Windows
Analysis Report
Microsoft account password reset.eml
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64_ra
OUTLOOK.EXE (PID: 5948 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\Micr osoft acco unt passwo rd reset.e ml" MD5: 91A5292942864110ED734005B7E005C0) ai.exe (PID: 848 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "49D 15917-4226 -410E-AAC0 -9AD0D94F6 BC4" "D0EF 352A-40E8- 42FB-BCA9- 2C57AB1CB8 8A" "5948" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) chrome.exe (PID: 1976 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// nam04.safe links.prot ection.out look.com/? url=https% 3A%2F%2Fgo .microsoft .com%2Ffwl ink%2F%3FL inkId%3D52 1839&data= 05%7C02%7C jill.baril e%40raveis .com%7C841 6847c3eb14 4ad0d2a08d c7a632657% 7C1b6c0a12 f7be44e5b4 04d3d3b6f9 3175%7C0%7 C0%7C63851 9813465817 312%7CUnkn own%7CTWFp bGZsb3d8ey JWIjoiMC4w LjAwMDAiLC JQIjoiV2lu MzIiLCJBTi I6Ik1haWwi LCJXVCI6Mn 0%3D%7C0%7 C%7C%7C&sd ata=mgFmAg YrPxc%2Bey Oh4Tr%2Fci k%2F0i7%2B eZeozVS4QQ shZjw%3D&r eserved=0 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) chrome.exe (PID: 4144 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2184 --fi eld-trial- handle=198 4,i,101487 8220127088 8800,49950 3456793492 2414,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File Volume queried: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 13 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 Extra Window Memory Injection | 1 Extra Window Memory Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
nam04.safelinks.protection.outlook.com | 104.47.73.156 | true | false | unknown | |
www.google.com | 142.250.185.68 | true | false | unknown | |
c.s-microsoft.com | unknown | unknown | false | unknown | |
assets.onestore.ms | unknown | unknown | false | unknown | |
i.s-microsoft.com | unknown | unknown | false | unknown | |
ajax.aspnetcdn.com | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.113.194.132 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.250.185.68 | www.google.com | United States | 15169 | GOOGLEUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
152.199.19.160 | unknown | United States | 15133 | EDGECASTUS | false | |
88.221.125.143 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
2.16.164.83 | unknown | European Union | 20940 | AKAMAI-ASN1EU | false | |
172.217.16.206 | unknown | United States | 15169 | GOOGLEUS | false | |
23.43.61.127 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
20.189.173.4 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.251.5.84 | unknown | United States | 15169 | GOOGLEUS | false | |
104.119.109.218 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
23.197.124.141 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
23.43.62.58 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
184.28.89.233 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
88.221.169.152 | unknown | European Union | 16625 | AKAMAI-ASUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.217.23.99 | unknown | United States | 15169 | GOOGLEUS | false | |
104.47.73.156 | nam04.safelinks.protection.outlook.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
IP |
---|
192.168.2.18 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1445857 |
Start date and time: | 2024-05-22 17:19:51 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Microsoft account password reset.eml |
Detection: | CLEAN |
Classification: | clean2.winEML@18/16@14/100 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 52.113.194.132
- Excluded domains from analysis (whitelisted): ecs.office.com, fs.microsoft.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, s-0005-office.config.skype.com, ecs-office.s-0005.s-msedge.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: Microsoft account password reset.eml
Input | Output |
---|---|
URL: https://privacy.microsoft.com/en-us/privacystatement Model: gpt-4o | ```json { "riskscore": 1, "reasons": "The provided JavaScript code appears to be related to mobile browser compatibility and initialization settings. It disables automatic page initialization for jQuery Mobile and adjusts the viewport settings for Internet Explorer Mobile 10. There are no evident signs of malicious behavior such as data exfiltration, obfuscation, or unauthorized access attempts." } |
/*<![CDATA[*/if($(document).bind("mobileinit",function(){$.mobile.autoInitializePage=!1}),navigator.userAgent.match(/IEMobile\/10\.0/)){var msViewportStyle=document.createElement("style");msViewportStyle.appendChild(document.createTextNode("@-ms-viewport{width:auto!important}"));document.getElementsByTagName("head")[0].appendChild(msViewportStyle)}/* */ | |
URL: https://privacy.microsoft.com/en-us/privacystatement Model: gpt-4o | ```json { "riskscore": 1, "reasons": "The provided JavaScript code checks for a global privacy control setting and a specific cookie related to third-party ads opt-out. It does not exhibit any malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The code is primarily concerned with privacy settings and cookie management, which are common practices in web development." } |
/*<![CDATA[*/ // const globalPrivacyControlEnabled = navigator.globalPrivacyControl; const GPC_DataSharingOptIn = (globalPrivacyControlEnabled) ? false : checkThirdPartyAdsOptOutCookie(); function checkThirdPartyAdsOptOutCookie() { try { const ThirdPartyAdsOptOutCookieName = '3PAdsOptOut'; var cookieValue = getCookie(ThirdPartyAdsOptOutCookieName); return cookieValue != 1; } catch { return true; } } function getCookie(cookieName) { var cookieValue = document.cookie.match('(^|;)\\s*' + cookieName + '\\s*=\\s*([^;]+)'); return (cookieValue) ? cookieValue[2] : ''; } //// /* */ | |
URL: https://privacy.microsoft.com/en-us/privacystatement Model: gpt-4o | ```json { "riskscore": 2, "reasons": "The provided JavaScript code appears to manipulate the DOM to decode HTML entities and manage the visibility of certain elements. It does not exhibit any obvious malicious behavior such as data exfiltration, credential stealing, or unauthorized access. However, it does modify the DOM based on certain conditions, which could potentially be used for phishing if combined with other malicious code. Overall, the risk is low but not zero." } |
/*<![CDATA[*/function DecodeHTML(){$(".msame_Header_chev").length&&($(".msame_Header_chev").text()?$(".msame_Header_chev").html($(".msame_Header_chev").text()).show():$(".msame_Header_chev").hide())}function checkDecode(){DecodeHTML();$(".msame_Header_chev").unbind("DOMSubtreeModified",checkDecode)}$(document).ready(function(){var i=document.getElementById("cli_shellHeaderSearchInput"),t=$(i).attr("placeholder").match(/&#(\d+);/g),r=t&&t.length,n;if(r)for(n=0;n<r;n++)i.placeholder=i.placeholder.replace(t[n],String.fromCharCode(t[n].match(/\d+/)))});$(document).ready(DecodeHTML);$(window).load(DecodeHTML);$(window).resize(function(){$(".msame_Header_chev").bind("DOMSubtreeModified",checkDecode)})/* */ | |
URL: https://privacy.microsoft.com/en-us/privacystatement Model: gpt-4o | ```json { "phishing_score": 0, "brands": "Microsoft", "phishing": false, "suspicious_domain": false, "has_loginform": false, "has_captcha": false, "setechniques": false, "reasons": "The URL is legitimate and matches the official Microsoft domain. The content and design of the page are consistent with Microsoft's branding and style. There are no login forms or captchas present, and no social engineering techniques are evident." } |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.389511387591538 |
Encrypted: | false |
SSDEEP: | |
MD5: | 013F440F266FCE63DA789C655FFEEFF7 |
SHA1: | 23F16BBD68D872424B182E8E5F940D033BA60306 |
SHA-256: | 29625703D28CFA0E6DF70C9359A18BF952E23A7CDF13DC4A0242FD4FAB47896B |
SHA-512: | 522206E728B6ECFFCE55D0233064B776F91019E75323D6F68752EF1A535702A74A22342A70ADD44877C20F71429C9CBD3A4EE2AA9E0D96859FDD74B8E2B69EEF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04616353740967531 |
Encrypted: | false |
SSDEEP: | |
MD5: | D032EF426BF41861C642558CE15D907D |
SHA1: | B3B3A983F070E6B2CB2B1D0F2B1C32AC6041F86B |
SHA-256: | 2D15FA5A4770BEFC1639258F6EB71F09A116E3D8B98A0A0956A4050A618F63E0 |
SHA-512: | 20B62C74FF71323E0B3CC5D38EE462B9069539E1303773F4A9B062721334DFB36BFEE12717BA59A4EC3717A60039A7350ACCCE80F23E3A0AF1673146A5387245 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 49472 |
Entropy (8bit): | 0.4833563751329196 |
Encrypted: | false |
SSDEEP: | |
MD5: | 384BD78078F08EA97558A884B561226C |
SHA1: | C95853C877AAA52D7916220A367D86270E3A98F7 |
SHA-256: | 60921452A7E58CA6124862342C2B33D19CE863F7CDE303C93650A7A1FC6334C6 |
SHA-512: | EA850444E27D91593DD69AB7EEC42E3D019505E54E5D314D0D0A4239EA82C8A15310B18745EE6BF19A5A05D2F8FBECA25497981F2B2EEA775A6A2F0B77D8FA85 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{BD8B9D8B-7081-4C48-9C71-7E1E97913319}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5792 |
Entropy (8bit): | 3.761547149316112 |
Encrypted: | false |
SSDEEP: | |
MD5: | 231BEE2ED4CFB95040432FFF97A0D69A |
SHA1: | E08E73D0BD54A011D5543074C3E0FB12F560F68F |
SHA-256: | EE39D57E87C991A1E726458A3815F2669637480F7B3368D95313A4128ED2B7C2 |
SHA-512: | 2892F0D1F3123C6769C6F3E6D747F4DCF96F6C84521C335644BEEB4F9640117BBFA73C224D9C3B6B36CD9FF617596352F768222AFBCCB7D577C84A7A3549DB39 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1716391221505305300_868CD212-180C-4629-8AD2-457A2641255B.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.15940286370539525 |
Encrypted: | false |
SSDEEP: | |
MD5: | 422B4BB94069D208313AFD67F9918A8D |
SHA1: | CF2A275288EC146403EF1452788DCDC396F764BF |
SHA-256: | F3727EABBC1D19FC39C33E5CC1444AA1CA306B9ADDBBC44BDF0C03A08B7FC007 |
SHA-512: | EAA2AD787962A229DCFA30175BA3790AD9514F22746E30543D045216BDEC0A7710ADD08B8E3F9D10D186B9688B9817BFDCCDAE2DBE3BA6A3BFD31A0C0C6EEAF2 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1716391221506206300_868CD212-180C-4629-8AD2-457A2641255B.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240522T1120210296-5948.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 102400 |
Entropy (8bit): | 4.482702300961524 |
Encrypted: | false |
SSDEEP: | |
MD5: | 05F84205B61D8B2DF906ABD17247D486 |
SHA1: | 60C86D13987A81948B1A771DCDF3910938D35502 |
SHA-256: | 8EDB8B87E9C27017DE1DBE3CF8B305CF04ED1069A5B4FE70528BF9903D8D2E0B |
SHA-512: | 050ED4D157C0F4780CE280CF358506381EF37F6DE5AEB678AB7B3E23E83040A0AB572ABF7397029BCB249F3AE278716CDF3C92E1DABF89F07ECC69A9E075F9A6 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | |
MD5: | 30574CF60BE8A70236BF038FE74F4520 |
SHA1: | 6AA4BEEB7E829B4574E96D210D4BAFE7501EE678 |
SHA-256: | DF6FEF9A5A128090D41F7C751079090D1362C4D911F0B51DAFB02F5996C0612B |
SHA-512: | B893CF891E52FE31DEB9DFB0BA40C8DF7CA0CE3B24FC561C199F9DD212EB296F182E752E45C736C20D30932A86FE9CFF67C4291195425820DBCA3402BC610984 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.983369101099558 |
Encrypted: | false |
SSDEEP: | |
MD5: | 865DBC7C8010F11FA54E823ED3555A53 |
SHA1: | D517C4A0E892CE3404C5EE1C4BA194C1C81AF111 |
SHA-256: | A04DBF4273F5AA403FDF532FB1BC3419B88F20A5256F5FDF4761F4C0235255C4 |
SHA-512: | 4DE061D4CDDE5FD2BEA0B2CA19096226ADD0F2DCE92C91E6FE38B4F6B77213ACEA9A1ABACC6504A28E2F3331F48800578C2E121ACA6B5302A37E0EC924DE93FD |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.001458917192005 |
Encrypted: | false |
SSDEEP: | |
MD5: | A257872179A45A7E5D8214394EC85701 |
SHA1: | 982CE8F3BB1D391183C73D1C70688F288AFB8F71 |
SHA-256: | 8FD150F363DA7A9E867A1E4D9A964176DB35ECBFFF218C854D69ED8A7EC2BAD4 |
SHA-512: | 6A41EFFD6624193F6F5339619EC0D73EB67935FFACA0682BEFEE317CF3120FEFC06BB15B48E7B37B1248A69F7F2DF5E4A635A05B91CBB0F37289A938B471CB01 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2691 |
Entropy (8bit): | 4.004871697161908 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1FCF741501D37B5CE38950C5E777FF9E |
SHA1: | DF043AB45B1656EE7354C93B5F1AF4621F1A6A07 |
SHA-256: | A63A5F423ADD7D2984EB0896914B8B8E6970D084A66A3DF9FB3F56ABAFFB069F |
SHA-512: | DBF7A3BE9187C07389653E5D7281DC58607BE81ACA82313029B82221FDBBA9F3FC2D193B4A2E96C8D813EAB98C55E7334E31A536211F5B619C1957552DC06A05 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9962738905439172 |
Encrypted: | false |
SSDEEP: | |
MD5: | 80C30117BF7FFA267C9ADB179D2651DC |
SHA1: | 06D9BCFE4CB3675401DBEC7F3977C611E6B012D5 |
SHA-256: | 5568B8BF7F2EDF7281983241FAE6DB97390DF9F1D145D912A49FE5BEDA9C81AC |
SHA-512: | A1461F26A448F1955A176E4AEDC43FC9BBF8CCA1FA0B78EF750FC26F21557E6F3B709F8F6255C73D5F724A6E7BA833C26ED0A4C0C594A19C86E014555E8B8495 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.98490671800068 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2E61E7FA86AB9DBA9E3017EACF863D59 |
SHA1: | A5A51B2394FA9AA5FE7C136CD55EB2455490D4F1 |
SHA-256: | B1D575AAFBF30919F80A8AF0BFAD25F7C2344AE02DC8BA0240309DB17F067C9B |
SHA-512: | 18299BA92FD1FE5A6CA6EF7A119EE6A0E2C03D15B60E35E630DFDB3E7C8827AE3F899FD6E98B343E65D3350DB1849FEDA0F91F2DC836AD57A18A4BD556EB1F01 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9972814750932586 |
Encrypted: | false |
SSDEEP: | |
MD5: | 967D783F83F1D714E6C6FB3448018E90 |
SHA1: | FAA290FEA3E9D50029149827AABDC372438AE48C |
SHA-256: | 4E15C1C2E3DCEC8A4D6310A713CF655C9FCC875EBBA0C2E4892D8BB97140F791 |
SHA-512: | C69D47C1C56B41953CA64D1CDF898866B9B8E2EECDE1DE1EEB445A85059481DB0C4A7DCE043F99796628140D1F9CF87E32CE345C1BA7EE4EFF2DF0B3F28C44FD |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 2.783331267789484 |
Encrypted: | false |
SSDEEP: | |
MD5: | A91916964EEA535A8E7888EACD0660C4 |
SHA1: | 4C64D3C57B3F0682BC42E52A5C22083B631503CB |
SHA-256: | CCAFD1A1878B8F0C47791356964C6D2581240F68088D44E97F525B11B65BD5C1 |
SHA-512: | B69A243C979105E12BB8EFBCD97A28CE5A376C0988C8356D39D52BE8782E8385C1D584D796C61FD23D01A2AADF1395E74EF13BFD3E6A87225334E0390371232E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 3.664561524898687 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2AF7B7E743584C605C22AA8AA013E9D6 |
SHA1: | D9542AF0A46B7F04209C73AEC795FBAA4E9584F5 |
SHA-256: | C306DEF6B22494D50B7F1BEE523C7748510C9D7905D4E82D36DDA181612C7772 |
SHA-512: | B75F9D6FBBFC9EB2C59042D20E52F7EB811B144D867E75D169B0EB687567E112FA9D997059B3B243DABF89DD7370DB5EB21AC0FF55A80F396EFF3A4EA3B06B02 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 6.063928024711045 |
TrID: |
|
File name: | Microsoft account password reset.eml |
File size: | 22'510 bytes |
MD5: | 1b6912cbc3cd2e9d636a30a239b50dad |
SHA1: | 485dc35b2b2c9f3452bf5191796f8f3df5d7b194 |
SHA256: | 5f406ad293880d4f0207e580ba0bbd16381ea97e8e3d937ea4d24b8cac1b7b5b |
SHA512: | 8b989a4772a61a8adae3e43eef5a7c9297d4564b41a4ec8e212874325508d3c7ae02604b06571b48df19fafa585fb4bff756b7adf5b9a427b7ad0c275eb14be4 |
SSDEEP: | 384:DJfV3WHBYFHaqU+6odF3/6yjqUa3x5Am4+vCtzREw1Jsp4Mububp4dRPxg1:F9mMHaX+dZafAt+8TsGMu6t4TPxw |
TLSH: | 55A23C16CD52183A8FF264DCAC02FD0B72B21D9F90B3D1C478E9669309CF5DA9B1364A |
File Content Preview: | ...Received: from BY1PR18MB5397.namprd18.prod.outlook.com (2603:10b6:a03:52c::6).. by LV8PR18MB5854.namprd18.prod.outlook.com with HTTPS; Wed, 22 May 2024.. 13:29:06 +0000..ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass;.. b=lEDp |
Subject: | Microsoft account password reset |
From: | Microsoft account team <account-security-noreply@accountprotection.microsoft.com> |
To: | jill.barile@raveis.com |
Cc: | |
BCC: | |
Date: | Wed, 22 May 2024 06:29:02 -0700 |
Communications: |
|
Attachments: |
Key | Value |
---|---|
Received | from accountprotection.microsoft.com (52.234.111.146) by CO1PEPF000044F1.mail.protection.outlook.com (10.167.241.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.14 via Frontend Transport; Wed, 22 May 2024 13:29:02 +0000 |
ARC-Seal | i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Oc2D0gihqu2VzMJoerZtIA5kKw6485y9No6N4/ZZ5uMGy6GIflT3ijNZDOgt3n+EzgjTdDl2Wtod7D8/WQvlPtNi6/sywUiQI0jzep1qopN5US3+2VOvgFslThS0fKRuTEG1S533fzWMyodFOQTghzdIOG9FDcSlfZ3/OxvVCV2Nd7+dwXJ2Xu3QsX8uWons7itOIVxrzyaD+0+MX422o5qo9c9zK3Zh4A6KSDKT7UGs8m8nNaqUOUZDP9rozHsPK9Dg2wDbJDwPULGwOmr4/cOSrgl134NsjhktE6XvUWs91YYEAn7dsgtC7x8KxvyJ7LUdh2fkVHs9gr2oEuow6Q== |
ARC-Message-Signature | i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LaCgrEt5cuNJc+aioTpV4pgK3ZZjvRGrAbtGmwtItvY=; b=nS2txwcmYHWh2YsktzKhOQx7Dndt8ST2SxGuSq/wGUPKzcOQ9pvHL/S4De7vyy+BFOcHX481BdHmMDUtFsCxjsE2Al3ZoImL23vLt9tXBQJiWbr1rR7tXHjDAl81RYo2J2jy5ZmmZ+Teg8GlyKCsVs8FoJxbPs1Vuvh4QIcZcgrUozLVXDMWa8Quk5HyZiWBYT7bP1Uyr/z+a7aiHbibbtFE65zz3ap8RAwAUogu6QpjMc6AnIYn3cxhA83X6NG84oT5Ck1WzSkJcWAQitirINkRnPRG/tbO5JkUHV7vmbIq4IJSJgQMZqGuL7Uca2R73+FAE0rMRiuUjiXjFSQB5w== |
ARC-Authentication-Results | i=1; mx.microsoft.com 1; spf=none; dmarc=none action=none header.from=accountprotection.microsoft.com; dkim=none (message not signed); arc=none |
Authentication-Results | spf=pass (sender IP is 40.107.93.110) smtp.mailfrom=accountprotection.microsoft.com; dkim=pass (signature was verified) header.d=accountprotection.microsoft.com;dmarc=pass action=none header.from=accountprotection.microsoft.com;compauth=pass reason=100 |
Received-SPF | Pass (protection.outlook.com: domain of accountprotection.microsoft.com designates 40.107.93.110 as permitted sender) receiver=protection.outlook.com; client-ip=40.107.93.110; helo=NAM10-DM6-obe.outbound.protection.outlook.com; pr=C |
DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=accountprotection.microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LaCgrEt5cuNJc+aioTpV4pgK3ZZjvRGrAbtGmwtItvY=; b=k70t/iNQV8WciXK+mnYdYDy5VyhqnoX06+WtPzvQSyIDzPn0FCopU4YeyOd5CXfwwootsDVvhU3f0hkYmY24u0NbQ5uIAeJuiAlwMi42G5QCMKe/D6ZkabjjovTvAzWNMuqC4vY3acUvDYqllXgBUZJpGh3jm1LfB+JSF7XrTQQ= |
X-MS-Exchange-Authentication-Results | spf=none (sender IP is 52.234.111.146) smtp.mailfrom=accountprotection.microsoft.com; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=accountprotection.microsoft.com; |
From | Microsoft account team <account-security-noreply@accountprotection.microsoft.com> |
Date | Wed, 22 May 2024 06:29:02 -0700 |
Subject | Microsoft account password reset |
To | jill.barile@raveis.com |
X-MSAPipeline | MessageDispatcherEOP |
Message-ID | <DFYVW0LA4NU4.Y3SF5D5949VB2@BY1PEPF00001EEF> |
X-MSAMetaData | Ds!Op1mFMTpEwo1*eB6HpoUglHIdp*vPbonG9Ggq3OtYf1*maAMB4dILV4zvkdLUCDJ7jCJkgbgKeuEShk*Fr3!VJ1QVLnVcgL0pe1mwoZq*OVHYMN6IUpTPX8a1hRTFvw$$ |
Content-Type | multipart/alternative; boundary="=-5M2/SoLwK6y4vW9CA15MYg==" |
Return-Path | account-security-noreply@accountprotection.microsoft.com |
X-MS-TrafficTypeDiagnostic | CO1PEPF000044F1:EE_FirstParty-MicrosoftAccount-V3-System|DM6PR16MB3639:EE_FirstParty-MicrosoftAccount-V3-System|MWH0EPF000A672F:EE_|BY1PR18MB5397:EE_|LV8PR18MB5854:EE_ |
X-MS-Office365-Filtering-Correlation-Id | 8416847c-3eb1-44ad-0d2a-08dc7a632657 |
X-MS-Exchange-SenderADCheck | 1 |
X-MS-Exchange-AntiSpam-Relay | 0 |
X-Microsoft-Antispam-Untrusted | BCL:0;ARA:13230031|376005|61400799018; |
X-Microsoft-Antispam-Message-Info-Original | R/J1cbQohUxIaYIjVzK1q69CHe5PBEhCpF11tsA/OjYx0Y82GKbWaiGzGZt0X6RGDc/8KcDnQKDx+amxSHoWJpREy42RkFXioXxQB4I8iyqqlgYtubOhsoefy613bt2kp/jWqll10Le5IU5GJMk5xZpRQ7ISyT0WNbLWaavAIugGvZeoCwJdYdVp/NY+uRkF6AmIubX2DSknsaIgHP1z3tHV59usST2fBfWIYqtwjZp7ukCWowPQCeHLKbwAaizqXdZ6g1EGOIeCwnbVTVtrFko6lFHKAzzE4fEBy1nf1CjZERnlRQzCF1qFBF7UbVYcqnQ+mObt4F1JVA5vOnZlPXoccaxaWMDyppmH5vVdTSB1hFCpWcDYt+qr5RY8QpOUJLMwR3vwA/+UYwTBxHGvPlArXHTH3AvxyyjInNmi5Qga2guTmM1VQjr7lKpjORzAeenXl+TJdr7br9hlRXMvL4jVE3YDEmqYRgVoTeSrjGBHTD/cPj+y88mFr3y+nH6wSVCX9xmbFMkTKYE/d5Q+21ZZaaefiGBx4pctAbmgCOCHg97lzqzXlnLTEPUQcbpAjwYdhAowh2S4dUhbSzD6c/UMCjpsyI0L9X8Y+IkSHD5XT9OBc8kPBcpt7B2gdszc/ZcHxFKc36FoJI7smI34UkS+passWbRVc9WEkTfbSqO8yHPxddwXNlyCDF1GT4dwKGKTwdgUGo9iNcRwxduMiZZX9f+yF9/MVVlocYA53ba1s+98zxOSCvk/nflI5q8InGqU53n3LkRexyR69i7LfKaQcipXOQ90CCIhCtvxBtCjTn15K13BJZEFqovrvfEbObGWr/AFLZvApwcQnnpSBhgAjf9unlnvEJgyvpls6R2mnKk1RO9utcNwOxyFBLdQxBLUci0AfXMFi8XxepqIMZNxmX8ELH5T9Zqk9J/ht4DbykMQV3FYghET+LG1mNfVqKVWRavu2IC/srpqMeN+56BIL1fbQo4dMz7Vi+OpW+L8L1X3MxqR1zJmPmnmuk/4HVkHyvHqlwDFwqFfUCV7OcnTyi5Sxg2UvWcVUMa0hbiXCvgL/8Cq7pCqUNTETmvu7F/+KZF03/zoGk8ZyCT/+AXR7BPpXSFqbOxqlCf+/2ybcd6jGNPERD0nDA8PbzI7TDcA21AxwEVVXNJDcAY1UhTbsNWcOssAaq3rYCM6MWtnXRQjo5h8/3l/s0OV1Toxtjb1Sr3Plf/vn1Dw/V68gobk1AOqYb1bnGtUUoSAiN8r/qoEpHRPAJoqVT8NCiKtIFya/7K+Hlbp/mjdgKHpJ1BEoUNqgrwOHSrfOumPWOwzcirY7XQbSIsrOVhbgIcEBpQEnpw/HoVz+0AL9cemQXBU76EWD7WJn9TEZ7T7kuE= |
X-Forefront-Antispam-Report-Untrusted | CIP:52.234.111.146;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:accountprotection.microsoft.com;PTR:messagedispatchervip.MSAEAP-Prod-BY01P.BY01P.ap.gbl;CAT:NONE;SFS:(13230031)(376005)(61400799018);DIR:OUT;SFP:1102; |
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount | 1 |
X-MS-Exchange-AntiSpam-MessageData-Original-0 | 4A368H+VLqgChEAWbki4T2ngqlHIC2Q6WAtGo0MC5mFPBvkG5l9V1pI5maN9s/KKHTUtxvXjL/I49prjph8QO8H0wIyNIc29pFNWiXATU6oLKELVI82pH5IvuEhud2RqDSvR+E2vnMZHDw2NBLZlgpbl6KGExApvjr9/i0yW1eRKiUUathM7dw3SH0DWCFaMB3aawYmZBYahs3NlW7r7bkQA25VB17lW0ENllbWN+5f3Ozl6IqF+4TzGkeBFDlQ1rkPE6OCmkbWg+bmjLZgu3fnL8AWcG2nfy//P/nhYfxOb2TMpCQDuo4F6mmyAb8DDwPIRSaxAB/Sw7opCzntmofVVnsncjijpTz+wW3R74zRkN24umV9swsP26NrkjhJ2olACRXLHeFrDWfNU3HWqDpRQjG7VTRmOeKtS1xiB7JzoAFxQP7fZSe4rqG+RaI++RaH62sZr4QDPjMcpM0vwp2ySYmLJvkqPg4uNgovJaRGbhcxVtQ5Pl2iXseMmk0zhpErfcJrtHbmAsz4BHQhS1w== |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | BY1PR18MB5397 |
X-MS-Exchange-Organization-ExpirationStartTime | 22 May 2024 13:29:04.3357 (UTC) |
X-MS-Exchange-Organization-ExpirationStartTimeReason | OriginalSubmit |
X-MS-Exchange-Organization-ExpirationInterval | 1:00:00:00.0000000 |
X-MS-Exchange-Organization-ExpirationIntervalReason | OriginalSubmit |
X-MS-Exchange-Organization-Network-Message-Id | 8416847c-3eb1-44ad-0d2a-08dc7a632657 |
X-EOPAttributedMessage | 0 |
X-EOPTenantAttributedMessage | 1b6c0a12-f7be-44e5-b404-d3d3b6f93175:0 |
X-MS-Exchange-Organization-MessageDirectionality | Incoming |
X-MS-Exchange-Transport-CrossTenantHeadersStripped | MWH0EPF000A672F.namprd04.prod.outlook.com |
X-MS-Exchange-Transport-CrossTenantHeadersPromoted | MWH0EPF000A672F.namprd04.prod.outlook.com |
X-MS-PublicTrafficType | |
X-MS-Exchange-Organization-AuthSource | MWH0EPF000A672F.namprd04.prod.outlook.com |
X-MS-Exchange-Organization-AuthAs | Anonymous |
X-MS-Office365-Filtering-Correlation-Id-Prvs | b9ab88e9-a606-45b6-0891-08dc7a63253a |
X-MS-Exchange-AtpMessageProperties | SA|SL |
X-MS-Exchange-Organization-SCL | 1 |
X-Microsoft-Antispam | BCL:0;ARA:13230031|35042699013|532500013; |
X-Forefront-Antispam-Report | CIP:40.107.93.110;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:NAM10-DM6-obe.outbound.protection.outlook.com;PTR:mail-dm6nam10on2110.outbound.protection.outlook.com;CAT:NONE;SFTY:9.25;SFS:(13230031)(35042699013)(532500013);DIR:INB;SFTY:9.25; |
X-MS-Exchange-CrossTenant-OriginalArrivalTime | 22 May 2024 13:29:04.2264 (UTC) |
X-MS-Exchange-CrossTenant-Network-Message-Id | 8416847c-3eb1-44ad-0d2a-08dc7a632657 |
X-MS-Exchange-CrossTenant-Id | 1b6c0a12-f7be-44e5-b404-d3d3b6f93175 |
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp | TenantId=5ba90553-c2cd-460e-b5fd-ab93ad9155c7;Ip=[52.234.111.146];Helo=[accountprotection.microsoft.com] |
X-MS-Exchange-CrossTenant-AuthSource | MWH0EPF000A672F.namprd04.prod.outlook.com |
X-MS-Exchange-CrossTenant-AuthAs | Anonymous |
X-MS-Exchange-CrossTenant-FromEntityHeader | Internet |
X-MS-Exchange-Transport-EndToEndLatency | 00:00:02.2797765 |
X-MS-Exchange-Processed-By-BccFoldering | 15.20.7611.013 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198); |
X-Microsoft-Antispam-Message-Info | YhSD3V9S03j4NmKZbVAm1ba+6CK8hQ9JNYv8rerv7C4/bdkSJrlysFlGGiJtmXVLi8MzofkGx2J7hisWrB5wiBrLLkEZC3RyjKbNtgeIjZd5quRkT3DI+VcYqF4Q0qb99TfHtZVDplhrKnzhKj/XKzjsvYv8pBij7KgfNjOeLe1eITrAOZZDVVhdp6gsHM5nRhroHe8QEc3ia5sGucJKdVK71guzmDz9kqePRAy8QcgmquZILFuaXELwb7SmnlL6JoT/cNLZO3t/kW3Uft6Hfzu8LU5DrIUs/wqMHeGrEq1aNMxPkEXs8cDFt0jlU0TRkx1hvgbP/hpAjlO+D1FCOZN7AXf/dpfHXfKayzXOC0iNB6SOZRL7q4an1832J4lntzqAL5th51UWTpEZRBvMz2sPNoJwf+mCAwp0jk42nOqRhB+pSe0QMMXfaO8VP+xmzujcUCNYSn8oNxNb5My7otDVuQO67Fsz+GLgHBwL/5feGBZe7j2ArFlCgQiOCHhM2ghtpojDTzbZVq9XSgxNrkfv9Su2ZFWvneN3pNTLGcemNSHjdQdZr4i7wZLvqaCkmzqtF9fDd0d+S/4A14WAWEYX0e3lf7edf6ztSLtlcHxuFRiGC3WEBK9wS3N69TiJ2l/FCqy7y37W6jHEfBZGATnXlEuzTbZz788a1fxUNEd96vkyBWYTLcMhaf2nRXQAD3Qag66ku8SbhnTdX3ZUDNXKSHz/3XPvf5EkaFeNSGYZzncOaEP/n+0bUUAkSQE/FWjUJbp6kZ5/Sxuw0VrZmvjvTYYYaJre6BKrgFjC9dPRB5nu23JldOZFSjgG+uxTe0cl6SUIR+UJdzbfBrmJzhUVGM0J8wcUgfAOtd/JyNdXQogGnNCPp+/jBv+hTPlPp8cFgpbEYivtE2fCEfdkkTyi6zk+Skq1UhcL6J7Ew+NuA0L2AiO6Lru3gRU3soqR6kpwqqxGU6uMiFNahhW7U5k8Fj0TYG7epIncyTUepA+j899Ew0Zb0h9UZ7bmRoC9zSjRnoH/eFAIKu8DW0GiElaiDrH6bhRDUeKGPpCaHqaUrvDYH8fUvAAw9g84sQcLWpGm33zb47NGCbQIgRIDOxPJTecbj2FRvM+VfkddT4CcBu0GUvsCh4WsutRuCZEj8Sr87zDAWZoxwKXQORaxkDjgcYNrAV85MqVIrYwZI7OYXtRWIwMLB1aCLuqp6532G8wM2gIVB7W4ElQ6bgfHhH8ft23sekxJRIR8LEqFW9Slnq+BBwI9zbd1dzg3Ku7cxlRYo9bRsmACuycc60imxvxph4DD1ivpA1jfpmSLQL5nilLhTBqtkQXKFVWQMJsrzdhtSYMf04VcimNmRXwlT3BnNmdrzPY/W7Iv/s+rekGI5Qc1L3ydMkqxaeE4ECNh6Dl1qp/IBp4t7V25KsG7rsictU7WyWS0WrHzxMff/B0UzEns84H+rNCRmrqin1pXFs5QeKpCxlysHKoPrSMwatz5P+dFW+vPUaSj8sl4i8gL6mimaHlv0b+IlpNSWKiy0eNcHLXN/FlIl6iAYPSvjcj5Vit++PtFB8Ih4Uk3aHWkyTSAmAJG1+Sawgroux7vatUTxUQLWu9UHh8yXaxnuVChMoOTRcceH0hxEAl6at2AgGjGwJLFnXgV3trXdfmK3TzjZs6He//IyDZHwRaRy9YwLQkgEL7NZe1LeY1oZ/trHuba06V73cQLx6f48KJpHKWObMAYnuP9pxiZEfvyIUdINl36+z7KAk4kGXm5CWfj1vhw2jfbAsx6f92e+LS69g18YLvCM7JbJ+rDAjx0LQkQ2RZw0WpGKxC8E4sKpdCGPLV5+1Dlb+Hj2LESU0AXe0w14/dXOXPy92MCLqPoKz9VXoK78iqoNpO3K6DF2NMEVgreLcvPWzwPzQkvtzKt/2zXx4dAIuIDDj6Id3NR2RvebWziXhBFPHZzCisuWAqXKzFgFIbCH5HAWGlPhtFHkHYa/J7CeuGXnKYps12yBuXsymEj900w8yZQON9Z4qEEJwZX1e6oF9YzqPAN5EWDyFttQ8QbHWKDoVKQ7GdJ5Q== |
MIME-Version | 1.0 |
Icon Hash: | 46070c0a8e0c67d6 |