Windows Analysis Report
https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70i

Overview

General Information

Sample URL:	https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70i
Analysis ID:	830993
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Antivirus detection for URL or domain

Phishing site detected (based on logo template match)

Phishing site detected (based on image similarity)

HTML body contains low number of good links

Invalid T&C link found

No HTML title found

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://app.box.com/notes/1164721829413?s=qft12my1l5l17o04knifd8gw776ko70i	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://faxmail-secondary.z13.web.core.windows.net/	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70i	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 94194.4.pages.csv, type: HTML
Source: Yara match	File source: 94194.6.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_167, type: DROPPED

Phishing site detected (based on logo template match)

Source: https://faxmail-secondary.z13.web.core.windows.net/

Matcher: Template: onedrive matched

Phishing site detected (based on image similarity)

Source: https://faxmail-secondary.z13.web.core.windows.net/

Matcher: Found strong image similarity, brand: Microsoft image: 94194.4.img.1.gfk.csv D234686AEA3314E03DFEC220D3F3B5E0

HTML body contains low number of good links

Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: Number of links: 0
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: Number of links: 0
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: Number of links: 0

Invalid T&C link found

Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: Invalid link: Privacy & Cookies
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: Invalid link: Privacy & Cookies
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: Invalid link: Privacy & Cookies

No HTML title found

Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: HTML title missing
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: HTML title missing
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: HTML title missing

Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: No <meta name="author".. found
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: No <meta name="author".. found
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: No <meta name="author".. found

Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: No <meta name="copyright".. found
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: No <meta name="copyright".. found
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /s/qft12my1l5l17o04knifd8gw776ko70i HTTP/1.1Host: app.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /notes/1164721829413?s=qft12my1l5l17o04knifd8gw776ko70i HTTP/1.1Host: app.box.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: z=i454dsoktaqf6hrjqimanbghl6; box_visitor_id=6418d6ca5e3329.19175673; bv=OPS-45996; cn=20; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /p/note?fileId=1164721829413&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fqft12my1l5l17o04knifd8gw776ko70i&hostname=app.box.com HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://app.box.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1
Source: global traffic	HTTP traffic detected: GET /app_init?authCode=&fileId=1164721829413&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fqft12my1l5l17o04knifd8gw776ko70i&listId=inbox&_=1679349452464 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"feature-flip-user-id: 0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01csrf-token: 0pHqRu1Q-AW6GI6VDe6IjMpZpQJMwVmUeZl8X-Requested-With: XMLHttpRequestsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; csrf-token=0pHqRu1Q-AW6GI6VDe6IjMpZpQJMwVmUeZl8; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11nUa HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTss; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=websocket&sid=lpvWMe6y-UCxux37ALr5 HTTP/1.1Host: notes.services.box.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://notes.services.box.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTss; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=Sec-WebSocket-Key: fmJGJvwLeeGgkVmH0zMN5g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11nYq&sid=lpvWMe6y-UCxux37ALr5 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTss; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11ndL&sid=lpvWMe6y-UCxux37ALr5 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTss; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=
Source: global traffic	HTTP traffic detected: GET /api/v2/auth?users=key HTTP/1.1Host: auth.split.ioConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0SplitSDKVersion: javascript-10.22.3Authorization: Bearer 3sd5ltupa3cq5t3ovm1r2kear6i4kvmeb42aContent-Type: application/jsonAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://notes.services.box.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11nue&sid=lpvWMe6y-UCxux37ALr5 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTss; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=
Source: global traffic	HTTP traffic detected: GET /clientSocketConnectionInfo?fileId=1164721829413&_=1679349452465 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"feature-flip-user-id: 2sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01csrf-token: CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTssX-Requested-With: XMLHttpRequestsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTss; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11opk HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQ
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=websocket&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://notes.services.box.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQSec-WebSocket-Key: z/pPhN2448WLvSl+E3oqVQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11ou9&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQ
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11pEh&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQ
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11piq&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQ
Source: global traffic	HTTP traffic detected: GET /box-image?encoding=base64&fileId=1164711816928&fileName=Box%20Notes%20Image%202023-03-14%2021.15.17.png&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2F821u4wbadx46bwm98ch1k57gcclzy6zt&viewContext=inline HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQ
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11psr&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQ
Source: global traffic	HTTP traffic detected: GET /box-image?fileId=1164711816928&fileName=Box%20Notes%20Image%202023-03-14%2021.15.17.png&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2F821u4wbadx46bwm98ch1k57gcclzy6zt&viewContext=inline HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=pv4j98LK-sTVfe-emjGh54u0gzHOptlwvP40
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11qbV&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11sN_&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://faxmail-secondary.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://faxmail-secondary.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://faxmail-secondary.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://faxmail-secondary.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://faxmail-secondary.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://faxmail-secondary.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://faxmail-secondary.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11u9c&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11vxR&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11xjH&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11zUv&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11_GT&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /sse?channels=ODc1NTA5MDQw_MjYwNzIzNzc1MQ%3D%3D_control,ODc1NTA5MDQw_MjYwNzIzNzc1MQ%3D%3D_mySegments,ODc1NTA5MDQw_MjYwNzIzNzc1MQ%3D%3D_splits,%5B%3Foccupancy%3Dmetrics.publishers%5Dcontrol_pri,%5B%3Foccupancy%3Dmetrics.publishers%5Dcontrol_sec&accessToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IkRQVkE3QS44czhnaVEiLCJ0eXAiOiJKV1QifQ.eyJ4LWFibHktY2FwYWJpbGl0eSI6IntcIk9EYzFOVEE1TURRd19Nall3TnpJek56YzFNUT09X2NvbnRyb2xcIjpbXCJzdWJzY3JpYmVcIl0sXCJPRGMxTlRBNU1EUXdfTWpZd056SXpOemMxTVE9PV9teVNlZ21lbnRzXCI6W1wic3Vic2NyaWJlXCJdLFwiT0RjMU5UQTVNRFF3X01qWXdOekl6TnpjMU1RPT1fc3BsaXRzXCI6W1wic3Vic2NyaWJlXCJdLFwiY29udHJvbF9wcmlcIjpbXCJzdWJzY3JpYmVcIixcImNoYW5uZWwtbWV0YWRhdGE6cHVibGlzaGVyc1wiXSxcImNvbnRyb2xfc2VjXCI6W1wic3Vic2NyaWJlXCIsXCJjaGFubmVsLW1ldGFkYXRhOnB1Ymxpc2hlcnNcIl19IiwieC1hYmx5LWNsaWVudElkIjoiY2xpZW50SWQiLCJleHAiOjE2NzkzNTMwNTYsImlhdCI6MTY3OTM0OTQ1Nn0.EU78YDcK7A0PsX0DnaMpjCfsW1yCbec-x3877tb3wnQ&v=1.1&heartbeats=true&SplitSDKVersion=javascript-10.22.3&SplitSDKClientKey=b42a HTTP/1.1Host: streaming.split.ioConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: text/event-streamCache-Control: no-cachesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://notes.services.box.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS1212l&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS122q3&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS124ku&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS126WP&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS128I0&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS12A3X&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS12BrF&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS12DdH&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 21:57:45 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9x-powered-by: Expressset-cookie: csrf-token=pv4j98LK-sTVfe-emjGh54u0gzHOptlwvP40; Path=/; Secure; SameSite=Nonestrict-transport-security: max-age=31536000x-frame-options: ALLOW-FROM https://app.box.comcontent-security-policy: frame-ancestors https://app.box.cometag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"x-envoy-upstream-service-time: 422Via: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 21:57:46 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9x-powered-by: Expressset-cookie: csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; Path=/; Secure; SameSite=Nonestrict-transport-security: max-age=31536000x-frame-options: ALLOW-FROM https://app.box.comcontent-security-policy: frame-ancestors https://app.box.cometag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"x-envoy-upstream-service-time: 598Via: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Connection: close

Source: chromecache_220.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_167.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_194.1.dr, chromecache_223.1.dr	String found in binary or memory: https://app.box.com/s/821u4wbadx46bwm98ch1k57gcclzy6zt
Source: chromecache_187.1.dr	String found in binary or memory: https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70i
Source: chromecache_167.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: chromecache_167.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: chromecache_223.1.dr	String found in binary or memory: https://faxmail-secondary.z13.web.core.windows.net/
Source: chromecache_167.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4gaVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4iaVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4jaVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4kaVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4saVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4taVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4vaVI
Source: chromecache_181.1.dr, chromecache_190.1.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_224.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_224.1.dr, chromecache_181.1.dr, chromecache_190.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_224.1.dr, chromecache_181.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_167.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: chromecache_167.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: chromecache_167.1.dr	String found in binary or memory: https://spoppe-b.azureedge.net/files/fabric-cdn-prod_20211104.001/assets/item-types/32_2x/docx.png
Source: chromecache_167.1.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: chromecache_167.1.dr	String found in binary or memory: https://youngarsmfg.com/faxmail/postoo.php

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Source: classification engine

Classification label: mal64.phis.win@29/65@23/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1768,i,15355743440405815616,15119586194272472126,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70i
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1768,i,15355743440405815616,15119586194272472126,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.112.186.144	notes.services.box.com	United States	33011	BOXNETUS	false
104.18.10.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
18.165.183.129	dz87sht31vgqa.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
35.170.228.5	auth.split.io	United States	14618	AMAZON-AESUS	false
142.250.203.100	www.google.com	United States	15169	GOOGLEUS	false
142.250.203.110	clients.l.google.com	United States	15169	GOOGLEUS	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.203.109	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
stackpath.bootstrapcdn.com	104.18.10.207	true
auth.split.io	35.170.228.5	true
accounts.google.com	142.250.203.109	true
notes.services.box.com	74.112.186.144	true
cdnjs.cloudflare.com	104.17.25.14	true
maxcdn.bootstrapcdn.com	104.18.11.207	true
www.google.com	142.250.203.100	true
clients.l.google.com	142.250.203.110	true
app.box.com	74.112.186.144	true
client-log.box.com	74.112.186.144	true
dz87sht31vgqa.cloudfront.net	18.165.183.129	true
sdk.split.io	unknown	unknown
cdn01.boxcdn.net	unknown	unknown
clients2.google.com	unknown	unknown
code.jquery.com	unknown	unknown
streaming.split.io	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://notes.services.box.com/client_log	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11nUa	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=websocket&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11pEj&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS12BrD&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11qbU&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11zUs&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11_GT&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS1212l&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11_GR&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS12A3U&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/box-image?encoding=base64&fileId=1164711816928&fileName=Box%20Notes%20Image%202023-03-14%2021.15.17.png&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2F821u4wbadx46bwm98ch1k57gcclzy6zt&viewContext=inline	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=websocket&sid=lpvWMe6y-UCxux37ALr5	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS12BrF&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11o1h&sid=lpvWMe6y-UCxux37ALr5	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS1212X&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70i	false	SlashNext: Credential Stealing type: Phishing & Social Engineering	high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11opk	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS122q3&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS124ku&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11ou9&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS128I0&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS12A3X&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS12DdH&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70i	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11u9U&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11ou7&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11qbV&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11nYq&sid=lpvWMe6y-UCxux37ALr5	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11piq&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11xjD&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11nup&sid=lpvWMe6y-UCxux37ALr5	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS12DdG&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/box-image?fileId=1164711816928&fileName=Box%20Notes%20Image%202023-03-14%2021.15.17.png&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2F821u4wbadx46bwm98ch1k57gcclzy6zt&viewContext=inline	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11u9c&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://client-log.box.com/analytics-events/	false		high
https://notes.services.box.com/app_init?authCode=&fileId=1164721829413&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fqft12my1l5l17o04knifd8gw776ko70i&listId=inbox&_=1679349452464	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11psM&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11ndN&sid=lpvWMe6y-UCxux37ALr5	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS126W8&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11zUv&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11ndL&sid=lpvWMe6y-UCxux37ALr5	false		high
https://notes.services.box.com/clientSocketConnectionInfo?fileId=1164721829413&_=1679349452465	false		high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	false		high
https://app.box.com/notes/1164721829413?s=qft12my1l5l17o04knifd8gw776ko70i	false	SlashNext: Credential Stealing type: Phishing & Social Engineering	high
https://notes.services.box.com/p/note?fileId=1164721829413&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fqft12my1l5l17o04knifd8gw776ko70i&hostname=app.box.com	false		high
https://app.box.com/notes/1164721829413?s=qft12my1l5l17o04knifd8gw776ko70i	false	SlashNext: Credential Stealing type: Phishing & Social Engineering	high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11sN_&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS124km&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11p_u&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11vxR&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11xjH&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://auth.split.io/api/v2/auth?users=key	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS126WP&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11nue&sid=lpvWMe6y-UCxux37ALr5	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11psr&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS122q1&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11nYg&sid=lpvWMe6y-UCxux37ALr5	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11pEh&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11sN-&sid=FJ53pnQpy7l_zAfJALr7	false		high
https://notes.services.box.com/3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS128Hz&sid=FJ53pnQpy7l_zAfJALr7	false		high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 161	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 162	Unicode text, UTF-8 text, with very long lines (31952)	B5307E4A0D56B62E41600E1296BF75AA	76B57440EFC1A382989E8BED80379D2C00FCA64B	DEF6F66252A9F848DFBE00904DF6D26A4215051EC39C7CB361AAACDC2BAAD889
Chrome Cache Entry: 163	ASCII text, with no line terminators	476EE9F49094D8DF9E723601C0AFD54C	669A2662F1BB3C63DC2889848019556E940BB8C1	D6325E8E8E5B4EAE02BC3EECBED3300443940CFED7BC51DC564B79AE8DE333D7
Chrome Cache Entry: 164	Unicode text, UTF-8 text, with very long lines (31977)	44B44AFF7527F4713728ABAA2B68B0A5	EC14DB166B8AFA3DDD7F30B018AA58D6FC4373FC	F60E88890D80DB69F5D45ADCF7AF08D2575BAE1E6C13119E27388596DF308054
Chrome Cache Entry: 165	HTML document, ASCII text, with very long lines (321), with no line terminators	D57E742AC12934EFABC2CB206E42B83E	E8997889751CEBA96601B7115113C3199D4587CF	40177B45688D5CFF3D43D5FF9171D55B747FC8B1E552DD3E15AC664C69F29E54
Chrome Cache Entry: 166	ASCII text, with very long lines (65536), with no line terminators	45124FC6B223AFA45DB3766E00201C2F	03A51C886370D332690692DF619D794A6449142C	6A060BC27666C6BCA8136E051487586BF1BDA2E0B6D9DEAC11A969E0B341E93B
Chrome Cache Entry: 167	HTML document, Unicode text, UTF-8 text, with very long lines (27853), with CRLF line terminators	B3D147FDE72A2FE305633B839D63CCEA	FB851F33A87EB2F94784D28AFFDC4C5155F4906F	89C89C311EAD9ECDB83536E6EA6E9BEBA520ECEF2B5E520E258CEB9131F28F7A
Chrome Cache Entry: 168	ASCII text, with very long lines (32012)	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
Chrome Cache Entry: 169	GIF image data, version 89a, 128 x 128	2D30144B1A2E233F17E35BBB13992DA9	F3C8CD9EE232C886514E3F4E4D7F0933D73F0AC4	49F5883D74F7ED685A2FBD65D9A988DB54218A1BE8923A2B064E0EE7DE86C284
Chrome Cache Entry: 170	data	C576B75EEC027308E6730727FA7CE488	51F4B22862A343A3A9AAB8A1DAA6DA45874F1C71	C22DA263CB5140EA732BF459DE718F9737F1A494DB95100A1FC918BAFE2A2218
Chrome Cache Entry: 171	ASCII text	1EFD88F39E1B11D2F6506F4E7C853D60	35ADDC2C29544E49BCA30C49CFF776D7CD6805F5	3262C2BD70D868ED379B89EB25E964BF826721F17189A5170C352D20A7563F94
Chrome Cache Entry: 172	Web Open Font Format (Version 2), TrueType, length 84992, version 2.983	8B1868B7BCE455BF0DA2712EC5D1A6C8	576498905760A76534FEFC8A6A770B643E10AF01	0ABCEFA9EF9546CAD5811B5A32F096F8B9407E43DE385227A78182C32DC3451B
Chrome Cache Entry: 173	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 174	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 175	JSON data	921D94BFBF5898735F02255463C4AEF1	02463D18D61899F1F867E5C59A7B45E04AB39834	A81559D2DD8DB260391B51D1ED77F549D910C79B3261E66038E01279FE3D6382
Chrome Cache Entry: 176	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 177	ASCII text, with very long lines (65451)	550C63D8D56722C217CA103B5DD141F5	46AB52E7E5C4EB8E858D8D977691B693497EA1BE	70E25077A345CB0FEAEE232DF27484B47D5F042A908AE13D6888D59A6BB4BB27
Chrome Cache Entry: 178	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced	6F3F5AE8209E406B72D1F5717B5AF39C	CA3C1D38CF487287C5F6D2058A292ED4BEAB162D	C98A51021441557BC974E25392D183705FBF3347345AA7E5ADC7CAE3DED0165A
Chrome Cache Entry: 179	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 180	PNG image data, 170 x 403, 8-bit/color RGBA, non-interlaced	5014BD57D455109B69EC9B55F8F846C2	737038FCE3C91AFDBE4EC5E92F9122B66FFA9003	A35DE03842CE1919D276CDCBEA23ECC2D247932710B92490E08B5BEDE398E28E
Chrome Cache Entry: 181	ASCII text, with very long lines (48664)	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
Chrome Cache Entry: 182	GIF image data, version 89a, 32 x 16	078DA0AE946B8B0F93E7A519620263B4	A55C769A04123CDD5F0B40EADA86108222EB4C78	B034AF69511E27C742248526B5E3ED0A47E862CB9CC5D18EAD972984A664F388
Chrome Cache Entry: 183	data	C576B75EEC027308E6730727FA7CE488	51F4B22862A343A3A9AAB8A1DAA6DA45874F1C71	C22DA263CB5140EA732BF459DE718F9737F1A494DB95100A1FC918BAFE2A2218
Chrome Cache Entry: 184	ASCII text, with very long lines (31995)	3D7A00A8069525A77ED22119D846A96F	F266158D69C81254F88BB0C4F2A6240DB807ADD9	E68827AED66A6A341C7A32982AC4E8390A2BC6FCFE562FFD2E52323FCB0BD4F0
Chrome Cache Entry: 185	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 186	ASCII text, with no line terminators	296672F42635C8EF2611A8D34EEC0A6B	2ACC70C5250958BB49CCF8833DAFC8411DCAFDB4	6D61EC530D50A6E05DE2F330136719EA781A83EE93A94DFDCACCBF43ADD8D27E
Chrome Cache Entry: 187	JSON data	2915B8A8369929373B307C80C0B38DA1	CA0A6BCC2EAA7134FE11A53F3AEE2EC31CD16932	713DAE6E330F347F43BC0DDD06241A85966C145941F87F05CD9D9C917A01AB6D
Chrome Cache Entry: 188	Unicode text, UTF-8 text, with very long lines (4863)	90D547060709682AA56E0B6DB8F171E0	3D41C740F8F46E7DF9911FDD738CE7E8FA6D357B	1D980EBDFC2485AE0F5FA4E06E138C287AC7EAE6020CE67FC43449AA2B9BA3F3
Chrome Cache Entry: 189	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	9DE7359F533C3B80738BF2D752E12506	061BF16B05AA179374CCD26A3905F43A14B6722D	B10D240C04DD81860E4C7AB90E959ECFBA16D4CFC5A97C71280B73FD71C863AA
Chrome Cache Entry: 190	ASCII text, with very long lines (65325)	450FC463B8B1A349DF717056FBB3E078	895125A4522A3B10EE7ADA06EE6503587CBF95C5	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
Chrome Cache Entry: 191	JSON data	A3E719E7EC72002FE8F0CF9FBECBFA84	BFB484909C2758450DD14E0DFAAE63DCF40EC0A2	45BC7CDFA3D7E443943952E0B5F9E711309EFC21FE2B111D72A25B2B1BAD163E
Chrome Cache Entry: 192	Web Open Font Format (Version 2), TrueType, length 84396, version 2.983	8A54EA1AEB67D07C751BD5F03068317B	CFBEE4F2FD7F359A2A60648BB6797CAC1FD4DA3E	4230A20B841519BDBE4B0C154BAD414E017CF80B3918127D45C4F907EEA07280
Chrome Cache Entry: 193	ASCII text, with no line terminators	FBE0F75EB8C68E8C15477CFE36E7A169	C0D940C533A7AC077F5A85E64BE38D0033066154	8A13274839FA1E53553FCE695C4DB5ABCDFE7BB8B12E01D39A41BA4C6474B4DA
Chrome Cache Entry: 194	Unicode text, UTF-8 text, with very long lines (5433), with no line terminators	775DE38E26111E086ED3DC9EEA6AF7E7	0BD53FA04D74E08233926DF5B9050C4827CAC1FB	8D8E50B4DA62F51EEEB262BDB7F6ABF8C38D34F3C246789D8FA5D67AD481E77A
Chrome Cache Entry: 195	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 196	PNG image data, 170 x 403, 8-bit/color RGBA, non-interlaced	5014BD57D455109B69EC9B55F8F846C2	737038FCE3C91AFDBE4EC5E92F9122B66FFA9003	A35DE03842CE1919D276CDCBEA23ECC2D247932710B92490E08B5BEDE398E28E
Chrome Cache Entry: 197	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced	6F3F5AE8209E406B72D1F5717B5AF39C	CA3C1D38CF487287C5F6D2058A292ED4BEAB162D	C98A51021441557BC974E25392D183705FBF3347345AA7E5ADC7CAE3DED0165A
Chrome Cache Entry: 198	GIF image data, version 89a, 32 x 16	078DA0AE946B8B0F93E7A519620263B4	A55C769A04123CDD5F0B40EADA86108222EB4C78	B034AF69511E27C742248526B5E3ED0A47E862CB9CC5D18EAD972984A664F388
Chrome Cache Entry: 199	ASCII text, with very long lines (1577)	D788F620DAAC96866510DC0A7D9F98AD	8524558C1BA03E37F6E4E8F115A1B2D2D2155B68	9AC94DADD1157C0CF080BE5D444EE2C50285A49863F7212D02CD94B4DE653FA5
Chrome Cache Entry: 200	JSON data	8C814C47925E9B2FF056DFA7D3690CC8	4183EC6DCFA17F9BAA7A00977D01B96AC302D801	2070E9EC5EA66461693A174CF782EFA1090E0CA1988968CC1115D019E7B80A95
Chrome Cache Entry: 201	ASCII text, with no line terminators	015E6E702EB1E5C5B99843A74EA692D9	03C5CBB361735D20BEE51E01CE265DB02FE009D7	A1C64ECBD83A809459B4C66BF68CE6F3E55D5783A2B46A612BE02E9B441E665E
Chrome Cache Entry: 202	ASCII text, with no line terminators	3A4F3A6EC21D6CCBF7587D6A6CDC3665	CAF56DF3847B3EA141FD0A4059194D6B5800A6B9	EE06A22A07B7173583A70FD18F7BA35D75C461DB4144B55EA98F87B5AC08506C
Chrome Cache Entry: 203	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 204	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 205	JSON data	6B266EE10D4C9C7747AF04C45E10B9F7	DBD2F0D25B65CB4A3DAB32989EB3C3A50A06A677	26F22598CDC7887AF351A03AAC58B95AAF732AB4574B89D186FA4CB1A0764E6D
Chrome Cache Entry: 206	JSON data	7B6C39E6C9D304E3B99ADE42EB37C0F8	E4A0835211C6C6071DD69375FB4FA1C6E296786B	FC5D29F0400DC63CD1E3D3E89559050C3DE88D17196918195154BB8D716499D0
Chrome Cache Entry: 207	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	9DE7359F533C3B80738BF2D752E12506	061BF16B05AA179374CCD26A3905F43A14B6722D	B10D240C04DD81860E4C7AB90E959ECFBA16D4CFC5A97C71280B73FD71C863AA
Chrome Cache Entry: 208	ASCII text, with very long lines (65536), with no line terminators	152493243C79E30EFD24A5D24123B1C3	1E3BEB9B93298BBB388CD9663503384CC03A0D75	C656A50C302C741F52690D2D4E2CE8BC85D0D6417852452AFF6EEAA05B6C1062
Chrome Cache Entry: 209	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 210	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 211	ASCII text, with no line terminators	C41A026A97DFC107025EEC7F45F29C85	B77C8FE6D6A770AF1758FC34B3E716656B8F2485	8A7130BC862841606D062AC516513B01EB176CEF37D017E18B54E844E8390029
Chrome Cache Entry: 212	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 213	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 214	ASCII text, with no line terminators	9D1EAD73E678FA2F51A70A933B0BF017	D205CBD6783332A212C5AE92D73C77178C2D2F28	0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5
Chrome Cache Entry: 215	ASCII text, with no line terminators	9D1EAD73E678FA2F51A70A933B0BF017	D205CBD6783332A212C5AE92D73C77178C2D2F28	0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5
Chrome Cache Entry: 216	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 217	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35
Chrome Cache Entry: 218	ASCII text, with no line terminators	87163A1586AF7C5C7AA161E6118A2CD0	1D60D941434FA805BF52C1560EBC906AFA9F9FD2	70CAA5D3538BC7A7C0DADA18070E8F289899D54F3FCA8F7DB2D3AA625788D209
Chrome Cache Entry: 219	ASCII text, with no line terminators	E55801FE72556BF8E458C6085F84428C	C67D60CC2FE1AB731958FDAA7F8DDE7600B93088	9AA130CCA679A5886E6EBC4F5F867307E926D69D6C24E0622A40C2B8DC051343
Chrome Cache Entry: 220	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 221	ASCII text, with very long lines (65447)	5C8D9BA5CC18F487A7C9A4203A6971C1	1377E7C28298BCA1237111CB51327B1A4D9C0626	2263BEC4EB212189BBBD2B7DE3B001CCB80CE584CA57A955B0D4653D79D6AE68
Chrome Cache Entry: 222	GIF image data, version 89a, 128 x 128	2D30144B1A2E233F17E35BBB13992DA9	F3C8CD9EE232C886514E3F4E4D7F0933D73F0AC4	49F5883D74F7ED685A2FBD65D9A988DB54218A1BE8923A2B064E0EE7DE86C284
Chrome Cache Entry: 223	Unicode text, UTF-8 text, with very long lines (5433), with no line terminators	775DE38E26111E086ED3DC9EEA6AF7E7	0BD53FA04D74E08233926DF5B9050C4827CAC1FB	8D8E50B4DA62F51EEEB262BDB7F6ABF8C38D34F3C246789D8FA5D67AD481E77A
Chrome Cache Entry: 224	ASCII text, with very long lines (50758)	67176C242E1BDC20603C878DEE836DF3	27A71B00383D61EF3C489326B3564D698FC1227C	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
Chrome Cache Entry: 225	very short file (no magic)	C81E728D9D4C2F636F067F89CC14862C	DA4B9237BACCCDF19C0760CAB7AEC4A8359010B0	D4735E3A265E16EEE03F59718B9B5D03019C07D8B6C51F90DA3A666EEC13AB35

AV Detection

Antivirus detection for URL or domain

Source: https://app.box.com/notes/1164721829413?s=qft12my1l5l17o04knifd8gw776ko70i	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://faxmail-secondary.z13.web.core.windows.net/	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering
Source: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70i	SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 94194.4.pages.csv, type: HTML
Source: Yara match	File source: 94194.6.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_167, type: DROPPED

Phishing site detected (based on logo template match)

Source: https://faxmail-secondary.z13.web.core.windows.net/

Matcher: Template: onedrive matched

Phishing site detected (based on image similarity)

Source: https://faxmail-secondary.z13.web.core.windows.net/

Matcher: Found strong image similarity, brand: Microsoft image: 94194.4.img.1.gfk.csv D234686AEA3314E03DFEC220D3F3B5E0

HTML body contains low number of good links

Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: Number of links: 0
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: Number of links: 0
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: Number of links: 0

Invalid T&C link found

Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: Invalid link: Privacy & Cookies
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: Invalid link: Privacy & Cookies
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: Invalid link: Privacy & Cookies

No HTML title found

Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: HTML title missing
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: HTML title missing
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: HTML title missing

Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: No <meta name="author".. found
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: No <meta name="author".. found
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: No <meta name="author".. found

Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: No <meta name="copyright".. found
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: No <meta name="copyright".. found
Source: https://faxmail-secondary.z13.web.core.windows.net/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49692
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /s/qft12my1l5l17o04knifd8gw776ko70i HTTP/1.1Host: app.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /notes/1164721829413?s=qft12my1l5l17o04knifd8gw776ko70i HTTP/1.1Host: app.box.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: z=i454dsoktaqf6hrjqimanbghl6; box_visitor_id=6418d6ca5e3329.19175673; bv=OPS-45996; cn=20; site_preference=desktop
Source: global traffic	HTTP traffic detected: GET /p/note?fileId=1164721829413&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fqft12my1l5l17o04knifd8gw776ko70i&hostname=app.box.com HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://app.box.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1
Source: global traffic	HTTP traffic detected: GET /app_init?authCode=&fileId=1164721829413&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2Fqft12my1l5l17o04knifd8gw776ko70i&listId=inbox&_=1679349452464 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"feature-flip-user-id: 0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01csrf-token: 0pHqRu1Q-AW6GI6VDe6IjMpZpQJMwVmUeZl8X-Requested-With: XMLHttpRequestsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; csrf-token=0pHqRu1Q-AW6GI6VDe6IjMpZpQJMwVmUeZl8; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11nUa HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTss; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=websocket&sid=lpvWMe6y-UCxux37ALr5 HTTP/1.1Host: notes.services.box.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://notes.services.box.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTss; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=Sec-WebSocket-Key: fmJGJvwLeeGgkVmH0zMN5g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11nYq&sid=lpvWMe6y-UCxux37ALr5 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTss; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11ndL&sid=lpvWMe6y-UCxux37ALr5 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTss; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=
Source: global traffic	HTTP traffic detected: GET /api/v2/auth?users=key HTTP/1.1Host: auth.split.ioConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0SplitSDKVersion: javascript-10.22.3Authorization: Bearer 3sd5ltupa3cq5t3ovm1r2kear6i4kvmeb42aContent-Type: application/jsonAccept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://notes.services.box.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11nue&sid=lpvWMe6y-UCxux37ALr5 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTss; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=
Source: global traffic	HTTP traffic detected: GET /clientSocketConnectionInfo?fileId=1164721829413&_=1679349452465 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"feature-flip-user-id: 2sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01csrf-token: CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTssX-Requested-With: XMLHttpRequestsec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=CJV4Xhnu-ZbGz_MhHS_5Lv2FX3MKsddXFTss; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11opk HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQ
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=websocket&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://notes.services.box.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQSec-WebSocket-Key: z/pPhN2448WLvSl+E3oqVQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11ou9&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQ
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11pEh&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQ
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11piq&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQ
Source: global traffic	HTTP traffic detected: GET /box-image?encoding=base64&fileId=1164711816928&fileName=Box%20Notes%20Image%202023-03-14%2021.15.17.png&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2F821u4wbadx46bwm98ch1k57gcclzy6zt&viewContext=inline HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQ
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11psr&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=3n2BNNff-f88yMe25l-tL7S-1U1Ip0ms8VxQ
Source: global traffic	HTTP traffic detected: GET /box-image?fileId=1164711816928&fileName=Box%20Notes%20Image%202023-03-14%2021.15.17.png&sharedLink=https%3A%2F%2Fapp.box.com%2Fs%2F821u4wbadx46bwm98ch1k57gcclzy6zt&viewContext=inline HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=pv4j98LK-sTVfe-emjGh54u0gzHOptlwvP40
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11qbV&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDU0MzE3LCJldmVudElkIjowLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6MX0=; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11sN_&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://faxmail-secondary.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://faxmail-secondary.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://faxmail-secondary.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://faxmail-secondary.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://faxmail-secondary.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://faxmail-secondary.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://faxmail-secondary.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11u9c&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11vxR&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11xjH&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11zUv&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS11_GT&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /sse?channels=ODc1NTA5MDQw_MjYwNzIzNzc1MQ%3D%3D_control,ODc1NTA5MDQw_MjYwNzIzNzc1MQ%3D%3D_mySegments,ODc1NTA5MDQw_MjYwNzIzNzc1MQ%3D%3D_splits,%5B%3Foccupancy%3Dmetrics.publishers%5Dcontrol_pri,%5B%3Foccupancy%3Dmetrics.publishers%5Dcontrol_sec&accessToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IkRQVkE3QS44czhnaVEiLCJ0eXAiOiJKV1QifQ.eyJ4LWFibHktY2FwYWJpbGl0eSI6IntcIk9EYzFOVEE1TURRd19Nall3TnpJek56YzFNUT09X2NvbnRyb2xcIjpbXCJzdWJzY3JpYmVcIl0sXCJPRGMxTlRBNU1EUXdfTWpZd056SXpOemMxTVE9PV9teVNlZ21lbnRzXCI6W1wic3Vic2NyaWJlXCJdLFwiT0RjMU5UQTVNRFF3X01qWXdOekl6TnpjMU1RPT1fc3BsaXRzXCI6W1wic3Vic2NyaWJlXCJdLFwiY29udHJvbF9wcmlcIjpbXCJzdWJzY3JpYmVcIixcImNoYW5uZWwtbWV0YWRhdGE6cHVibGlzaGVyc1wiXSxcImNvbnRyb2xfc2VjXCI6W1wic3Vic2NyaWJlXCIsXCJjaGFubmVsLW1ldGFkYXRhOnB1Ymxpc2hlcnNcIl19IiwieC1hYmx5LWNsaWVudElkIjoiY2xpZW50SWQiLCJleHAiOjE2NzkzNTMwNTYsImlhdCI6MTY3OTM0OTQ1Nn0.EU78YDcK7A0PsX0DnaMpjCfsW1yCbec-x3877tb3wnQ&v=1.1&heartbeats=true&SplitSDKVersion=javascript-10.22.3&SplitSDKClientKey=b42a HTTP/1.1Host: streaming.split.ioConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: text/event-streamCache-Control: no-cachesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://notes.services.box.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS1212l&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS122q3&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS124ku&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS126WP&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS128I0&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS12A3X&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS12BrF&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=
Source: global traffic	HTTP traffic detected: GET /3/9133/3001/socket.io/?clientVersion=8.2297.0&EIO=4&transport=polling&t=OS12DdH&sid=FJ53pnQpy7l_zAfJALr7 HTTP/1.1Host: notes.services.box.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: /sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://notes.services.box.com/p/note?fileId=1164721829413&hostname=app.box.com&sharedLink=https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70iAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: box_visitor_id=6418d6ca5e3329.19175673; site_preference=desktop; _notes_oauth_csrf_=1; _csrf=9Jkb_iTh2H9TT0x0eXtm4Usr; express_sid=s%3Ap3GWpWJOpsYrP-20xhjT-4-cNsueMW7i.x7oX7CPcvGzfPM9LZe1RHn9zuxplz2U32vEZALC2ogk; csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; amplitude_id_c6eb3d709c5c30ca80c0381080bcc254box.com=eyJkZXZpY2VJZCI6IjM1ZWUzNTA3LTU2MTYtNDJlYS05MzZkLWEyNjA1NTlkZGJmNVIiLCJ1c2VySWQiOiIyIiwib3B0T3V0IjpmYWxzZSwic2Vzc2lvbklkIjoxNjc5MzQ5NDU0MzE1LCJsYXN0RXZlbnRUaW1lIjoxNjc5MzQ5NDY5NTY1LCJldmVudElkIjoxLCJpZGVudGlmeUlkIjoxLCJzZXF1ZW5jZU51bWJlciI6Mn0=

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 21:57:45 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9x-powered-by: Expressset-cookie: csrf-token=pv4j98LK-sTVfe-emjGh54u0gzHOptlwvP40; Path=/; Secure; SameSite=Nonestrict-transport-security: max-age=31536000x-frame-options: ALLOW-FROM https://app.box.comcontent-security-policy: frame-ancestors https://app.box.cometag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"x-envoy-upstream-service-time: 422Via: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 21:57:46 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9x-powered-by: Expressset-cookie: csrf-token=iXEzHntu-WgXR6ZwCjAI7EFS1WJxsmu-iizw; Path=/; Secure; SameSite=Nonestrict-transport-security: max-age=31536000x-frame-options: ALLOW-FROM https://app.box.comcontent-security-policy: frame-ancestors https://app.box.cometag: W/"9-0gXL1ngzMqISxa6S1zx3F4wtLyg"x-envoy-upstream-service-time: 598Via: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Connection: close

Source: chromecache_220.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_167.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: chromecache_194.1.dr, chromecache_223.1.dr	String found in binary or memory: https://app.box.com/s/821u4wbadx46bwm98ch1k57gcclzy6zt
Source: chromecache_187.1.dr	String found in binary or memory: https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70i
Source: chromecache_167.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: chromecache_167.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: chromecache_223.1.dr	String found in binary or memory: https://faxmail-secondary.z13.web.core.windows.net/
Source: chromecache_167.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4gaVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4iaVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4jaVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4kaVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4saVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4taVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4uaVI
Source: chromecache_171.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsgH1x4vaVI
Source: chromecache_181.1.dr, chromecache_190.1.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_224.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_224.1.dr, chromecache_181.1.dr, chromecache_190.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_224.1.dr, chromecache_181.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_167.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: chromecache_167.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: chromecache_167.1.dr	String found in binary or memory: https://spoppe-b.azureedge.net/files/fabric-cdn-prod_20211104.001/assets/item-types/32_2x/docx.png
Source: chromecache_167.1.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: chromecache_167.1.dr	String found in binary or memory: https://youngarsmfg.com/faxmail/postoo.php

Source: unknown

Source: classification engine

Classification label: mal64.phis.win@29/65@23/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1768,i,15355743440405815616,15119586194272472126,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70i
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1768,i,15355743440405815616,15119586194272472126,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

ID:	830993
Product:	CloudBasic
Start time:	22:56:30
Start date:	20.03.2023
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Windows Analysis Report
https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70i

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70i

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://app.box.com/s/qft12my1l5l17o04knifd8gw776ko70i