetNashua, NH 03060HQ: (603) 880-4420 , Ext. 106Fax: (603) 880-4536Direct: (603) 782-0545matthew@criticalprocess.com Please consider the environment before printing this emailCONFIDENTIALITY NOTICE. This email transmission may contain confidential information. It is intended only for the recipient(s) identified above. If you are not the intended recipient, you are hereby notified that the disclosure, copying, distribution or use of the contents of this transmission is strictly prohibited, and no privilege or protection has been waived. If you received this email in error, please (1) do not read it, (2) reply to the sender that you received the message in error, and (3) delete or destroy the message. Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Best Regards, Leon NguyenPresidentMolly Maid of El Monte-La Puente-Yorba Linda9650 Telstar Ave Unit BEl Monte, CA 91731Office: 714.406.4995Mobile: 949.259.3984MollyMaid.com | Neighborly.comOur Vision: To be so remarkable we become a beloved household Louisa Nitz, Advertising & Sales,402-371-1020 ext. 226/402-644-2026 Direct Linelnitz@norfolkdailynews.com www.norfolkdailynews.com | Book a meeting hereYour News, Your Way Print - Online - Mobile - This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation Travis ArbogastSales Manager One Chestnut StreetNashua, NH 03060HQ: (603) 880-4420 X102Fax: (603) 880-4536Direct: (603) 836-4744 Tarbogast@criticalprocess.com Please consider the environment before printing this emailCONFIDENTIALITY NOTICE. This email transmission may contain confidential information. It is intended only for the recipient(s) identified above. If you are not the intended recipient, you are hereby notified that the disclosure, copying, distribution or use of the contents of this transmission is strictly prohibited, and no privilege or protection has been waived. If you received this email in error, please (1) do not read it, (2) reply to the sender that you received the message in error, and (3) delete or destroy the message. Thank You,Matthew Reid One Chestnut StreetNashua, NH 03060HQ: (603) 880-4420 , Ext. 106Fax: (603) 880-4536Direct: (603) 782-0545matthew@criticalprocess.com Please consider the environment before printing this emailCONFIDENTIALITY NOTICE. This email transmission may contain confidential information. It is intended only for the recipient(s) identified above. If you are not the intended recipient, you are hereby notified that the disclosure, copying, distribution or use of the contents of this transmission is strictly prohibited, and no privilege or protection has been waived. If you received this email in error, please (1) do not read it, (2) reply to the sender that you received the message in error, and (3) delete or destroy the message. Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046520586%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=6lWRX4nrvG%2BLS2vcbm5wL7ILwRN9m0CN1gT2TQxmT8c%3D&reserved=0 Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI Please see attached fax message for your review and approval. Kindly get back to me with your review option.OPEN FULL PDF HEREReceived & processed: Mon, 10 Mar 2025 - 11:31 AM UTCPages: 5Resolution:200x200 DPI OPEN FULL PDF HERE https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.box.com%2Fs%2Fmpx71ual6nd616io8rjfkzvuk5v7e563&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046541097%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=g7JJDorgoEU9nzEGqo%2B2l3xuwSkI6hduY7Gc%2FzZ%2FLYY%3D&reserved=0 Best Regards, Leon NguyenPresidentMolly Maid of El Monte-La Puente-Yorba Linda9650 Telstar Ave Unit BEl Monte, CA 91731Office: 714.406.4995Mobile: 949.259.3984MollyMaid.com | Neighborly.comOur Vision: To be so remarkable we become a beloved household Leon NguyenPresidentMolly Maid of El Monte-La Puente-Yorba Linda9650 Telstar Ave Unit BEl Monte, CA 91731Office: 714.406.4995Mobile: 949.259.3984MollyMaid.com | Neighborly.comOur Vision: To be so remarkable we become a beloved household Leon NguyenPresidentMolly Maid of El Monte-La Puente-Yorba Linda9650 Telstar Ave Unit BEl Monte, CA 91731Office: 714.406.4995Mobile: 949.259.3984MollyMaid.com | Neighborly.comOur Vision: To be so remarkable we become a beloved household Leon NguyenPresidentMolly Maid of El Monte-La Puente-Yorba Linda9650 Telstar Ave Unit BEl Monte, CA 91731Office: 714.406.4995Mobile: 949.259.3984MollyMaid.com | Neighborly.comOur Vision: To be so remarkable we become a beloved household Leon Nguyen Leon Nguyen PresidentMolly Maid of El Monte-La Puente-Yorba Linda Molly Maid of El Monte-La Puente-Yorba Linda 9650 Telstar Ave Unit B 9650 Telstar Ave Unit B El Monte, CA 91731 El Monte, CA 91731 Office: 714.406.4995 Office: 714.406.4995 Mobile: 949.259.3984 Mobile: 949.259.3984 MollyMaid.com | Neighborly.com MollyMaid.com | Neighborly.com MollyMaid.com MollyMaid.com https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mollymaid.com%2F&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046551017%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=%2FPWfonWTItlXKdXES%2BjKeYHPCV27TwrQjId454kUHaw%3D&reserved=0 Neighborly.com Neighborly.com https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.neighborly.com%2F&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046560628%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=3%2F34UEmhN%2BY%2B4A5z8JjO%2B8esMUGWFuzULxug2vuSEzs%3D&reserved=0 Our Vision: To be so remarkable we become a beloved household Our Vision: Louisa Nitz, Advertising & Sales, 402-371-1020 ext. 226/ 402-644-2026 Direct Line lnitz@norfolkdailynews.com lnitz@norfolkdailynews.com mailto:lnitz@norfolkdailynews.com https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnorfolkdailynews.com%2F&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046595772%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=CqZ2CuDRC1AFDQzMAby1ksk%2BNbTOmpeJErZecE6Nfv0%3D&reserved=0 www.norfolkdailynews.com | Book a meeting here www.norfolkdailynews.com https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.norfolkdailynews.com%2F&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046609835%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=z%2BWdOrb7zQWpqcp998doJgMI4%2FK6lpxpqaH%2Bg%2BNUYe8%3D&reserved=0 here https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office365.com%2Fowa%2Fcalendar%2F1479820b93d44981903162015c9b248e%40norfolkdailynews.com%2F223e03db002b4ad7800e199135700ef415791826779423486326%2Fcalendar.html&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046622301%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=7%2BgnavtCD%2FjIEiDrWhK8ySpoGX7exNFIPQ9jflTBtQk%3D&reserved=0 Your News, Your Way Print - Online - Mobile - https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FNorfolkDaily%2F&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046634692%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=RK6cDhOyt0pXbuKjab5hJhlIyFYcIst6X9MnQAzKoAs%3D&reserved=0 https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fx.com%2Fnorfolknews&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046646604%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=qui5S0ziB%2BbRQvY7LTlOkXY5QTEdhshdKhTE0GAsbIw%3D&reserved=0 https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fuser%2Fndnvideos&data=05%7C02%7Cvreed%40olgoonik.com%7C47f4b157551f496cf68b08dd60041e56%7C341c5aad39be47a3901e146d297ecd80%7C0%7C0%7C638772293046658379%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=ZUOuH6Dz%2BHAzjT1pzPYRQ6PTp%2Fn3YhKP0K2ekjm3HCM%3D&reserved=0 This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation Travis Arbogast Sales Manager One Chestnut Street Nashua, NH 03060 HQ: (603) 880-4420 X102 Fax: (603) 880-4536 Direct: (603) 836-4744 Tarbogast@criticalprocess.com Tarbogast@criticalprocess.com mailto:Tarbogast@criticalprocess.com Please consider the environment before printing this email CONFIDENTIALITY NOTICE. This email transmission may contain confidential information. It is intended only for the recipient(s) identified above. If you are not the intended recipient, you are hereby notified that the disclosure, copying, distribution or use of the contents of this transmission is strictly prohibited, and no privilege or protection has been waived. If you received this email in error, please (1) do not read it, (2) reply to the sender that you received the message in error, and (3) delete or destroy the message. Thank You, Matthew Reid One Chestnut Street Nashua, NH 03060 HQ: (603) 880-4420 , Ext. 106 Fax: (603) 880-4536 Direct: (603) 782-0545 matthew@criticalprocess.com matthew@criticalprocess.com mailto:matthew@criticalprocess.com Please consider the environment before printing this email CONFIDENTIALITY NOTICE. This email transmission may contain confidential information. It is intended only for the recipient(s) identified above. If you are not the intended recipient, you are hereby notified that the disclosure, copying, distribution or use of the contents of this transmission is strictly prohibited, and no privilege or protection has been waived. If you received this email in error, please (1) do not read it, (2) reply to the sender that you received the message in error, and (3) delete or destroy the message.
                      Attachments:
                      • image001.png
                      • image002.png
                      • image003.png
                      • image004.png
                      • image005.png
                      • image006.png

                      Headers

                      Key Value
                      Receivedfrom SA1PR12MB8598.namprd12.prod.outlook.com ([fe80::ef8d:f1bd:e5ca:2ef6]) by SA1PR12MB8598.namprd12.prod.outlook.com ([fe80::ef8d:f1bd:e5ca:2ef6%2]) with mapi id 15.20.8511.025; Mon, 10 Mar 2025 18:48:10 +0000
                      Arc-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Nhm8ZwoV9xTxympR+yZlvqxtfdwUnhPBCZyI7zD99ylRJlq1k0It0DToEIaLvp5QEB7Cbu/vJYaHj5yvjgmbJCQ4er35GWorPyw55DZSnh6VfSh2mJafanN6n6AwcltfSQhSMwRvyt1M66Q6Mdk1YK0toMSPVoI/gW90U0TRI6Not07qSEhRAXsOKg6Qri6ceSeJTx4DGrf4RwQPsvm8+YhT424tCaMWR+QC5QM713d82EMX4jD2DOVf1LxvT8C7jh2376OpKbFa7bi5n+AIFLRsxb+rIt3j+7VKycrA5PWIwb39QPu0LJgHyRnEf0OH6TmslirzXsSVNycwt6IBTw==
                      Arc-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hMYXK18Tm7fQJkf4pUo6FmOna1tkMWyQ7meJmz27zFE=; b=YXZXYvnYKKbmQjpRC2CIkquqWFDX0ViVJSvTH5mE7pFv67xMR9JCjvpSNNEAHpNXZKg7Dg5NMmfWkHVGaY26z7q/+pvxYo1mm8TkEblIsJ2XqYUpb6ULK36iVED9LbDsRK622PStZykLftN3PNqecRf6tbl0cUQJlDeC2xMAvAFmchxKXizdsIEpO3/+nbB2FYmupxEOC1oZUcxJ3rEigbxOHDANtREmZnpEQVoh3EcpTxvz5Oasm0tGARH7Kewr5tG8l0kaX8N9vrLdYCuaZX3eW901KA6MpfBkGGqMImbkyvnVCKm5EGo2Z21/PjpzZ8AOZfOlakL1PHVpjuRtmQ==
                      Arc-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mollymaid.com; dmarc=pass action=none header.from=mollymaid.com; dkim=pass header.d=mollymaid.com; arc=none
                      Authentication-Resultsspf=pass (sender IP is 2a01:111:f403:2405::72c) smtp.mailfrom=mollymaid.com; dkim=pass (signature was verified) header.d=mollymaid.com;dmarc=pass action=none header.from=mollymaid.com;compauth=pass reason=100
                      Received-SpfPass (protection.outlook.com: domain of mollymaid.com designates 2a01:111:f403:2405::72c as permitted sender) receiver=protection.outlook.com; client-ip=2a01:111:f403:2405::72c; helo=NAM02-DM3-obe.outbound.protection.outlook.com; pr=C
                      Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=mollymaid.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hMYXK18Tm7fQJkf4pUo6FmOna1tkMWyQ7meJmz27zFE=; b=pwvYjL93kWc0WPLtH/6v6JLhpfaah2HnbbX/r8n9IHwj6vyhGBPWuOHsk0fIdD1y77kCeyYruFZ3pkNQLJHXsDuDdMp6vSTkX9TBtQ4SSazQuR7KgyFyrE+wkDasrryEuBPKZ5vo2pAKGUJVejWtMXNvnyc9isPz8B/kL6Xp4z0=
                      FromEl Monte and Montebello Molly Maid of La Puente <vy.nguyen@mollymaid.com>
                      ToEl Monte and Montebello Molly Maid of La Puente <vy.nguyen@mollymaid.com>
                      CcEl Monte and Montebello Molly Maid of La Puente <vy.nguyen@mollymaid.com>
                      Subject[EXTERNAL] Purchase Order #248251 From Molly Maid
                      Thread-IndexAduR60LMomN9JQXgQiSnmTA/8X4IFA==
                      DateMon, 10 Mar 2025 18:48:10 +0000
                      Message-Id <SA1PR12MB85987AA8B2DFDAF0330C753EE0D62@SA1PR12MB8598.namprd12.prod.outlook.com>
                      Accept-Languageen-US
                      Content-Languageen-US
                      X-Ms-Has-Attachyes
                      Authentication-Results-Originaldkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mollymaid.com;
                      X-Ms-Traffictypediagnostic SA1PR12MB8598:EE_|CH3PR12MB7524:EE_|SJ5PEPF00000203:EE_|PH7PR08MB8533:EE_|LV8PR08MB9317:EE_
                      X-Ms-Office365-Filtering-Correlation-Id 47f4b157-551f-496c-f68b-08dd60041e56
                      X-Ms-Exchange-Senderadcheck1
                      X-Ms-Exchange-Antispam-Relay0
                      X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|1800799024|366016|376014|7416014|38070700018|13003099007|4053099003|8096899003;
                      X-Microsoft-Antispam-Message-Info-Original EGxUKR9Gbc69Bh3XacFGkhRfDXG9oakz+7vJ/R7xuo5GpyhhJNbnl9A+FX3MUqAstrrCYyulhxTIiZO4vbxnoH4/Qr4H97UdmDK1ioHyKCGsMwAjNiqwPsjsQSYZGEwkcK79t7Il+tfLrU/tSgXPLSEKzgerQMe+dNrKPMTsrKV6TprMT8bE3pAL/fZOz5fshR4BhwBiQMndCmejScJx0tLPYVK9XhIy+BaN0g0Junazz30b10B4Ds9LKIFCLZ+JOi5Ch606mMuC/5eUmd7owvzdiTd/6q2skjDoHahBWLfz9fO2uWxnWu9TXlFHwClsNKzZGSFZ3xS1C8Z3juj4QxGmLkOnweX4VohGtYu1qyTRnN54InejgnkyKceu3XQoXhkeyWld/51shwgJMvW+covOtLzlJ+cjyX1wzYG0w2nXwBrUMW98ITAjQuf4mqU5QsRheagcM6D6OuUkr3IC6cTa+HJ754eL/L7LITRXwim1/tgPBEYcVIVP5+mgO8zzkd89f4y6I4JgfHrHZOrRj0OMDIXp7CsUTGI6pFwuHNQnifEm67b4VGEqhqhdYdwNDjbKlthf7Z5LZLxNw1BETPjEEsNP7foGqtwNUqne4IJ6nBrs56SeTQfVDNzRIh2tqIaTkl3fhpHpVO2ikeu++ZgOuqau4qNoa6wE4HC92sNpTJ8jwG0ZfYgcN6Y1GySkILOxIGFdsx08EZYLUxVVpYZ5bTT87d98UOKOlxCLrm9Y8TfDpzeOvKBm0cb745wXiT7tttr1kLkKuQ6+v55n2VlArE6G4VqaOGmqwMm3FvXEJdgDX9smjTIndu2dQPD19I7/+anUBOEyLaG8eqWqNf9KYMbr3GllZXaoyh/ZzDeAHv8uG/pCHYj0pJOg+fp+pDy6DhY5sNIIiFuTbIkBi4ctWbFx4Lm2swXq3PWfIjBIPbYolBGgYGboJOElyAOIZtGqYEe3+hSsFjNntN4I2SioDFWHOxBzJwGXeVtAiiEJcQZ2AISwThzNzRv6PcA5/g7FlNcRMMruRyr5Vf8Zc7jV+MMN5e7bMJqRk7WeMTG2/cqLiqjFS9TBfZj4WKNm6FO1uzU/8YNzQ4UzW+q9QNxLPJ3faGzcZ5i2vpkSuaW8o7/zi9pDu/dXSGUQ5ML1OaLMgM961rAoYSnqunKdXRUoYiYaPelFZyl6k4nyyt450l6JVXpC38649lHjt4JNIIY9MVdU6GLtaaVn0S4i/kDvqkCjAbrdzrRz1sJUD9QIIXiJ/4ao2cDPJaTtO9zoYILTl/9YGB1G1F1tR4xsgdYalGlMO9LhpeJK+Ep8O9X1DEzkkDt2Z6PZZQxX7XauwHbMzvwhKV19hrg0pNZDbtQl2XscB3d30blJDmV5bIOqDzUvdnROh02kN1bY+6hu
                      X-Forefront-Antispam-Report-Untrusted CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SA1PR12MB8598.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(7416014)(38070700018)(13003099007)(4053099003)(8096899003);DIR:OUT;SFP:1102;
                      X-Ms-Exchange-Antispam-Messagedata-Original-Chunkcount1
                      X-Ms-Exchange-Antispam-Messagedata-Original-0 +Dl8vSgX1Ew24oF4vLtmbqtIrhWP9BX5+211DdaSD+JV5YSte53BuzkzBzQtgo6Xj0ZZslV5OlhmOGRLq1Tl0ylBXNDH9VPSchRfdenurPo31z47pluxjnjee95UTSbqtqEONhQX+nUbnn8sJqnGgyPBpF501EJZiKpaxMdDs3+XN1IuA5UPXmhGRa7ohrUyobWS2gVfvvMnS0h4zew0RQA1yMIe0nzutUWcvgB/EGwphjXtL9wZBMwM7ZLvvanT7tvXiWtBz++KZ5VpjczXJLfiJkcKGicZqHhHvzlDFNlFhovgwuwnO/7Vr+OVvJshH+i2mc0pjCadwDJr60Y+1L+GmRUUDUwXkWO4EfD1/7JMz7euxa1jwppYtXazuC6ltG/tU9h5Gyz2AJ2fu0hKvX5JEC3VVI1G6dx2DaszLOQDNMFyKS2LVm9USmtrEkcU3xA0xdDm+RW8b/+XpOStHvzfskUYJ4/+9/0ZzDmdn2lVyarqFszIGQz4hPJT30upaJEsH7Re87u4VjLQZBh64pttXtaVxEEXR5bmFmjtPj4wOK1715yy7YS67KvCrkkoj6HOD9vNGHqJIRsOuCZ5ASZJV6oiKYB9b5mytrJCbxnzaE3Qe3mfrjSKKqrdaidaOK2lZYM/35rpw170M1RYBIh5J0Z18ggcXfcz4FMjIprHYkWq7Dybq7GY/TLAMqanbJjVLv65+MTHmBdHlS9U4oos+6gs+dPm9Y/rEBxrZkCUHE/zOMTGAR/8lEADxwF2h824CKWfQTWa/udOYA3NYkNk/65faz3XeEmQEDS+JHl3ihiL8YHq4itrKkBlJVa9dGbLrKN/Bx4BYwyO2dmy0+93rsiup/o+vlz4hT1YgKaRdBIDN2LF7gjqnFCcfcFz+c2ENyQai1Ey6VdrjWOnwgFq1kgq4NnzC/FMz9B2a1dDjGeVyTOkeraquaCQU4hF0jMA25iZAUW2uP5ZVZnVtV3yey0ZW5VDyi2NA9OZ1o/EVMXunnpI0/AXWlro/8EvGNvhEhnFQcRloFDg/IeoE09uMS+KNhSvi70LL1DU0mithJUkUwtUc+HVnFcx1CMo8HAhNJeIaqSWQQrdimiuCbqiv81ba8uHT+pFt4J3nG9+6342SnQLcQBjlXXj7MOMfkcJxtFyCvB7/xq3sQcXm0SY1y5NZZ7BQdZM8SQyBv1lcoj6M93pSMASHUpI7s/gzdk9j62Kpz5uY/NWo+wf89GenRRx903AIQDWMeH0UCab7ExzgAuexkgT3XgorOH2vs5CLRslsMAzmZ/HW9OWIVInR3EBpjTuRwWFDyMl/N2hLr1AB5GSOHyltBsHfME1iwL92giwTD0RMTZEZ8sepzLJ3PhyYg1thhrz5ZQzHJYpEFSz5SAb5iWHDxQsNhwTQbpNIVYXVzC0egbHWdhOLbA3fQC3CV5ytVW24uTfZI97BElY910zSKAbdY5HEvcj8j+mmMo+Z4NCfG1fZgSkxev5ZKL88+lvtnJytH9Y5WR/EZtsXtetaGetAXF3Fk2mwVNghlhXC6EKyMeF+2ksTkmXUCU6VxX5GSvekfXjN8pcL8XpU0A0uj5g/XJbOoeEdaDad3dQxUbPfNQoRDyhJw==
                      Content-Typemultipart/mixed; boundary="----sinikael-?=_1-17416345713950.6056491861322484"
                      MIME-Version1.0
                      X-Ms-Exchange-Transport-CrosstenantheadersstampedPH7PR08MB8533
                      Return-Pathvy.nguyen@mollymaid.com
                      X-Ms-Exchange-Organization-Expirationstarttime10 Mar 2025 18:48:16.1629 (UTC)
                      X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                      X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                      X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                      X-Ms-Exchange-Organization-Network-Message-Id 47f4b157-551f-496c-f68b-08dd60041e56
                      X-Eopattributedmessage0
                      X-Eoptenantattributedmessage341c5aad-39be-47a3-901e-146d297ecd80:0
                      X-Ms-Exchange-Organization-MessagedirectionalityIncoming
                      X-Ms-Exchange-Transport-Crosstenantheadersstripped SJ5PEPF00000203.namprd05.prod.outlook.com
                      X-Ms-Exchange-Transport-Crosstenantheaderspromoted SJ5PEPF00000203.namprd05.prod.outlook.com
                      X-Ms-PublictraffictypeEmail
                      X-Ms-Exchange-Organization-Authsource SJ5PEPF00000203.namprd05.prod.outlook.com
                      X-Ms-Exchange-Organization-AuthasAnonymous
                      X-Ms-Office365-Filtering-Correlation-Id-Prvs bef2deb4-a3f9-464a-860f-08dd60041b1e
                      X-Ms-Exchange-AtpmessagepropertiesSA|SL
                      Noolgoonikaddress1
                      X-Ms-Exchange-Organization-Scl1
                      X-Microsoft-Antispam BCL:0;ARA:13230040|22003199012|35042699022|4073199012|5073199012|5063199012|4053099003|13003099007|8096899003;
                      X-Forefront-Antispam-Report CIP:2a01:111:f403:2405::72c;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM02-DM3-obe.outbound.protection.outlook.com;PTR:mail-dm3nam02on2072c.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(22003199012)(35042699022)(4073199012)(5073199012)(5063199012)(4053099003)(13003099007)(8096899003);DIR:INB;
                      X-Ms-Exchange-Crosstenant-Originalarrivaltime10 Mar 2025 18:48:15.7879 (UTC)
                      X-Ms-Exchange-Crosstenant-Network-Message-Id 47f4b157-551f-496c-f68b-08dd60041e56
                      X-Ms-Exchange-Crosstenant-Id341c5aad-39be-47a3-901e-146d297ecd80
                      X-Ms-Exchange-Crosstenant-Authsource SJ5PEPF00000203.namprd05.prod.outlook.com
                      X-Ms-Exchange-Crosstenant-AuthasAnonymous
                      X-Ms-Exchange-Crosstenant-FromentityheaderInternet
                      X-Ms-Exchange-Transport-Endtoendlatency00:00:08.4575057
                      X-Ms-Exchange-Processed-By-Bccfoldering15.20.8511.025
                      X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(4710117)(4712020)(4716020)(920097)(930097)(140003)(1420198);
                      X-Microsoft-Antispam-Message-Info 8ObZh36DYrlu+ogzzYGyr4U010xfzFNHVp46tuRY7UoJx5gBule+dWU4IS4lJRWBfWOXFk4b0qd3Pwl1cL5RX5sSRmxEt8ySSxGmAabOk5ZcA5wTFPRfuWpKWWF5oShNfeaWrOpStMADiaOiaaNg59437oR3amD+slkY1/NH9coAtpNywi1CCfC8n89HCq1wR38JIE9wzJjcU4DcWa9udMeZX/9O9F5/KCVpj8O9JBp42NodO0doeqo/wbBKRt555FShY2SSfCwoIiaYY3hxBbkUyabaqqAuPTTmRZVwC6LI6ImQ4AkOFvYk+V5gLLSGAuVJZ82HKt7nWkMktSnVGV8tSKKJJ2I4wRmfXGsP2gGz/UGAwO456MDiOnid/Nrc0gdDiCun9V2TyVLAWIchqfMCli/cfP0gxL0GrNvBYRB0oqM8A6TKlkKiiuzveClVdOn+xXxPelunek6KgTCzJ4j/Iune/XcWzdJKsUHp2Fw7cifyT1c01Mmjk+7bPo2iJE4mubbkVi+BPz8VpVk2y17QJ9LEHgFbxwih6xnSia4FwQJKm5N2FSs0RcUCsIBVJceBnzj9WpIsLfLjZReuDqm0w83YmviAtQkjfpqXlfjp3Vsf/64EBzIsZmF7z0NOHs5sKP+pCGbj8SsgMDJESG7PM+FsP+4xUkKgkr0V88FbI0vsR9K4XSGvf+yp6Ldf6ucZMR/MX/dMl5K92RuiWDAhbL4edhYpHAxq5e6Edmr/yy7bFr8vhWBrN+RFNNK1ralHjHYZHPibwXsRIoUY+D6+k6dQOmIU7bTklrhwGm8N/LRdAowdeAd/N879Tt/u4dssQH2B8r3uTPts/1EXH5BkiHLmx+cKocqIDUYk/HPWoEW20pwKwGduAeHNzxT3l3qtCwiSU5rgKBtI2O44qt9EymqXNZPxe7yeEs3q3dXjhe0NjAyBQ4UXnJ8NHXheq+eQiCizHrc5PL5UoXx9es+voeydxzuwZtfCmjVaShwIIuR9U5HHvV7oCsiqRevneXOF9ysNgPuNXDEMzFGzBmO0DyfB1jnMXupqXKF6pZSsg9NsWfBbRL+zAzNisgI/7VnsWdNMjVM4Zug40/4FWUO2OZmmeF45V8tc3Lvwna3Tr6CBXBWuhCPiCEIpBmufXfo7yy8KtZS9rR9P49JVCflERun0hTA4xbqqW4DD77zl7DIG7fSv3NwLWwCrPNg6vsBCUkyRJN15ouPsAfklpWhtnIaD17hVCIpD2lpSeniFJ/7AV/ZXtb0drJgT3anOomJP7ubd9wtTrC/VC18CfWhoYMGB9AUGhCCzkDtnURe6+mct8yUusi9IjwjvElcrFWDH4Qek5O9E30keWBy+PX+sJOaOpitU283w/XtvFSoSfAQURE8COPjFf9M+nPF5uoE5PYK3f7YGI0cOExV5VBhrTFJm9P8ZhKrbux8YtDY77HNjVDi5ldnLDKAysktkgu+jtkSTItqXu2xuNJXIgGo2+3Mf4RnY7sU70JzidbTVjORslwMq6z6lC5Mta6xshAMegWZCRR909jCoXgFSe9E7TYNf+a2O1L8WZiV32buAkrcRO1+vMgY2oj7+kHj4WXYm90tp5k74X/UhU7x7JxNiptvEXb742Ji2AQaftSwMuDGYiYcGzOEhNUyp5sTzDafvlF7LiJ775vvOFW2YEy1v8vu8d0QycsX64GoA5h+h2CXxS0vVurRO9IRuXPr5H7YYdiorz+j12irFKSydoX2F5qDODwWkGA7FfybGCnLTj+xcTEG2bHkTJKdbCbRtGMfLnv9uv1oNhppmdlM7tSEwzuR6DymnNo+HXdM49KP+DcWCnA8QdQs1rEQtc2LIce5isq/27fXamR8c0QGMJPVRGUiM0G78pnC9pbJdbre30WwtxLKmvt4gSq0ELU2UvZ1VebVEcqA+lnbazrzJvV/i/48vHQwW6Llp8ygDfJE1Vkt420PUIHVkEbDT97orb0ayEtRCynQNwgl1mP3R+XQQXnMqDmL76ewFRnmqJHcZfC5ZwOmIpcx+0iniOVNu
                      Content-Transfer-Encoding7bit

                      File Icon

                      Icon Hash:46070c0a8e0c67d6