Windows
Analysis Report
Order Confirmed.eml
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
OUTLOOK.EXE (PID: 6952 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\Orde r Confirme d.eml" MD5: 91A5292942864110ED734005B7E005C0) ai.exe (PID: 7108 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "C73 DFEB7-F67F -467B-B59E -72657F2C5 E1D" "6E67 A8CA-D00F- 4D50-95DE- C0DB381B1F 7D" "6952" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File Volume queried: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 13 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.113.194.132 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
20.189.173.8 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1446155 |
Start date and time: | 2024-05-22 23:53:26 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Order Confirmed.eml |
Detection: | CLEAN |
Classification: | clean1.winEML@3/12@0/21 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.113.194.132
- Excluded domains from analysis (whitelisted): ecs.office.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, s-0005-office.config.skype.com, ecs-office.s-0005.s-msedge.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: Order Confirmed.eml
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.3879517615334045 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4B75CE7AB1719C3BAFCAD022A3BA750E |
SHA1: | 52AA573F5D110E6FE9A666ECF14DA72045FE328D |
SHA-256: | 3C65AE5370D8B35604F8D5A6F2C217212C4C1C59BA16E711DEA2926977F45F53 |
SHA-512: | FA880410A1DFDD4D4E53080C3656C0688C921E2CF44DDC221F7BC7AE5060447EF37B6E8FD90DE1E85E967E47A9E9091F817F4D3534DF36603BC0DBC51247B892 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04545238723545637 |
Encrypted: | false |
SSDEEP: | |
MD5: | 2AD7ADF367EC74496A23E7B949F7E710 |
SHA1: | D7962929E220CF687467F9C3A34A766DB706D49D |
SHA-256: | 5E8EC97B4F863F506D738496DEE8E6C4C345AD69D53E41FA4F138B92613669B6 |
SHA-512: | F68B3D95E592A1A5B1741BF8B0652F90ADCFB9F00E3049276B559D67AC1BB6F72B1EA2A94899AE16A0BD5D0641D1DE5C1650FA617CD4DD116158EC50399F2C3F |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 49472 |
Entropy (8bit): | 0.48402729431131997 |
Encrypted: | false |
SSDEEP: | |
MD5: | F1A12A45D1E8CE935CD25CD41DAB1183 |
SHA1: | B097C4FCCDF15AB265412C87BEABF814193E3BF4 |
SHA-256: | E85AB1A9E693EEC15240F19595203AB8A2B4D4A5EE8C98747D7A63EFF3E24EF9 |
SHA-512: | BEFE4EEBF8AB43344FA77F8299517BA8BC0A969E118C2B8EE8A57E1303EA690AE0E72B2CD70E91E10822FFC649FC88476C7EB14ABD3C888972B4F00EA951FD82 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 338128 |
Entropy (8bit): | 7.8213472571029925 |
Encrypted: | false |
SSDEEP: | |
MD5: | DA3B16E249E381CB661EC82F027D10F2 |
SHA1: | 8712EFABCC6EE0196F07C6E049A215AB94CE4E06 |
SHA-256: | AB624207C8BEE626EC99E0DA2CDD21D3556D9BC2D2B78B274BC8A68718D3C4A3 |
SHA-512: | FB70900C7835C3E038BDC4B1075D5CBA3F0630D10D7FA78B8A8C7DF347136AC9EE86661ADDD4E7FFDB25F4F0C6D9F1C6078D7C6D3CDEFC12A721024A7EC6BAAB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{92A02C0B-46B5-4B28-8385-AD6890527AA6}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2824 |
Entropy (8bit): | 2.4873125447627498 |
Encrypted: | false |
SSDEEP: | |
MD5: | 54F5BF541AB355B1FC3A06B22D364415 |
SHA1: | F177E7B315174AAC74D23B5760B927FDD3344F0E |
SHA-256: | 884DB5E8D989A44DB8D40A187A865F516A80FA4BB8F4E39CD24B235BAE0BB6CC |
SHA-512: | 24F6E00A0AF2AAE10989F1D0B74CC327435B4E47C6388D0A18D980D40187C0D56DCD722AD4EB0603FAC6175418E7170700D32602C9D719A0337FCE8B2DA66235 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1716414838845389500_792DC315-C800-4C15-BBB9-989084541A30.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.1590878941955047 |
Encrypted: | false |
SSDEEP: | |
MD5: | 689443564961DB9DF78AE773D4E907AB |
SHA1: | BD3522A7522BB141B33F3A454A84C5045173124A |
SHA-256: | 532868E31F8ED086C1015374A68672359869EFF9C51AAF688A8DC1901AA2A401 |
SHA-512: | 8EC583493FE5B7C3FD84B754CDE5C1817955894EAA946797DC182A8F3B01A47D3C797EC5267BC4ED0A43521E1462D78C80BAA743F4287657A0A4C32A32C8E8F7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1716414838846078500_792DC315-C800-4C15-BBB9-989084541A30.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240522T1753580643-6952.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 106496 |
Entropy (8bit): | 4.494629025225982 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5811D61D9B0D9CA85CD550C2EA0C5306 |
SHA1: | AB870CD4BC8342769738417CF876E95AEF38B5C9 |
SHA-256: | 6DDA698452FA1235D2DC3257F14681F74A7AB32495C909FF9D336448803377E6 |
SHA-512: | 64679007497EA62FD4B5BDD1A8C05C90CD314AFF4875E8E37E42FA9358F98B346B9DBCA6B789B6B26FE216CDF0BA60132C61D7C79A73982998687B01AFA5F959 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 207056 |
Entropy (8bit): | 7.806005063777679 |
Encrypted: | false |
SSDEEP: | |
MD5: | DBC82EA2A3EE5129B26D503305E1E1F0 |
SHA1: | D60922BB323557B128EF6975F3728A52951E6B2F |
SHA-256: | 8761360E405FFDC64503D910D274409D588342505C698F8073E78EE4B8BBE26D |
SHA-512: | 6E65DA5EC9C7506CCB8247F992073B03B6B4508ED082BB032B0EB9A894D3DDC16577E59AA0EC9AB416F93FBA5DE92DD34C5208DA82FADC0FB243016765917596 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | |
MD5: | EFEFAB089466406984C4DD1176E0801A |
SHA1: | 3A61FE6B3FD273018D81DBD86D8B9477BD5F6998 |
SHA-256: | 9E6EE1D6E11BE9A79B9E207ED761D53FCC83E4537D117C102FE45E79747E0F3D |
SHA-512: | 97F44FA241D2390D94C68A9CF717431FA648C374A400EC34418E105E1A0CA07CDD9396E52AF42BA8DCCF7E2A4E898AFBF2AECF339D1699FE9CF9FCA95DDBE29A |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2302976 |
Entropy (8bit): | 2.1570547730867986 |
Encrypted: | false |
SSDEEP: | |
MD5: | C7ECA31BAB03D4A73DB20A8040830CAA |
SHA1: | 5ECFC20D63A73448514E510A77468D041807E1D6 |
SHA-256: | 47DD0BE9286E21E82221DC4F9B4750FDC5A70521D254D9A7D3C5F5551130B0B6 |
SHA-512: | 1A76FC33ADAF7CE2A5F6A5C84E099969BB80B51675BC2903F4EC756795914080F5FB6102CF928C675B2B93603DBED3D3642A43E361B9C58AE6F03C3C5CD5CA6C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 524288 |
Entropy (8bit): | 6.711490764550255 |
Encrypted: | false |
SSDEEP: | |
MD5: | C1711A7DD4B62851E2A1B7C01DC342DF |
SHA1: | D6196A8C5732C1CADC0B31FA1E64D443F85AA04E |
SHA-256: | 9A433887682F3010C9C4B361E40FF03E72DB6E21E90C0C0FEC4190211037B00B |
SHA-512: | 2D6475D0B6B2EE35CC1523D90916619A54A68329367CCB091ADAE98C3A05794933A96F448AFD2C10D6CD1FF3CB0DFD8650BBF3317585F5858FC1BD06C2668F73 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 6.03267509801886 |
TrID: |
|
File name: | Order Confirmed.eml |
File size: | 488'323 bytes |
MD5: | f433f633b790ffd8d573ae87e62e8ad0 |
SHA1: | c57008284638aab3c32b32298b7c18f98cc5e29c |
SHA256: | d9991507a5073451305da9ef84ae70cf5a3a3c5bf58a33e6e74a79383f197397 |
SHA512: | 254fecb95c2f80c019f8b664ba017eb14a5710393a7abb9a171fa2d2d1f110306152f2877b4938c76d45d3c7f907b15dcb9e7636e0ebb351e8664733ff6410ce |
SSDEEP: | 12288:9tMqo+kbyD20SKNjtwgndeN1Mr/wQ83+6rwV82oj6hTJ:9tMq58yDkKAIiMMQ8uwe82MUl |
TLSH: | 39A4D040D6B38E6B48829BAB18053AC1A078BBF142DCD1F770F9EB63F1B24E1C759255 |
File Content Preview: | Received: from YT2PR01MB9841.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:db::18).. by YQBPR0101MB5201.CANPRD01.PROD.OUTLOOK.COM with HTTPS; Wed, 22 May 2024.. 18:16:04 +0000..Received: from YT4PR01CA0215.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:ad::24).. by |
Subject: | Order Confirmed |
From: | ONGOCO Roegan Lloydd <haroldrobinson895@gmail.com> |
To: | chris.tone@handtmann.ca |
Cc: | |
BCC: | |
Date: | Wed, 22 May 2024 18:15:21 +0000 |
Communications: |
|
Attachments: |
Key | Value |
---|---|
Received | from 328165552991 named unknown by gmailapi.google.com with HTTPREST; Wed, 22 May 2024 18:15:21 +0000 |
Authentication-Results | spf=softfail (sender IP is 40.93.19.2) smtp.mailfrom=gmail.com; dkim=fail (body hash did not verify) header.d=gmail.com;dmarc=fail action=none header.from=gmail.com;compauth=softpass reason=201 |
Received-SPF | Pass (protection.outlook.com: domain of gmail.com designates 209.85.167.53 as permitted sender) receiver=protection.outlook.com; client-ip=209.85.167.53; helo=mail-lf1-f53.google.com; pr=C |
X-Sophos-Product-Type | Mailflow |
X-Sophos-Email-ID | 4b6046de2dbb4439bc9e92c722ba26e4 |
Authentication-Results-Original | spf=pass (sender IP is 209.85.167.53) smtp.mailfrom=gmail.com; dkim=pass (signature was verified) header.d=gmail.com; dmarc=pass action=none header.from=gmail.com; compauth=pass reason=100 |
DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1716401724; x=1717006524; darn=handtmann.ca; h=to:subject:message-id:date:senders_details:from:mime-version:from :to:cc:subject:date:message-id:reply-to; bh=uVy5BjjZwSFA8z77BwqZpUZWwFLhp1fw5C7fC9DNLwQ=; b=NxVc8ZQE9C4ksRz3zi+8Q9XwgucDntTqbQ1OtFTmqPMqCVVky2sgko+1jmTKf/5cnu Ky5Udied++P/WB+DpydEEIZafivrVgRKUFrMIcit5OzUNSiRjBgw1Nx4qJR3w/N/Gq1c QeFZinaHqm/71XWLMDG11IJa0qKCaGPZgrsNpahzarrMJoMFiFrLEKv22r5vsOAKJSun 4hPTnt5/dUveCHN0RGyhoEYjDKVO3z0PFVcmSXzQsz4kih72DZs604r5VfTf7pI5/bDu kT5aIGx5V5lc6shdFshm4PH3sqcBVGOez1wIm+Xzwd3Yd7raQ0Lh3fNykluJS9SyWpl6 MH0Q== |
X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716401724; x=1717006524; h=to:subject:message-id:date:senders_details:from:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=uVy5BjjZwSFA8z77BwqZpUZWwFLhp1fw5C7fC9DNLwQ=; b=TVAKsc/6GskUrWrXKJfuo6PUYdJLSn8CNzcZkvRnKxFbKmje1VoDy6iPWGzVOuXiPF Ml6F514KS7qH/guMG54a8wGo7TbFDIJ+jguXW8JBslZyslbFFdw9cgjkioqOV4Gd7FR7 4i295JxEo3RncwQLjA0VIpahiyjrF6T1FXso2bplMaar3iP4AnTEh5v/xqOHgZIoFbnv 1mONcnaIJrR7K6bYIi9lpcuR0qUj+/99fnFvsOLRK2LfGO3yB3/H5cvLjXOxPpF4hm5M FL7uWWM4u4xulUHQmrod8PJLxeE1thQl5cCh3WDET47B/0xj7Ila4ek1nLwex9p/qrv8 +5rQ== |
X-Gm-Message-State | AOJu0YwlYv+/vp01bBuVhVgdRBU5vpNs7Hy4hXdPe4wiZDnbRkQPA7A3 jDT5VxFIOpPU8R7J0EZFo21NmLvRiEiH6FnM7R0IDQoffTdRq/xvHR2KZU7XhvH5OAPz5C1Rq4B 11xzau7h8bPQ7ajSROXnbqQfKH8RgpARkdvrLQw== |
X-Google-Smtp-Source | AGHT+IFZ2UFyNku0hB3O8QycuDSseFVte8mnWQT6bsCQMzZ06Ur4fuUZnpBaqAuyrK4xfcKvNqXOT5E8DhzkWP2v0iY= |
X-Received | by 2002:ac2:5e29:0:b0:51e:245a:8ed3 with SMTP id 2adb3069b0e04-526bf268057mr1625844e87.28.1716401723478; Wed, 22 May 2024 11:15:23 -0700 (PDT) |
from | ONGOCO Roegan Lloydd <haroldrobinson895@gmail.com> |
Senders_Details | ONGOCO Roegan Lloydd:Sender_id:PIXS35P30B0RUWVIND42IA:haroldrobinson895@gmail.com |
Date | Wed, 22 May 2024 18:15:21 +0000 |
Message-ID | <CACTu6NaQp+-CXSki-ou-opu5KdT95T-RyopuW81O6oYbErWLJw@mail.gmail.com> |
Subject | Order Confirmed |
To | chris.tone@handtmann.ca |
Content-Type | multipart/mixed; boundary="00000000000005e6fd06190eebfe" |
X-EOPAttributedMessage | 1 |
X-EOPTenantAttributedMessage | 42294ed2-c4ff-4332-8e2e-a2dc7ee0537a:1 |
X-MS-TrafficTypeDiagnostic | TO1PEPF00005347:EE_|YQBPR0101MB5799:EE_|YT2PEPF000001CA:EE_|YT2PR01MB9841:EE_|YQBPR0101MB5201:EE_ |
X-MS-Office365-Filtering-Correlation-Id | da557a02-c7e7-4217-1bef-08dc7a8b3ce6 |
X-Microsoft-Antispam-Untrusted | BCL:0;ARA:13230031|7093399003|4073199003|5073199003; |
X-Microsoft-Antispam-Message-Info-Original | x6jwW7VJzIOSjZwmZ0trbvECP8hs8D7A5LWtbQD0ZIEi5lAEMCjAEc1d1ZuT/jiTE9omTyqHKsBWTTvXKxYqFbvS4yG5Jz1XIyTGP+4s6JfuGY4e3otWDxBbjI5VANKLNA1ShcjApGEoB6suRLfYSLTdSdZDuWA+oVvTmW7riLZFyNH5UMaBu1ysumd6Zs4HZzRVHs3LI5PWjqVO+69x57kqZJp3khm9ZuZTDA+zG8uHDA1AaYRtn+pUWutf1kbjzvdZAK0rN5LFu5SVm2zLY/8qhTDWDsxoKncFs4tDExVsnsMwQ4G5bYwWLJCrT7Yf/pgHO5qQQZ/lQvQ7Y636fJF9nxWyHAmCPltlx7+/0UYXhSRatumaybqHTtgtaUj1ro5L/e2/44O+HywHvIP0UJck1L8Ndlt7u1+/XPGSPjVWqRsaSrxbWlK+JNhE/PEJT38oHDPcxM2Ur2y4bEX5laHWx7XPymPeuDA/myl0DT9/wesWyZc/ZSfo1MpThbZQYXMj+dNWA7rlIlfsxMnJRAgBs0nPI1IvM7fG5Q/a6eQpeLVlmQwNzrRGlU0LmWuM9bUTQfi27PzgD1hLzN73iYSyQfGtT9QueO7c3BAqyEjGn9fH6niqaPqDTXKDBv2L4ZfRN9ik0/9P9gS/MxMbA99IaKeCyWk3O0dxYltXgth+G+VgqKHDaNTb3IvMblS3WJfEuhlZtDYi0PlOp5pB5BQgILtbH4UjX8Bv1k4n44ZnpiY6/kNmQLdd322Hq6iVocj31fZ+63Fe9AXdr1RIfwKnMFBrw67eEzfUxD80hlF6JY+kcKC0cfkDtrFzhuw6XAhhAsk89kfN3FoX7OrIS/h4DqcOEIrdkE/EX1zYBgt2NeCGuW0x8U62LrYsMPgEP8GQ3a34iWOH1t7JjTC5RzfrK85BC0K0XWBzDBP5gzkO7ysre7QseFhbNuNO5lZN1Tt5jptFh/FjKyCKlyCIcEbGgettk3FI5ZgeqoIocfnI0p3iRB/+udHjUXx9Nz++JLtzyI+65X6a42jmydEYSKHHwkyewkIlihQlyBN6LQ0Y1BFwyL2PO2YtANZhBRmOe6wIoLqblR8tcilZyA9++jTRLHqkId2+TgpkYfyjrcIEgEm+BshvGHbaQUo0qzyA0jQ4SvPCe1IYXnAIy40xhI6ocFNIA5cLPHKea29dSV45QuXps2Zo0qi0NoroaP0fMz9emsC5nW1EAiIJuRHMCIUKIegPHqvPXjM449ofMPpfcrf/EYi0juI7UVBgIqPFJ4xZ0ItDlh+lo7TVO9IrB8xVTvZcH6Bmo0mBRpz+1E4krAzc9AmZ+rXH0XwJKhBiVz9CBQKy+XMOzl0febt9RO8eFGAt31gOXjWnWp+pldxb8Ch2F3ULLyn59wNu57fctY+zWDHQrnT3GlVLV2dl3yEnYdmB5PYQoZzrhBD9DCEtFJQt5RTcjkP0rt1x8whpxgKR+GNYsfOH0MBwQgFh0AQXHtdi2ciLt5JKZ+NAclu3SmPPTmnaD5pTVQn1rD3DUuE8tFsZzLctIJKr7EkeDjtcBgpLc4HVd3H0tEAa4AOaqVWt9zXkNniZCIolTbc3D9ZTACnDgAgxMuIK16imVCY5uhLLhDkpUNLbBnAeDbABMEdTGA8N6qZqBjd4LIHQB6sRSWeAmBg6kmOTVd1QqoB7lB7xb89SYslPWbGwfmeBHnEaPBr9n2jS667FDMr6rtcHgWD6heHLa/i4Lll+j7SDpAmC3uaGx4Eam5ULK1+CfTMpWj575YxJeVS8xVfSmhZIde2cYBb0GgPgsfb+VYC1ShCFeosmLFeKtpdLk9pAFh6rKFZznDkqpFVs3DLFO6pIeCvz/YGd/D0VNPzTJEuJBbuf39HQ16CiQ3FqKXBQABUyY//Kb+26q63EIm+Nj+0ntvFUTy2F7DM2CxLi8B58BLFx4YuTbPMTUvNIjx4mLMezC0at1ckREf5bFmZ5 |
X-Forefront-Antispam-Report-Untrusted | CIP:209.85.167.53; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail-lf1-f53.google.com; PTR:mail-lf1-f53.google.com; CAT:NONE; SFS:(13230031)(7093399003)(4073199003)(5073199003); DIR:INB; |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | YT2PR01MB9841 |
X-Sophos-Email-Scan-Details | 27140d1e1540510e7e771140550e7d75 |
X-Sophos-Email | [us-west-2] Antispam-Engine: 5.1.5, AntispamData: 2024.5.22.173615 |
X-Sophos-SenderHistory | ip=209.85.167.53, fs=184387953, fso=184387953, da=209860345, mc=2422799, sc=38274, hc=2384525, sp=2, re=0, sd=0, hd=30 |
X-Sophos-DomainHistory | d=gmail.com, fs=65739, fso=65362982, da=70603169, mc=245646, sc=19260, hc=226386, sp=8, re=756, sd=2, hd=27 |
X-LASED-From-ReplyTo-Diff | From:<handtmann.ca>:9 |
X-LASED-SpamProbability | 0.079439 |
X-LASED-Hits | AUTH_RES_PASS 0.000000, BODYTEXTH_SIZE_10000_LESS 0.000000, BODYTEXTP_SIZE_3000_LESS 0.000000, BODYTEXTP_SIZE_400_LESS 0.000000, BODY_SIZE_10000_PLUS 0.000000, BODY_SIZE_100K_PLUS 0.000000, BODY_SIZE_25K_PLUS 0.000000, BODY_SIZE_50K_PLUS 0.000000, BODY_SIZE_75K_PLUS 0.000000, DKIM_ALIGNS 0.000000, DKIM_SIGNATURE 0.000000, DQ_S_H 0.000000, FROM_GMAIL_ASCII_NUM 0.000000, FROM_NAME_PHRASE 0.000000, HDR_COMMON_LOWERCASE 0.000000, HTML_NO_HTTP 0.100000, IMP_FROM_NOTSELF 0.000000, INBOUND_SOPHOS 0.000000, INBOUND_SOPHOS_TOP_REGIONS 0.000000, JPG_COMMON_HEADER_ORDER 0.000000, JPG_PIXPERBYTE_MED 0.000000, JPG_SPAMMY_SEGMENT 0.000000, JPG_SPAMMY_Y_RESOLUTION 0.000000, JPG_SPAM_ATTACHED 0.000000, KNOWN_MTA_TFX 0.000000, NO_CTA_URI_FOUND 0.000000, NO_FUR_HEADER 0.000000, NO_URI_HTTPS 0.000000, SINGLE_IMG_ATTACH 0.000000, SXL_IP_TFX_WM 0.000000, TRANSACTIONAL 0.000000, WEBMAIL_SOURCE 0.000000, __ANY_URI 0.000000, __ATTACH_CTE_BASE64 0.000000, __ATTACH_CTE_QUOTED_PRINTABLE 0.000000, __AUTH_RES_DKIM_PASS 0.000000, __AUTH_RES_DMARC_PASS 0.000000, __AUTH_RES_PASS 0.000000, __BODY_NO_MAILTO 0.000000, __CT 0.000000, __CTYPE_HAS_BOUNDARY 0.000000, __CTYPE_MULTIPART 0.000000, __CTYPE_MULTIPART_MIXED 0.000000, __DKIM_ALIGNS_1 0.000000, __DKIM_ALIGNS_2 0.000000, __DQ_D_H 0.000000, __DQ_IP_FSO_LARGE 0.000000, __DQ_NEG_DOMAIN 0.000000, __DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __DQ_S_DOMAIN_100K 0.000000, __DQ_S_DOMAIN_HD_10_P 0.000000, __DQ_S_DOMAIN_HD_1_P 0.000000, __DQ_S_DOMAIN_HD_20_P 0.000000, __DQ_S_DOMAIN_HD_5_P 0.000000, __DQ_S_DOMAIN_HIST_1 0.000000, __DQ_S_DOMAIN_MC_100_P 0.000000, __DQ_S_DOMAIN_MC_10_P 0.000000, __DQ_S_DOMAIN_MC_1K_P 0.000000, __DQ_S_DOMAIN_MC_1_P 0.000000, __DQ_S_DOMAIN_MC_50_P 0.000000, __DQ_S_DOMAIN_MC_5_P 0.000000, __DQ_S_DOMAIN_RE_100_P 0.000000, __DQ_S_DOMAIN_SC_100_P 0.000000, __DQ_S_DOMAIN_SC_10_P 0.000000, __DQ_S_DOMAIN_SC_1_P 0.000000, __DQ_S_DOMAIN_SC_5_P 0.000000, __DQ_S_DOMAIN_SD_1_P 0.000000, __DQ_S_DOMAIN_SP_5_P 0.000000, __DQ_S_HIST_1 0.000000, __DQ_S_HIST_2 0.000000, __DQ_S_IP_HD_10_P 0.000000, __DQ_S_IP_MC_100_P 0.000000, __DQ_S_IP_MC_10_P 0.000000, __DQ_S_IP_MC_1K_P 0.000000, __DQ_S_IP_MC_1_P 0.000000, __DQ_S_IP_MC_5_P 0.000000, __DQ_S_IP_RE_0 0.000000, __DQ_S_IP_RE_49_L 0.000000, __DQ_S_IP_RE_4_L 0.000000, __DQ_S_IP_RE_99_L 0.000000, __DQ_S_IP_RE_9_L 0.000000, __DQ_S_IP_SC_100_P 0.000000, __DQ_S_IP_SC_10_P 0.000000, __DQ_S_IP_SC_1_P 0.000000, __DQ_S_IP_SC_5_P 0.000000, __EMBEDDED_IMG 0.000000, __FRAUD_WEBMAIL 0.000000, __FRAUD_WEBMAIL_FROM 0.000000, __FROM_ACC_ENDS_IN_DIGIT 0.000000, __FROM_DOMAIN_NOT_IN_BODY 0.000000, __FROM_GMAIL 0.000000, __FROM_NAME_NOT_IN_ADDR 0.000000, __FROM_NAME_NOT_IN_BODY 0.000000, __FUR_RDNS_GMAIL 0.000000, __GMAIL_HTTPREST 0.000000, __HAS_ATTACHMENT 0.000000, __HAS_ATTACHMENT2 0.000000, __HAS_FROM 0.000000, __HAS_HTML 0.000000, __HAS_MSGID 0.000000, __HAS_X_FF_ASR 0.000000, __HAS_X_FF_ASR_CAT 0.000000, __HAS_X_FF_ASR_SFV 0.000000, __HEX28_LC_BOUNDARY 0.000000, __IMG_ATTACHED 0.000000, __IMP_FROM_FREEMAIL 0.000000, __IMP_FROM_NOTSELF 0.000000, __INBOUND_SOPHOS_US_WEST_2 0.000000, __JPG_HEIGHT_100 0.000000, __JPG_SPAMMY_SEGMENT_2 0.000000, __JPG_SPAMMY_Y_RESOLUTION_3 0.000000, __JPG_WIDTH_100 0.000000, __JSON_HAS_MODELS 0.000000, __JSON_HAS_SCHEMA_VERSION 0.000000, __JSON_HAS_SENDER_AUTH 0.000000, __JSON_HAS_TENANT_DOMAINS 0.000000, __JSON_HAS_TENANT_ID 0.000000, __JSON_HAS_TENANT_SCHEMA_VERSION 0.000000, __JSON_HAS_TENANT_VIPS 0.000000, __JSON_HAS_TRACKING_ID 0.000000, __MIME_ATTACHMENT_1_N 0.000000, __MIME_ATTACHMENT_N_2 0.000000, __MIME_HTML 0.000000, __MIME_TEXT_H 0.000000, __MIME_TEXT_H1 0.000000, __MIME_TEXT_H2 0.000000, __MIME_TEXT_P 0.000000, __MIME_TEXT_P1 0.000000, __MIME_TEXT_P2 0.000000, __MIME_VERSION 0.000000, __MTHREAT_0 0.000000, __MTL_0 0.000000, __PART_TYPE_HTML 0.000000, __PHISH_SPEAR_SUBJ_PREDICATE 0.000000, __PHISH_SUBJ_PHRASE9 0.000000, __RCVD_FROM_SUSP_HOSTNAME 0.000000, __RCVD_GOOGLE_GMAILAPI 0.000000, __RCVD_PASS 0.000000, __RDNS_WEBMAIL 0.000000, __SANE_MSGID 0.000000, __SCAN_DETAILS 0.000000, __SCAN_DETAILS_SANE 0.000000, __SCAN_DETAILS_TL_0 0.000000, __SUBJ_ALPHA_END 0.000000, __SUBJ_SHORT 0.000000, __SUBJ_TRANSACTIONAL 0.000000, __SUBJ_TR_GEN 0.000000, __TAG_EXISTS_HTML 0.000000, __TO_MALFORMED_2 0.000000, __TO_NO_NAME 0.000000, __URI_NO_MAILTO 0.000000, __URI_NO_WWW 0.000000, __X_FF_ASR_SCL_NSP 0.000000, __X_FF_ASR_SFV_NSPM 0.000000, __X_GM_MESSAGE_STATE 0.000000, __X_GOOGLE_DKIM_SIGNATURE 0.000000, __X_GOOGLE_SMTP_SOURCE 0.000000, __YOUTUBE_RCVD 0.000000 |
X-LASED-Impersonation | False |
X-LASED-Spam | NonSpam |
X-Sophos-MH-Mail-Info-Key | NFZrenhzMUQ4TXpsVmhiLTE3Mi4xNy4wLjE5Mw== |
Return-Path | haroldrobinson895@gmail.com |
X-MS-Exchange-Organization-ExpirationStartTime | 22 May 2024 18:16:02.0524 (UTC) |
X-MS-Exchange-Organization-ExpirationStartTimeReason | OriginalSubmit |
X-MS-Exchange-Organization-ExpirationInterval | 1:00:00:00.0000000 |
X-MS-Exchange-Organization-ExpirationIntervalReason | OriginalSubmit |
X-MS-Exchange-Organization-Network-Message-Id | da557a02-c7e7-4217-1bef-08dc7a8b3ce6 |
X-MS-Exchange-Organization-MessageDirectionality | Incoming |
X-MS-Exchange-SkipListedInternetSender | ip=[40.93.19.2];domain=YQZPR01CU011.outbound.protection.outlook.com |
X-MS-Exchange-ExternalOriginalInternetSender | ip=[40.93.19.2];domain=YQZPR01CU011.outbound.protection.outlook.com |
X-MS-Exchange-Transport-CrossTenantHeadersStripped | YT2PEPF000001CA.CANPRD01.PROD.OUTLOOK.COM |
X-MS-PublicTrafficType | |
X-MS-Exchange-Organization-AuthSource | YT2PEPF000001CA.CANPRD01.PROD.OUTLOOK.COM |
X-MS-Exchange-Organization-AuthAs | Anonymous |
X-MS-Office365-Filtering-Correlation-Id-Prvs | f0bd501f-157b-4882-6221-08dc7a8b2722 |
X-MS-Exchange-Organization-SCL | -1 |
X-Microsoft-Antispam | BCL:0;ARA:13230031|5073199003|35042699013|4073199003|2040899004|7093399003|82310400017; |
X-Forefront-Antispam-Report | CIP:198.154.181.199;CTRY:CA;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:SKN;H:YQZPR01CU011.outbound.protection.outlook.com;PTR:mail-canadaeastazlp17010002.outbound.protection.outlook.com;CAT:NONE;SFS:(13230031)(5073199003)(35042699013)(4073199003)(2040899004)(7093399003)(82310400017);DIR:INB; |
X-MS-Exchange-CrossTenant-OriginalArrivalTime | 22 May 2024 18:16:01.8024 (UTC) |
X-MS-Exchange-CrossTenant-Network-Message-Id | da557a02-c7e7-4217-1bef-08dc7a8b3ce6 |
X-MS-Exchange-CrossTenant-Id | 42294ed2-c4ff-4332-8e2e-a2dc7ee0537a |
X-MS-Exchange-CrossTenant-AuthSource | YT2PEPF000001CA.CANPRD01.PROD.OUTLOOK.COM |
X-MS-Exchange-CrossTenant-AuthAs | Anonymous |
X-MS-Exchange-CrossTenant-FromEntityHeader | Internet |
X-MS-Exchange-Transport-EndToEndLatency | 00:00:02.5174885 |
X-MS-Exchange-Processed-By-BccFoldering | 15.20.7611.013 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003); |
X-Microsoft-Antispam-Message-Info | zvPm6vX7qWNdyKUhZtnwjM2myuAD7o/uRF4gV3PBXoBlBHASslNtyRwTefXgl9m85GinvwNSEapIBmlZ4OIFADnYjNfzbIC19B/GEB9PEMLqq47zRRbcd+Y6uuj+SFp/CNfdMQc9NgIJwp6XT1hTJdEdi/LYZ+6fgR4rsq3AMkKzCySobi2hal40MzAtxo8I7FFYZqjQCJGkuhgfNsXZx9k1n1f+V/gmSjeEx2Kbn4JWOYjxtUX94cN03AcOFqjNyymOnkbLA6+KsENxAYp3svbiOxVa02o0vnOAEHk8aHIoft/YfvCerYT7/023bo5nz4Zqt+DUg25BASZaNn82Q7i2u5+DFT2Mh5p5FvHtMdRYZCBUtBdn+0XRpRFK4NRMR4tgWvTlT8sfCT+a9rt2OIdddEKFB+OsIBND5RhhBI+lavR9dOfZxHQjCIjeXGo4itdm/tNJg0DXta/P+fr0b1wknSz4BDih8SHg7bOznL9OLBPJRhrb7XoqQUBjDTxRCmPNbm176Si8GdLADJ+425lUZHxoanpql9cw1R+WR8REjiPCFFLQCgqjuGH0UWPNs3NHzShMvt5e+1Eg+UuAi2jj5UMlbl5uXQeeHSIdBuMWUxEu3SnlGth3QjmvS7HNkSKqlRoa1Y+5N396oy0vfLXgKjniRJWMJ/oAqmJR/D3FwFkCPL8ePQNGz+LM3eomCTlcxCF7vlciTP2WIzc+OszRcXtdznszo4KdNA0i1WRBHFfhMoT9REVqKANfpaVL60Vca2UHUqE1JMQQ22Q7CDrKdZuoh01WCceEhOmXb+6dtlq8/MgFyYYw5S7IGca86kDMVuEMH2bMU5CS1jhWSuBCORAXDjAbyisApPM9gcIJQ0cIhhI1//lIPsvjjrUAkw+kqkn4oVyhDpnHFstJ4vwGbWeQJ1/aDo4L4QEp9hg8/kVQzsTiBnzjJ5yR50zwIjqryiMUlzXuI0qGBC7HQ75ApaKa9hjkmZ0ZFsixBch/p1Obrn9BSLjMZq/hkpkJOxkxeVAqT68FTjLkHQbb2L2gvCYRXUjovqyceCdeypp13xAdraB09jAohGRreYeTbM6FO3ocxzDXOYjCGA7ko+IWlMtVB+1ft4PDAavjxjDKWlr/CpwfzFDkfRYKFPu0Twa/i/HCdWrgIfWxm+EsZUwxMHfzQoGtCJan003DoylTVu4wO4roOckJb7yNxLH8XKGUg94e3HY4u87fqWjAEZFYZlJOnY2KwnO6aOAK/PW7sMRlAlTm0nYAwRQLFxHdgxJcnzi+5w1NtKOIocY8zYPYPLgSwHTJz/vYnNEpTg356YqbbTWXek/3Cv2fo0MpXwKAROdiNQZN/HegsZkhjc/bu0NaEr/GFx7ZYe21822G+ONL9afu2AUiqhB+oBR3epk3aW0GRlucr+I7dwEnq1oep5KC0mDYHemat5isi8TRZTwjG/cUNqlAT5t3rfXAJrq4Uk8wkvNRVZiD8FbcWvRXakdscj+X9Z4Fr5ISrV56Nf1mnvMaj1uryTa/91QpPrEHQdVtNvOkGpIFzaijUHLVg4UB8cT6a2huEQ5qMd37n82ck067b1iRO1G3Zj2afRvLMd3gx37s1fVpmVG2Ig97r+1qnKZ6iAp4qnAl4lKaX8nDqvQ/itEUbWly8CBslV3ywg37V4N2wNqJHxxOsJc8OLlhOIDrJwDna5E2T6BrnrgHjnNWKFbvjcnZd95sgtJh3N/XsUNxWQfKsPINJWA1eMpDLFVb1s56iEjV2s2bWGcPvTgjAF9D+XNxbLS5OWZWRSEgG+Utxjc1SNB10fMPFktam2yKMbDVPYYubDYcGMY1LTVBbVXJdceKppXC6cLIIwosaurIRXlHZq3v4dg6xDxXVwVUUtCsXTyk+fK8cG9gqdXviLrwQTKXRpzqnJdHhGc6VWlkhveq9r9PkYMU8A8GC0JJquNs/3wqgYrul8WCrSJ8In8mU0g7Ok7AiCBAvaKWtSn19AvGiWqUuAMn2BUNhU3cDcA4rJLPzePVg05EdEcyCwZTqdSmB6P+SbxjQHfR8CXy8LYpLaYA/mwlIX13UIVNKEC+2gx0hmKDr1DJ6gpnsgJBnw26RpBFhSIzJUF5r+g2tEQE7xDH3kuuu9sxf3KPlg7w2OB/YoQh5RI4dZE4nVsqKGIcq/u+AP0+ygIqqXHoVYV3oKsAAZDCYcAY9Av1w7xhp+NCxVksHobKm82pUJXmxXZssgMbjXJcMffkto/efnC2c4Z1Mp5mlaaY94zWC2BfSMy//nnDS24kRAAdtUdA/EghndvFQVt1EHk1sqdh5kpcHAvDs4VbJMs2zB83taMCA8PKq600WW2iLJ8ue+akPGC6vubqiORRUymspbpNjnxu4l/Qij9FoFzbCNu6yEYZTveUMDbqb/RiYTKYFnaxZNlhPbBI6kJqEJOBkSIow6EzfqBytMzzP0tNQJRZJ2UyyjQpmRchsRZIgrXfa6YqPKbj5u0+l7KIiRkUeFVOjxzWZXJ/B16WiemJv+5p96e3TlJhPb53xAf8h2MxtzLW7LpRzcWH94EHpx0qKvhVSOQnYf1pT1hFKAxt5S0XMSVE9gx9aUjuQ/yVKNw4khR1sQT9VBDF6AHzOFpNKHa+KJL+q7xzRwy0GbGKq7cAuppZ4bBlHSA1icMtoJkhpv981Xl0awYLPdnGFJeMKyH3P22JYG18I5HyWeocPRxjBYEJRx/4ldWq0Wu7nZ29BBMj5ihNC4Fr |
MIME-Version | 1.0 |
Icon Hash: | 46070c0a8e0c67d6 |