Windows
Analysis Report
phish_alert_sp2_2.0.0.0 (2).eml
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
OUTLOOK.EXE (PID: 4952 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\phis h_alert_sp 2_2.0.0.0 (2).eml" MD5: 91A5292942864110ED734005B7E005C0) ai.exe (PID: 6168 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "B63 68F76-5F9F -4A82-B3B9 -9A7ECBD96 31B" "1707 F1A5-1340- 4E62-A093- A45875D135 C6" "4952" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
rundll32.exe (PID: 4968 cmdline:
C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Window created: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | File read: |
Source: | Key opened: |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | 1 Clipboard Data | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Rundll32 | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 13 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.113.194.132 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.109.28.47 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.168.117.170 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
2.19.11.103 | unknown | European Union | 719 | ELISA-ASHelsinkiFinlandEU | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1467214 |
Start date and time: | 2024-07-03 21:16:43 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | phish_alert_sp2_2.0.0.0 (2).eml |
Detection: | CLEAN |
Classification: | clean2.winEML@4/21@0/43 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.28.47, 2.19.11.103, 2.19.11.102, 52.168.117.170
- Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, eur.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, uks-azsc-000.roaming.officeapps.live.com, login.live.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, mobile.events.data.trafficmanager.net, onedscolprdeus13.eastus.cloudapp.azure.com, a1864.dscd.akamai.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: phish_alert_sp2_2.0.0.0 (2).eml
Input | Output |
---|---|
URL: e-Mail Model: gpt-4o | ```json{ "riskscore": 3, "brand_impersonated": "Drivetrain AI", "reasons": "The email appears to be from Drivetrain AI, a company that may be legitimate. The email content is professional and relevant to the subject matter, which is SaaS sales forecasting. The email includes specific details about the webinar, such as the date, time, and speakers, which adds to its legitimacy. However, there are a few points to consider: 1. The email header and sender information are not visible in the image, making it difficult to verify the sender's authenticity. 2. The 'Register Here' button could potentially lead to a phishing site, but without inspecting the actual URL, this cannot be confirmed. 3. The email does not exhibit typical phishing characteristics such as urgent language, threats, or promises of rewards. Overall, while the email seems legitimate, it is always advisable to verify the sender's email address and inspect the URL before clicking any links."} |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.394542292824811 |
Encrypted: | false |
SSDEEP: | |
MD5: | 467690CDA00779D23C43FF23A0BE19B6 |
SHA1: | 098AB70D7FED8837C80A25D30616C8E19A04AAE7 |
SHA-256: | 78D7FD9B6D892386D85F5C460FA37314626FC39ABCF18B5DD0C5F4C096E3C990 |
SHA-512: | 45CE2D53226DC5E325F6AD871919B245C16F68E53D19B1046C1B9E6D147EADFF46DC895EF6F7C4B34F392AC079DCC29C052A853F0F2F2E970F05B5A2BC3EF458 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 322260 |
Entropy (8bit): | 4.000299760592446 |
Encrypted: | false |
SSDEEP: | |
MD5: | CC90D669144261B198DEAD45AA266572 |
SHA1: | EF164048A8BC8BD3A015CF63E78BDAC720071305 |
SHA-256: | 89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899 |
SHA-512: | 16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10 |
Entropy (8bit): | 2.5219280948873624 |
Encrypted: | false |
SSDEEP: | |
MD5: | C83BF8B3DD3EF0FCBA182DE3AC5CD10B |
SHA1: | 20B7208118E0A355DC6E35A03CC2D01BA7086AB7 |
SHA-256: | C75B19BEBBA2CF3DAC9FD6B6ECD5C3DB44477EF4D19E2BCA693B6AEDF1BE481E |
SHA-512: | 6DB4A0B38A139F05D54421DABDE9620293001D408CCAA7DF885CBB16082D9CE3BAC2B84E7797F0FCCAEA02139BEA13E5F4E9215158E6EF140591D57B7C5CE670 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.CampaignStates.json
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1056 |
Entropy (8bit): | 5.196821062907413 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F0A0214B683E7ACDAFBF16B895F0273 |
SHA1: | A09664E62633B8A0F1218DD5FF87E5CA0844DE04 |
SHA-256: | 1CFDC7FA13F63D44E284090C33B493D863596A3C0594AFFAE3272A593D00C07C |
SHA-512: | D5298E0F4CEAF16C53A496E44878CB9EB32BFE661481BE73DCAFFA812DF7B39266973CF770172628A69BA434AE8996DAE203B5E843A02B90C8D00E31F9821962 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.GovernedChannelStates.json
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 740 |
Entropy (8bit): | 4.578658879460996 |
Encrypted: | false |
SSDEEP: | |
MD5: | 439A34DE8DA5C04AF25AADB84A2120D4 |
SHA1: | F12F9FF6E03A5762BD03061557029446680B1DAE |
SHA-256: | 32B560C75C25C6F56C0439F67A3FA7D4F271F07B435EE41575A3D82C6C612880 |
SHA-512: | BE704CD0DF8041945D16B8103135650B33D5E97D6F7C202E9C9499C3AE57E33855C2CC3A8F73B578DB482F47026C756F1FAA411A2CC58B5E53CE23CD24229834 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 87 |
Entropy (8bit): | 4.576828956814449 |
Encrypted: | false |
SSDEEP: | |
MD5: | E4E83F8123E9740B8AA3C3DFA77C1C04 |
SHA1: | 5281EAE96EFDE7B0E16A1D977F005F0D3BD7AAD0 |
SHA-256: | 6034F27B0823B2A6A76FE296E851939FD05324D0AF9D55F249C79AF118B0EB31 |
SHA-512: | BD6B33FD2BBCE4A46991BC0D877695D16F7E60B1959A0DEFC79B627E569E5C6CAC7B4AD4E3E1D8389A08584602A51CF84D44CF247F03BEB95F7D307FBBA12BB9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.SurveyHistoryStats.json
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 14 |
Entropy (8bit): | 3.378783493486176 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6CA4960355E4951C72AA5F6364E459D5 |
SHA1: | 2FD90B4EC32804DFF7A41B6E63C8B0A40B592113 |
SHA-256: | 88301F0B7E96132A2699A8BCE47D120855C7F0A37054540019E3204D6BCBABA3 |
SHA-512: | 8544CD778717788B7484FAF2001F463320A357DB63CB72715C1395EF19D32EEC4278BAB07F15DE3F4FED6AF7E4F96C41908A0C45BE94D5CDD8121877ECCF310D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 0.09304735440217722 |
Encrypted: | false |
SSDEEP: | |
MD5: | D0DE7DB24F7B0C0FE636B34E253F1562 |
SHA1: | 6EF2957FDEDDC3EB84974F136C22E39553287B80 |
SHA-256: | B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED |
SHA-512: | 42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4616 |
Entropy (8bit): | 0.1384465837476566 |
Encrypted: | false |
SSDEEP: | |
MD5: | FB88B172B401CD2C85A46467B84CC9D4 |
SHA1: | DDCE5DB7653CB498BD5492EBC3AF40F560A43107 |
SHA-256: | 8910FD41D419D2F1D6617E1591574A22EC85DB31430D05643156AFF4160B7AE4 |
SHA-512: | FC060B1F7FEC2989D445A23984DC31AE132021223E38BE19564EFD0500B8FF621A298C2855032350F7609968B5367BA852E9340A1856135F019F59F30B80815F |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.04449219512670338 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4544BF13E30AE212168A57A3E02592B4 |
SHA1: | 2BD6CE8D9AA0FB567DD76B1260E5422C30633375 |
SHA-256: | 2207166CA7F9592702BC766E248F9016CFEAE73C5312FD371F4D74B178021DD8 |
SHA-512: | EBB5201C7B1CEB1ECC04C4E77619A9928E05DB0347D4FAC661097C5E1FBB069DF057D6FC267A5DDE1933A881705411CE70A8A715D53B4157735A60E6432CC56D |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 45352 |
Entropy (8bit): | 0.3941869741205101 |
Encrypted: | false |
SSDEEP: | |
MD5: | 148906B90511F42A5FA0801AA06D483A |
SHA1: | 288861966FA21F73142F5B25002F6D171DA0319C |
SHA-256: | D05C67DFE207E72061428AE6BC7D471BB0857F0076B26522F4F3D60995F4EA71 |
SHA-512: | D5C3C0E1429316075972DEBC5404800CFB8550E89AFA6731D8243D7A39C8CE1588C9256220C68ED2AA102A19761978F5E2B54F053EA7A3B5036981A371C753E4 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9711A31A-A62E-455E-B76C-146E6D30F838}.tmp
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 6852 |
Entropy (8bit): | 4.02250671798637 |
Encrypted: | false |
SSDEEP: | |
MD5: | 87636662EF522C16BA8730ED441A6F21 |
SHA1: | 85C061D10EEADBB0FD49E55EDB2D75369D505A84 |
SHA-256: | 10713FCE804FF4367275FF14B3427575FB631A565ED38CB49EA71CE1FA8980DD |
SHA-512: | 9B4026EDEE39716B82D2C7EF4F8D34B282F4E2CD9C6A684A59FF29BA0046AEE6B7D6E76D7596FCA4C186CA9ACAE70B1E59DA8C52349018025A543DDBB4E0E9C3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720034234486646800_9830F9DC-436C-439B-995B-9C92F59F41E8.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.1597860121852654 |
Encrypted: | false |
SSDEEP: | |
MD5: | 834CA242F09C62C604E2B17548395CD1 |
SHA1: | BA8EEFCAFAFB5B956E104C4661DC6609720A5AEC |
SHA-256: | E0730C0A2460296DE18229C2D6C5F0B4DE03E003D231F8F182BD06A40240C221 |
SHA-512: | 2A00C5851CFBA204EBF0B20A3A9D073B55EFF9E4217A6D66A5310FD6F442CE46C53FF2749BEC948610FBC7230D8551D5B5BE14BE003346A9AA080A5904853508 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720034234487405800_9830F9DC-436C-439B-995B-9C92F59F41E8.log
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 20971520 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8F4E33F3DC3E414FF94E5FB6905CBA8C |
SHA1: | 9674344C90C2F0646F0B78026E127C9B86E3AD77 |
SHA-256: | CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC |
SHA-512: | 7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1517140269-4952.etl
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 106496 |
Entropy (8bit): | 4.467561691909516 |
Encrypted: | false |
SSDEEP: | |
MD5: | 763F6CE6F972AD6B51D8347957B7FCF0 |
SHA1: | C97464C5E0C22A20B47107C090B78B554E3E15C6 |
SHA-256: | 0F5534A3EE2E8C8C2B3F2E872B9F2921D557EEB597BAD9EB20452E756AC17C8B |
SHA-512: | 100B0950F6AB21E5E936A01FA161310D659039EBFFBB6B70EDD9559B69752AA2D11BCF10488F512B7BC2BF52EAAC6D104F19A79E5EB28E007E7839A26157885B |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6BBDC1AD49B861B822D0E4392026D8EC |
SHA1: | A77FB24F962496F248D8C59C34A12B9EA129074D |
SHA-256: | 10EC4AC38E26D0F0D1F16791134A82C1D3983FCCD572332EE4B306557F1AED8F |
SHA-512: | 2CB93E86D2991B495C36A1ED1F403F83976B7441CEF017161D4C2E3089E7C70F7AEE52579B3C84D50570FD5268810F0676F866019297449E689DCFE215F73E68 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2560 |
Entropy (8bit): | 2.0190794275176347 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7248BD613052F079F3B510A2F84BBE7F |
SHA1: | EAC37B613ED68DF3DBA7E26476AF9BD427C1561C |
SHA-256: | C9D4DB561EB620011A47CBDE5EEAF8ADB77753720122135D41F63FA634025813 |
SHA-512: | D862411C6928ABC8649AD6631C261681970BE047742CBCDD37AA2879DF3EB7AF9E3B0EA28BED44AA597F445405CCA2164A2A3E50ED4581D7BA438B55376BBE1F |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | 99D9664E913CCC4904183C9C38E87CC0 |
SHA1: | 76D7E9008CD6C39C444CDA06744D2A8D9B668DBF |
SHA-256: | 466138E4ABB5F2718EBCC24C0881CFC8A17760FD7ABED3445ACAC653A2A7FB67 |
SHA-512: | B97F5FB2361414D5D77EF5E2737E9478CD70A530DF0ADC129327E56E17D6F105D15A310926477E34D7C12392E9F41890673A27F13D40954E2F22AD639AEC4F8C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 162 |
Entropy (8bit): | 3.8839394532140794 |
Encrypted: | false |
SSDEEP: | |
MD5: | 5826A5FB41DDF75A785970399F277BE1 |
SHA1: | 5BB697ECF30563D710EC5F06D4691884AA500273 |
SHA-256: | 322F993BC01B892048A5EC928A93B01D4BB3F78EC3144C0B37C6EFA8892D554F |
SHA-512: | 53CADB1013F5C9A24D69E87A10E97339B342688D96D1706F24614E957CA573B12998895073DCD36773328F018DC80FE3830ADE42471AAB63C6BE1A426DC72D77 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 19618 |
Entropy (8bit): | 7.477342360341178 |
Encrypted: | false |
SSDEEP: | |
MD5: | 99D9664E913CCC4904183C9C38E87CC0 |
SHA1: | 76D7E9008CD6C39C444CDA06744D2A8D9B668DBF |
SHA-256: | 466138E4ABB5F2718EBCC24C0881CFC8A17760FD7ABED3445ACAC653A2A7FB67 |
SHA-512: | B97F5FB2361414D5D77EF5E2737E9478CD70A530DF0ADC129327E56E17D6F105D15A310926477E34D7C12392E9F41890673A27F13D40954E2F22AD639AEC4F8C |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 3.1780727491105574 |
Encrypted: | false |
SSDEEP: | |
MD5: | 97341169A0DEF9106114A92A09F1FD3B |
SHA1: | C4EFA809E986C0D1792532F60F1E44419F26E7AC |
SHA-256: | 15499292CA841443DB739BE9D3A2520A6C3CF3BC838720382795B0A6CAEC23D0 |
SHA-512: | 0DDFE75C0887AF9373EFC81ED697EC4B36EEB2A5C5AFFEF2182B0ACD111D7D83EB167310F35C1AD0CC126257569E9BF0D0DF33D30170A2220A65DF4D67E5FCC1 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 3.979192546162115 |
Encrypted: | false |
SSDEEP: | |
MD5: | 66B906EC07ECBDB02985A26621A9297A |
SHA1: | FFD14BDAB07184CD2098BFCADE341219F526D7D0 |
SHA-256: | DBF12B2294F11CFB0507F4F7724D99DB9ED51572537893A0B9DDFDD85CAFDAAC |
SHA-512: | 485AF228EBF39EF7A794366BCE0E1CB8ECDB128D6ADA5B14D400D2662EB904068046860B17E41A8D5A657B873CCB1D1E581E21A9602500EF71A6ADFD083423D8 |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 5.805436126540281 |
TrID: |
|
File name: | phish_alert_sp2_2.0.0.0 (2).eml |
File size: | 34'417 bytes |
MD5: | 7311a23028d2c907bc9df25eff49a1f2 |
SHA1: | c7a5e31bfc25e14c643b24e6e572f945a97bbee5 |
SHA256: | fd3e5d15c35a225f4f41727f8420dbc9c19a579f4a1c651441f948f8e026eab1 |
SHA512: | 020a9d18f7e786228ef34a06fc04b58529a1458cce04b2113e8ea2e5f0d8b144cc91cd976523a87c19ef66ab7abb1a6aebbf1585681707bf7d9d2e806a471088 |
SSDEEP: | 384:tybGNK5T+PYMwjy1AlFIEWodi5GU1NvoR2wl63eU1vykCRaVxoRgUpysqoR2w1RT:AbJ5lMKYc+z3oNglt+ |
TLSH: | 07F21BB4E60160DF00769369B8137A5D63744B0DC35309FCB8BFE678AFC8D512A557A8 |
File Content Preview: | Received: from DS1PR07MB10754.namprd07.prod.outlook.com.. (2603:10b6:8:207::13) by CH0PR07MB8779.namprd07.prod.outlook.com with.. HTTPS; Wed, 3 Jul 2024 17:29:19 +0000..Received: from AS9PR06CA0720.eurprd06.prod.outlook.com.. (2603:10a6:20b:49f::31) by DS |
Subject: | [Upcoming Webinar] Discover Top SaaS Sales Forecasting Techniques |
From: | Ben Carey <ben_carey@drivetrainai.com> |
To: | Bryan Steffen <bryan.steffen@vontas.com> |
Cc: | |
BCC: | |
Date: | Wed, 03 Jul 2024 17:28:09 +0000 |
Communications: |
|
Attachments: |
Key | Value |
---|---|
Received | from 9633491b-6dc1-4cc2-9248-8f63527aa2f0.local (ec2-34-201-12-203.compute-1.amazonaws.com. [34.201.12.203]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-446513dba45sm52280891cf.6.2024.07.03.10.28.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Jul 2024 10:28:09 -0700 (PDT) |
Authentication-Results | spf=softfail (sender IP is 67.231.151.23) smtp.mailfrom=drivetrainai.com; dkim=fail (body hash did not verify) header.d=drivetrainai.com;dmarc=fail action=none header.from=drivetrainai.com;compauth=none reason=405 |
Received-Spf | SoftFail (protection.outlook.com: domain of transitioning drivetrainai.com discourages use of 67.231.151.23 as permitted sender) |
Authentication-Results-Original | ppops.net; spf=pass smtp.mailfrom=ben_carey@drivetrainai.com; dkim=pass header.d=drivetrainai.com header.s=google; dmarc=pass header.from=drivetrainai.com |
Dkim-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=drivetrainai.com; s=google; t=1720027690; x=1720632490; darn=vontas.com; h=mime-version:date:subject:to:from:message-id:from:to:cc:subject :date:message-id:reply-to; bh=tFNh0A2Y0rC+1XBWNy5PHPicgBTANF0lb1Pwre2fGyc=; b=cqoBYgLYB6oCrtKGqTQ66RzcXohQOPbvY5PI4JY71kp3zEAaCGtrzMNFWCDOt5659i 4RDXzG/J47PTaR9NCQKlM87oPsVSJh14+BBeh/lMyG+f5en19W2KVtx3LboC8NUhPsyU H9fzLsGUZDwx1ym6F6wrUfsPXAGRFs44TE9EbCYp0ZcUvUbaXKYMiG0kxfU2wVnQ0m9t cPZp6j7C2StspkWPc5kYdA28HyJZJQ5Mg/AgiJiL5SWGO8LP/l5ZhliNqK1Unt97vZnH Knv7M8ss6F78+r5i3NVzP58C6P3xTh9ga6eZAZW7jG8Y5CZKLHPgd8bsXT22+Lwb6gtX IX/g== |
X-Google-Dkim-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720027690; x=1720632490; h=mime-version:date:subject:to:from:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=tFNh0A2Y0rC+1XBWNy5PHPicgBTANF0lb1Pwre2fGyc=; b=Z9lF3ZBSB7/Eqgc2ZxJq6BVfgwRF630tLkE0YrBeo92kOQMrytd8AJzfNWI4sRN6DK m/B7954QXF97jUOPVZzDrVww/26HCZV3bATa3hRZVit2WUitDjCqmmAOgh8Ca5TX2aW0 XoCH3r3erbNFEpYs539e/wDC0dP//jl2fnYFMhpLrygbYNfxUl5SyLxYeHMxmbYNFx3H uTjTr63ENusY/xIDtKMiMIpSa/AH1kJu/WhOUxErwku7m8KtrV3tc5AYmmC3aDlkik6B fYTaKDckRTGcpfvHhhcz15MSg8xQ3c3yvrezOBGaYyXmvSCbY1qud17hsH0wK1D2ngIA Z2Ow== |
X-Gm-Message-State | AOJu0YyRHFmQaFSXraDzS5hv5X3kTWOvrWza+kAxddHS1qxLxmddMiU+ awjjly+Chrb72sLJ6d9k+yfovzNyNvkzb0q3nWtGwxZ/HjyME6KZ5dMVfQbB+2mij38jHhJj8/4 Q |
X-Google-Smtp-Source | AGHT+IES/RXVpHgoNGOSkECOlk2LQVOTzr7vKYfiOB4JgpGZQWtypQFrHjJR3J4NI36P3YTDVi+XLA== |
X-Received | by 2002:a05:690c:24f:b0:647:e079:da73 with SMTP id 00721157ae682-64c7114570bmr106805027b3.10.1720027690152; Wed, 03 Jul 2024 10:28:10 -0700 (PDT) |
Content-Type | multipart/mixed; boundary="----sinikael-?=_1-17200279610150.02267373537716133" |
Message-Id | <9633491b-6dc1-4cc2-9248-8f63527aa2f0@drivetrainai.com> |
From | Ben Carey <ben_carey@drivetrainai.com> |
To | Bryan Steffen <bryan.steffen@vontas.com> |
Subject | [Upcoming Webinar] Discover Top SaaS Sales Forecasting Techniques |
Date | Wed, 03 Jul 2024 17:28:09 +0000 |
X-Clx-Response | 1TFkXBx0bEQpZRBdgYhJyRV5nRGVMbxEKWFgXYE0beENaS05EXE0RCnhOF29 nXlpIBV0eaWtmEQp5TBdsTUFeaUgZW04eZREKQ0gXBxgSHREKQ1kXBxgdHxEKQ0kXGgQaGhoRCl lNF2dmchEKWUkXGnEaEBp3BgcfHnEbEBx3BgcbHQYaEQpZXhdsbHkRCklGF1xFRktYQ1l1QkVZX k9OEQpJRxd4T00RCkNOF395XHNfG1xfRm9rQRNIQn5NWHp8ck1AEh0cUx9aW2VmEQpYXBcfBBoE GRwcBRsaBBsbGgQbGR4EGR4QGx4aHxoRCl5ZF05fUx1tEQpNXBcdEhEKTFoXaUZ+TW9pEQpMRhd va2tra2sRCkJPF2hFewF8T09/SR1HEQpDWhcYGhMEEh8EGxgSBBsdGBEKQl4XGxEKQlwXGxEKXk 4XGxEKQksXb2deWkgFXR5pa2YRCkJJF29nXlpIBV0eaWtmEQpCRRdkbkhrRX9GGk9OGREKQk4Xb 2deWkgFXR5pa2YRCkJMF2BNG3hDWktORFxNEQpCbBdiQ1BkE2J7bXBgQhEKQkAXYRkTR0lgXE9o QRwRCkJYF2leSUFHRhp/BVtiEQpaWBcfEQp5Qxdsf1kdQXBjGXMdGBEKWUsXGxgTHBEKcGgXelx se31rWn1df0IQHB0RCnBoF2NnTxJ9U3wFRlhtEBoRCnBoF2VAckhlREtHX3xSEB4aEQpwaBdvRk BBAUUFEnt9bBAaEQpwaBdgaF1ZR31ZeBhTSRAaEQpwaBdvUBtrHEtYS3xsWRAaEQpwaBdnTExrQ 39fQUVuTRAaEQpwaBdkfGxFTX95fVNAQxAaEQpwfRd6YUhyBVkTen1/aRAaEQpwfRd6UmhBUnsf UgUYHBAaEQpwfRdoeRMBZXxZbB9NSxAaEQpwfRdsU25zGklpe21SUBAaEQpwfxdoXXhQQR94QxN LGxAHGRoRCnBfF2weS05YWHJrWVh9EBoRCnBfF2NeGGRBU2x6WUVTEBoRCnB/F25mfBttSEZhc3 NQEBwTEQpwXxd6fUFTX3gcHx4SHBAaEQpwbBdoT2lufhgBR2JkaRAHEwQdEQpwQxdnWWdTeWBaT 1BkXhAHHhkRCm1+FxoRClhNF0sRIA== |
X-Clx-Shades | MLX |
X-Proofpoint-Guid | USvYu1vulEAk9bhTgrPVXgj876y5pqOL |
X-Proofpoint-Orig-Guid | USvYu1vulEAk9bhTgrPVXgj876y5pqOL |
MIME-Version | 1.0 |
X-Proofpointheader | Yes |
X-Proofpoint-Virus-Version | vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-07-03_12,2024-07-03_01,2024-05-17_01 |
X-Proofpoint-Spam-Details | rule=inbound_notspam policy=inbound score=0 lowpriorityscore=0 mlxscore=0 suspectscore=0 phishscore=0 mlxlogscore=758 adultscore=0 bulkscore=0 spamscore=0 malwarescore=0 impostorscore=0 clxscore=-71 unknownsenderscore=20 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.21.0-2406140001 definitions=main-2407030130 domainage_hfrom=1296 |
Return-Path | ben_carey@drivetrainai.com |
X-Ms-Exchange-Organization-Expirationstarttime | 03 Jul 2024 17:28:13.5383 (UTC) |
X-Ms-Exchange-Organization-Expirationstarttimereason | OriginalSubmit |
X-Ms-Exchange-Organization-Expirationinterval | 1:00:00:00.0000000 |
X-Ms-Exchange-Organization-Expirationintervalreason | OriginalSubmit |
X-Ms-Exchange-Organization-Network-Message-Id | cc96ce49-354d-4259-1aa6-08dc9b85847b |
X-Eopattributedmessage | 0 |
X-Eoptenantattributedmessage | 75c696ec-5bfb-4892-9a0c-9187a9061cd6:0 |
X-Ms-Exchange-Organization-Messagedirectionality | Incoming |
X-Ms-Publictraffictype | |
X-Ms-Traffictypediagnostic | AMS0EPF00000196:EE_|PRAP191MB2044:EE_|DS1PR07MB10754:EE_|CH0PR07MB8779:EE_ |
X-Ms-Office365-Filtering-Correlation-Id | cc96ce49-354d-4259-1aa6-08dc9b85847b |
X-Ms-Exchange-Atpmessageproperties | SA|SL |
X-Ms-Exchange-Organization-Scl | -1 |
X-Microsoft-Antispam | BCL:0;ARA:13230040|69100299015|5073199012|43022699015|82310400026|43540500003; |
X-Forefront-Antispam-Report | CIP:67.231.151.23;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:mx0d-001a4c01.pphosted.com;PTR:mx0d-001a4c01.pphosted.com;CAT:NONE;SFS:(13230040)(69100299015)(5073199012)(43022699015)(82310400026)(43540500003);DIR:INB; |
X-Ms-Exchange-Crosstenant-Originalarrivaltime | 03 Jul 2024 17:28:13.0539 (UTC) |
X-Ms-Exchange-Crosstenant-Network-Message-Id | cc96ce49-354d-4259-1aa6-08dc9b85847b |
X-Ms-Exchange-Crosstenant-Id | 75c696ec-5bfb-4892-9a0c-9187a9061cd6 |
X-Ms-Exchange-Crosstenant-Authsource | AMS0EPF00000196.eurprd05.prod.outlook.com |
X-Ms-Exchange-Crosstenant-Authas | Anonymous |
X-Ms-Exchange-Crosstenant-Fromentityheader | Internet |
X-Ms-Exchange-Transport-Crosstenantheadersstamped | PRAP191MB2044 |
X-Ms-Exchange-Organization-Authsource | AMS0EPF00000196.eurprd05.prod.outlook.com |
X-Ms-Exchange-Organization-Authas | Anonymous |
X-Ms-Exchange-Transport-Endtoendlatency | 00:01:06.2334676 |
X-Ms-Exchange-Processed-By-Bccfoldering | 15.20.7719.007 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003); |
X-Microsoft-Antispam-Message-Info | +Ry3EDZ0a7ahR68eb+F/Pqm4/eyEiO2b/OuB4ZBeLGxLTx8nRmo9tFUebyMH68JGOhTVEvufUsZx5xBL/2IdpzOsG3kvX6nIrTnoYDn5aAeXHggpcuTYsuLpBUS3+PSAlLx03SjF7v3C2BLHd/D3M4JNZ3hU0/NDCQK903cDUU1FHRTUtyF2l+07nv+/iDwVyD04Xz87txWqVWA6e0dyi7Rj1z7bAKUvjrSwuYsLyG1CX+wlXLwFog5++VzEHSlYt/K2pAp1RgOpFk+7fik+VihPAe/jCacVil7FANlaN3+pekx/hT8bfnpmIAuLXxlTVko+7L7FNmmrjLWkYeiTAj0K/RqjMtjCNKXXUNQioSgqlRnGHR9z/iJkMKgVK3ejc+XJwNXlZhKOaI1thCiiUsmfiXg1eIUBgQN4j6xClXaqDLQlKAYSaac70LiSwSioiSXYHDq0o0YBsaBtTE3RWt/RwvEPthfKnxOF5LKYT9NB71eftvcRKf6H8YvzpzQSt8mUrH3lvFs7BysyQya2yHnFgheaCsj20xeyXno3yYBhiTCAe23XYm3KUhGijQyE8OdoyGdq6riTL4DzWuYKh+flobythd51Nvz3o/2GI5MB6k8NJNoN28zfYvxDptJBQA0lO4LMSGe5Sc34d7XNzitPcUk8lqisNkEaugSrMC8bntNaoQiJGOeIMXWanvM9qUCFQ5XT05g4zBYAwfFn0geOejJ+84RK5g6fPggAjK+abDtVjvfrJeVezeUzn6lMkN42WRhFY6RoFNsxNnCmhrwZPNXsJ2x+LpJSeIGDX5EO8Z9++KwdWOJcfTDPTIPdB7akLLG9PwAjxIIZ1jSdqNEcTx5lBld6KhUd0NiOcLbKFo1sCZGQ0nM6aXF5hny44DVrozrhxhTXFrhyEib5ZZ/pHUQn09DAFOZNzQvxdsQoaWWCch93WLgoxqjDx7pnNiVz3VbJ0Yn2mp8srQBax5fuvIVLIyo1UM/kETQXSxYCC/ZyL/n+7h2ruZPChn0dijdoVJyXTQckpQoG4UL+F2YZxscUxJh04ALFME2BEwAgT3p/XwVWHDs98eSzTLmeAQaVgiN7dQEwaftmEbjkKvPXx+5Y2gOCUlL2N/86I+xMeAvzp8xSybsXq+97TdYZFKlp0xSf1Oc4f2KG/8uxjWc+m38qubsFLLOVy7yJDGCqk3qnnduKLgUj93wKFTVP2Olrb5Wmzm8Dbdtor6kQdodVZCQp8rIS6Z9jh68nLaeKmoQtvwHHjLvXc52qvZXJb3ve74dSO9cdX+ug8s80OTjWx2/OrMBVTPZZKxmfSHSm0YsslcooTLDCV4F3YnZLyDLJAM0Yeb1zh2ApAb/5uo8JJ8RXuUov5TamtD4OZfmZTvTptIRSmyMPlPcM9W7DnahqpdNQAsShM4UlbmKcCqIOocm04XsYoRIyM25J2wvJoB/fJ6fO3Zoqs5FMPGZrTi6CekK2zyXwLBHwhv+9WJ53FpA3r8sFQk74M2RmeIPJIaI+xwAEz96uBBU9znfJZBa9NQCUG8EhL7V9b+qGo+jAOKodRBctEZWAGyVofB+L5N21mRatc6bsWszyqsrOssoe2dl21Nt2450wP97lmJ3Htxulaw6YMlHAZlohDTtA6ZG/vi4Zt6B/5bull5R4VQL4llRVbRB2EPselj8VK22Ap/EPPOtrURrwAGVmnfWLGRLmvpDg3WqFsBbn6tlIUd5JpkshA04Jz+Jeue+ralrg2KK+DJ303pTSX/TD6V1mqwT9s0nuQZdwqK7v6uFlV7HPuJHZ8RgUTlNHBl6a0dYZi4EAYvQbgZYM7ieimXr1WqQald4oh4DEeyfsZI1k3kiE5ox0NhCPyf2sUAN5x/345e72cNLvofKZQn70Lsw4NxrV61lkzo5SUEFk8tUABgp2v2iAhkKGgNPzIuXeWTe861fT4+uNbmWA5MYw2XxTrmtLfotSTg0JksnPmrXAGe1O0oA/eqh6uORKwtYUWcwHhj81akqonY7tYAzAzqop8ZQrw8r+BKyRJk3BQV2WEbI7hnQJQ1mUgcVB1ioHIqK1cY+eZT3sx5j0/yGDZq1K5B/OW4p/DooBNScm4q6SYBo3Ev5Q7OoU7awuOnNMiXNed88xtUl/zbjWjaPbQZVuf5NgDqWEFDROWmX4CRiP1N5RfPAZdLH1kVeEVWphy7LJxgT2FsUrvFYsfkJrls7J370xyxuQSA8zn/Jn5DoTRAAtDA19Kuj6Wj4h6OzPo/RAT6cXo6pCMqVKbPl+LL0= |
Content-Transfer-Encoding | 7bit |
Icon Hash: | 46070c0a8e0c67d6 |