Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ACC NUM - D0278.eml

Overview

General Information

Sample name:	ACC NUM - D0278.eml
Analysis ID:	1589965
MD5:	b3c1416910cf6bad846d3c44cbbe9f45
SHA1:	c55f7119fa1dbd8983593e583edea3ac7cd83a83
SHA256:	9146a296f265affc221f3c21c6abe0b8821dfd862ff140d1c0b719078fe74a15
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected potential phishing Email

Email DMARC failed

Email SPF failed

Email DKIM failed

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Classification

×

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 6812 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\ACC NUM - D0278.eml" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 6768 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C2D4A323-9582-43D6-862A-7F8206FD2EEA" "FCD88064-72CF-4879-9AC8-60B454899391" "6812" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6812, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected potential phishing Email

Source: Email

Joe Sandbox AI: Detected potential phishing email: Email sent to 'Undisclosed recipients' which is a common phishing tactic. Generic and vague message about sharing a document without specific context. Contains suspicious HTML attachment with date-based naming pattern

Email DMARC failed

Source: ACC NUM - D0278.eml

Email attachement header: Authentication-Results: fail action=none header.from=btconnect.com

Email SPF failed

Source: ACC NUM - D0278.eml

Email attachement header: Authentication-Results: softfail (sender IP is 195.130.217.221) smtp.mailfrom=btconnect.com

Source: ACC NUM - D0278.eml

Email attachement header: Authentication-Results: fail (body hash did not verify) header.d=btconnect.com

Source: Email

Classification: Lure-Based Attack

Source: classification engine

Classification label: mal52.winEML@3/3@0/43

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250113T0615470257-6812.etl

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\ACC NUM - D0278.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C2D4A323-9582-43D6-862A-7F8206FD2EEA" "FCD88064-72CF-4879-9AC8-60B454899391" "6812" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C2D4A323-9582-43D6-862A-7F8206FD2EEA" "FCD88064-72CF-4879-9AC8-60B454899391" "6812" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	11 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	1 Process Injection	LSASS Memory	12 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
52.113.194.132	unknown	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.16.168.119	unknown	European Union		20940	AKAMAI-ASN1EU	false
52.109.89.19	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.208.16.89	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589965
Start date and time:	2025-01-13 12:15:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	ACC NUM - D0278.eml
Detection:	MAL
Classification:	mal52.winEML@3/3@0/43
Cookbook Comments:	Found application associated with file extension: .eml

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 52.113.194.132, 2.23.242.162
Excluded domains from analysis (whitelisted): ecs.office.com, fs.microsoft.com, s-0005.s-msedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, ecs.office.trafficmanager.net, s-0005-office.config.skype.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

LLM Input / Output

Input	Output
URL: email Model: Joe Sandbox AI	{ "explanation": [ "Email sent to 'Undisclosed recipients' which is a common phishing tactic", "Generic and vague message about sharing a document without specific context", "Contains suspicious HTML attachment with date-based naming pattern" ], "phishing": true, "confidence": 9, "generated_by_ai": false }
{ "date": "Mon, 13 Jan 2025 10:20:20 +0000", "subject": "ACC NUM - D0278", "communications": [ "STOP WARNING! This email is from an external source. Please only click links or attachments if you trust the sender. If uncertain, please report the email using the REPORT MESSAGE BUTTON or forward the email to the SPOOF mailbox.\n\nHello,\n\nI have shared a document with you, Please kindly review.\n\nThanks Tom.\n\nSent from Outlook for iOS<https://url.uk.m.mimecastprotect.com/s/yDH8COMQrtxXV5NhEfDSG7b8N?domain=aka.ms>\n\n" ], "from": "Tom Logue <tom.logue@btconnect.com>", "to": "Undisclosed recipients:;", "attachements": [ "Attachment-13.01.25.html" ] }
URL: Email Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "WARNING! This email is from an external source. Please only click links or attachments if you trust the sender. If uncertain, please report the email using the REPORT MESSAGE BUTTON or forward the email to the SPOOF mailbox.", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: Email Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: Email Model: Joe Sandbox AI	{"classification":"Lure-Based Attack"}
Email: Detected potential phishing email: Email sent to 'Undisclosed recipients' which is a common phishing tactic. Generic and vague message about sharing a document without specific context. Contains suspicious HTML attachment with date-based naming pattern	{"classification":"Lure-Based Attack"}

Created / dropped Files

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20250113T0615470257-6812.etl

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	modified
Size (bytes):	106496
Entropy (8bit):	4.497948201271651
Encrypted:	false
SSDEEP:
MD5:	E45C7940BBC6C9B787D4DBD87201877B
SHA1:	59CFFD7EB2020424144105B2DC29118941417A33
SHA-256:	C1B69B1326EBA15D8EEBD7E35B899E398F6A280B93DBC27F4A455BD8F303BF81
SHA-512:	B6BF1F26AD9452527F2FAB1CCD054F2D8C4B86A0EF14B5D64F50AF7CEB8EF297B2DB30306860D9FCF888007FDEA964F9D31B10FF46EAA8BAFD262C455AD04D28
Malicious:	false
Reputation:	unknown
Preview:	............................................................................`.............~.e..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................@.Oe.Y............~.e..........v.2._.O.U.T.L.O.O.K.:.1.a.9.c.:.2.f.b.9.4.3.4.8.5.c.7.2.4.2.8.0.8.c.2.2.5.1.6.4.f.9.f.d.8.6.0.1...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.5.0.1.1.3.T.0.6.1.5.4.7.0.2.5.7.-.6.8.1.2...e.t.l.......P.P...........~.e..........................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	Microsoft Outlook email folder (>=2003)
Category:	dropped
Size (bytes):	271360
Entropy (8bit):	4.472228378634404
Encrypted:	false
SSDEEP:
MD5:	ACEF930ADDB40CF7DA6B99A2E6416E25
SHA1:	79A88D549222DDDF0A84FDBBC6D370A10D59155C
SHA-256:	82D1939A4878AB86A46A0F887445D46ADFEFDE9B83C72913EDBE348FED64F4ED
SHA-512:	DAFE5879F0E4D989C7D11DA376C0F59254A70AB68BBCD407B386E439A94657C4C2BE838680D465DCE8B1496087108BD2F1EBB8129E6805166A807005776091C8
Malicious:	true
Reputation:	unknown
Preview:	!BDNG*@.SM......\...............D.......a................@...........@...@...................................@...........................................................................$.......D......@g..............C...............@...........................................................................................................................................................................................................................................................................................l...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	262144
Entropy (8bit):	3.8611423075815416
Encrypted:	false
SSDEEP:
MD5:	6852ED84FA89FFBB4911C1072DC039B3
SHA1:	3A1A2876DD0832A5A4000308BED2F0C2CE16043C
SHA-256:	A5687CAA81129BED1FCCE96E9D9FFBFAF9AAE1E51BCE36D6715D3A5E1CEA1164
SHA-512:	C276A48389BBE37AA5635C6727C3B8F681F0682E232A67CE20684B4A3CAFC19324F63ECB472017864CD01D42517B3B8DCE739F72264CC2874CCFC7E8ABA2E98B
Malicious:	true
Reputation:	unknown
Preview:	....C...n.............{~.e....................#.!BDNG*@.SM......\...............D.......a................@...........@...@...................................@...........................................................................$.......D......@g..............C...............@...........................................................................................................................................................................................................................................................................................l.................{~.e.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	RFC 822 mail, ASCII text, with very long lines (413), with CRLF line terminators
Entropy (8bit):	5.99600224843768
TrID:	E-Mail message (Var. 5) (54515/1) 100.00%
File name:	ACC NUM - D0278.eml
File size:	112'901 bytes
MD5:	b3c1416910cf6bad846d3c44cbbe9f45
SHA1:	c55f7119fa1dbd8983593e583edea3ac7cd83a83
SHA256:	9146a296f265affc221f3c21c6abe0b8821dfd862ff140d1c0b719078fe74a15
SHA512:	337b9c72933a815487e05270a56544e59afb09784a8020d678a2de782f0cba9ddc5177f4854205410e5822e75cace6252facc8a9b739c656cb182a2b4998fe9f
SSDEEP:	3072:1q1NufHC7n0ztXJni5oNJ0yn9yh7n6/QUbFmCJnS82r26KF2c:1qbufHC7HoNJ0yn9m7nqfV
TLSH:	E8B30A13AFD36D510B6E4E35982E3553B735268E311348EE84AEEFC2DB2CAF111456AC
File Content Preview:	Received: from CWLP265MB5497.GBRP265.PROD.OUTLOOK.COM (2603:10a6:400:15c::7).. by CWLP265MB3331.GBRP265.PROD.OUTLOOK.COM with HTTPS; Mon, 13 Jan 2025.. 10:20:30 +0000..ARC-Seal: i=3; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=fail;.. b=xu4tlfUv

Static Mail

General

Subject:	ACC NUM - D0278
From:	Tom Logue <tom.logue@btconnect.com>
To:	Undisclosed recipients:;
Cc:
BCC:
Date:	Mon, 13 Jan 2025 10:20:20 +0000
Communications:	STOP WARNING! This email is from an external source. Please only click links or attachments if you trust the sender. If uncertain, please report the email using the REPORT MESSAGE BUTTON or forward the email to the SPOOF mailbox. Hello, I have shared a document with you, Please kindly review. Thanks Tom. Sent from Outlook for iOS<https://url.uk.m.mimecastprotect.com/s/yDH8COMQrtxXV5NhEfDSG7b8N?domain=aka.ms>
Attachments:	Attachment-13.01.25.html

Headers

Key	Value
Received	from DB9PR07MB9101.eurprd07.prod.outlook.com ([fe80::3786:598b:3ed3:95e4]) by DB9PR07MB9101.eurprd07.prod.outlook.com ([fe80::3786:598b:3ed3:95e4%7]) with mapi id 15.20.8335.015; Mon, 13 Jan 2025 10:20:20 +0000
ARC-Seal	i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=p7uB2ePG4qxv7VMB3ouK2UQrp802tsxh2vbH6dX/ZuanGPHfOxdl6Y/GaU0QvKw7vxqpunIjy8ivl+o07M/lACnH9jygTptapbInsjWVK9URhWFz8r+ovXHVbjPJPiqfALWMW8QL23u0jq1depgeECpXhjx4bCBICV9K4wIBiALkTlgwD78mMqXif4O6eh0l74g6cyCIExdOMJhIxPm3cK3H/HocGFV7dyT8k1iYOlDDrrIxrM8aMm3DAo6zabnhyJTFQti8lu3EQEbSBpiKyW5TXc8HAkKrCF0PZKq+M049hNFbDoKHGf4FM09jwDs9r34O50F66TpB4vfMG7dX3w==
ARC-Message-Signature	i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8v7PdT++7jUrI2vqxjhr52cLhggxEZX7isczGMdvwuY=; b=Ykvr0QpMk3zLZpX6r/tEGQdDQmb1F4FqeBOJnQyo5Jn9aj4PGJGCh90oaXVBF5yp5dSzdqBuOE22HWlRu1dbfvGZwAXVSTp7/Qtk574FSU1FMiDjai4HctPzn05GiyYbOFzBLFzacSCJflHzK8FXfitakc6rIwk40LIRwrnUWRaYxp7IEYPCDIls566OfeNeqxFK0QNyaP+pSLNJLfarVDLoVYsD/2UsLsz/QeC0TWKYDF2EYQoSF13svvzrL1xIhriA9EHKHJ/TCJw08FtGRdjhALnLMQo1VXWTOtlJ+VmIw31tJ7DLM0ZXc/QbA+9AUY/aDm1qCIkoHdmt9LLlsw==
ARC-Authentication-Results	i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
Authentication-Results	spf=softfail (sender IP is 195.130.217.221) smtp.mailfrom=btconnect.com; dkim=fail (body hash did not verify) header.d=btconnect.com;dmarc=fail action=none header.from=btconnect.com;compauth=none reason=405
Received-SPF	SoftFail (protection.outlook.com: domain of transitioning btconnect.com discourages use of 195.130.217.221 as permitted sender)
Authentication-Results-Original	relay.mimecast.com; dkim=pass header.d=btconnect.com header.s=selector1 header.b=FrSNcrg3; arc=pass ("microsoft.com:s=arcselector10001:i=1"); dmarc=pass (policy=none) header.from=btconnect.com; spf=pass (relay.mimecast.com: domain of tom.logue@btconnect.com designates 40.107.22.47 as permitted sender) smtp.mailfrom=tom.logue@btconnect.com
X-MC-Unique	s5NckT17PbWoIYiwKESdXw-1
X-Mimecast-MFC-AGG-ID	s5NckT17PbWoIYiwKESdXw
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8v7PdT++7jUrI2vqxjhr52cLhggxEZX7isczGMdvwuY=; b=FrSNcrg3RJXyscPWl6KrtvMNWUGPn3qheH6lMkC1Jg0NIUxZE2abA3wjeNwtzf0uyCc1IH1h/hVcdQM25qr7t1qm9Ex/9bT84cw+fYSpgiH5yWV3C/+ZOA0D5FEn0eQxYPZa5YQ5kQMowoQWi5VLwnnAUXG2lcPQwY4k2Mn1Tbc=
From	Tom Logue <tom.logue@btconnect.com>
Subject	ACC NUM - D0278
Thread-Topic	ACC NUM - D0278
Thread-Index	AQHbZaO/Z7aGRQNBF0Kce97JSf7G6w==
Date	Mon, 13 Jan 2025 10:20:20 +0000
Message-ID	<DB9PR07MB9101EF792FF1E0717DE34B5CF11F2@DB9PR07MB9101.eurprd07.prod.outlook.com>
Accept-Language	en-GB, en-US
X-MS-Has-Attach	yes
X-MS-TNEF-Correlator
msip_labels
x-ms-traffictypediagnostic	DB9PR07MB9101:EE_\|PAWPR07MB9467:EE_\|AMS0EPF000001A8:EE_\|CWLP265MB5497:EE_\|CWLP265MB3331:EE_
X-MS-Office365-Filtering-Correlation-Id	3dd354ef-1211-408e-13b2-08dd33bbe66f
x-ms-exchange-senderadcheck	1
x-ms-exchange-antispam-relay	0
X-Microsoft-Antispam-Untrusted	BCL:0;ARA:13230040\|366016\|7416014\|1800799024\|376014\|8096899003\|38070700018\|2613699012\|27013499003
X-Microsoft-Antispam-Message-Info-Original	MSMdXkB+XzHVFNyH/7Ggw5eRDhYnOYS9kmobWbQuBt/fT2JthbIa+67IaLEeiIa4gNGUGQHDSn/q0HqTGQYjSmD3UbChZR88SOGI79/D8SIQ9lHMJ3V+l1oF/hKKJQQjJ/b4xSA9EdZqWeWC8dJprbwP/+mqQAHtydW9zWmNMoOu6coWz1d4iU6oE3AhZ+if9zzbUmdVi+s4HNYth+AnLivIluZ92ZNio9coepZORqZH1ULfrn3UssoZfioxo7TpDisqngk6NNanKy9lx9lKgidyWpW0XoYJBRttueT1w6iQAH7kB6Px3ZV5FjLqKqT5YmJafIk/bA5y0EW0H2f+BKDhxIAYJV5QJH11xEgaL08JfJTcSYx1QSwH8f6kZz1YnBy35m4XPAMD7i1Iem5CWTo9uK9mvoBWP76BOAbrwPXckAPxd+Y39ua9AHax0qfbt1m1Xy55I29GDw1DVz73KrcONfIEZeg/glh0hjTbpiOVbV6L8RqeAdmgH0UjVdwISmqEhN+an7S3TyfXNhIKB3s4h5dOHJSxDOYoTribkcIg+/x14lgBgG5n0ZTmodJazavGey5VpWZik1K3UQI2mRBwKqGuAjvLe1F2rGwPTnZAobTJQZXAQ2sv2P8eST+kC1WkdbbpkrQM+d8E4QoMjgC9WaMT9etU4IIMIwc6/+i7OatuT0NHOZx54WDTPIYtzZ1IUJyJ03tiC6KnAR4vPoNXP1k9+IrENOpqK7av5O4g3i2m5AAEJksuDZDuinGHHvQqC0IY3N6Teyj4FTgUQYAap1lG1bav9nxPID8APAqeCZ2LyCpxRbPhgIOh1ycv2jn4skm/AtdqkurvYysU/xnRWJ/Jfj4s520JqWtmRp90aPORMIpphDU3FuzZ+mqOkazfqGnp9MPZJe51nL9g50/JQ/DdOc6ykT9vlqETTjRh8e1gbp9nA6nax0bdUXvwIxp9EDVxDdTDGPSkDbu+XiKYl8VPaJF8NioTJrV+bfC+WF6x61wvUdAQUaTulzyLSirOYuEEGk8iZct47VjWlCUIJMn1EdXzZSXtgb3KrWnU/gD0fF+BYhV6SaeNYviHCTVXU5rgdCn+rWZmCcnUg/LU/p5+Di9FQOo+2FzbOHL0GMI1pxVieqNSjbqT08upA6q5m50/iTGQ8hrvOVKkKsHlBFiFWvE3cDXs4RHP4DdK81Lp8zTFvo8MO09RsEAvk4DwFCkEbfa2vttzWQBVj0leorV4xHuXrbI+r/6k3Hb8hXqpU3ZdEMJ3tig9UCwLnQ9YJJBNrN+6T3QDhmoqaMds7EPMCZ82CHzoy1KT1Sm+i7r2oVARAtlcy3ri/jcStoEOlU8wlfnoBbvYovvwBg2TWpv1oSAjPDdNIsRRIAM=
X-Forefront-Antispam-Report-Untrusted	CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR07MB9101.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(7416014)(1800799024)(376014)(8096899003)(38070700018)(2613699012)(27013499003);DIR:OUT;SFP:1101
X-MS-Exchange-Transport-CrossTenantHeadersStamped	CWLP265MB5497
X-Mimecast-Spam-Score	2
X-Mimecast-MFC-PROC-ID	99ePvlCLIQ59xXeOm4noU5WKflfo5MN47OWzJAXyGvc_1736763623
X-Mimecast-Impersonation-Protect	Policy=External Banner;Similar Internal Domain=false;Similar Monitored External Domain=false;Custom External Domain=false;Mimecast External Domain=false;Newly Observed Domain=false;Internal User Name=false;Custom Display Name List=false;Reply-to Address Mismatch=false;Targeted Threat Dictionary=false;Mimecast Threat Dictionary=false;Custom Threat Dictionary=false;External=true
Content-Language	en-GB
Content-Type	multipart/mixed; boundary="_004_DB9PR07MB9101EF792FF1E0717DE34B5CF11F2DB9PR07MB9101eurp_"
To	Undisclosed recipients:;
Return-Path	tom.logue@btconnect.com
X-MS-Exchange-Organization-ExpirationStartTime	13 Jan 2025 10:20:27.4418 (UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason	OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval	1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason	OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id	3dd354ef-1211-408e-13b2-08dd33bbe66f
X-EOPAttributedMessage	0
X-EOPTenantAttributedMessage	6980564e-41fc-4d17-b94a-c150b0b0125e:0
X-MS-Exchange-Organization-MessageDirectionality	Incoming
X-MS-Exchange-Transport-CrossTenantHeadersStripped	AMS0EPF000001A8.eurprd05.prod.outlook.com
X-MS-PublicTrafficType	Email
X-MS-Exchange-Organization-AuthSource	AMS0EPF000001A8.eurprd05.prod.outlook.com
X-MS-Exchange-Organization-AuthAs	Anonymous
X-MS-Office365-Filtering-Correlation-Id-Prvs	503468b0-1a08-48b1-7fe7-08dd33bbe269
X-MS-Exchange-Organization-SCL	-1
X-Microsoft-Antispam	BCL:0;ARA:13230040\|82310400026\|35042699022\|8096899003\|2613699012\|563134004\|44430400038;
X-Forefront-Antispam-Report	CIP:195.130.217.221;CTRY:GB;LANG:en;SCL:-1;SRV:;IPV:CAL;SFV:SKN;H:eu-smtp-inbound-delivery-1.mimecast.com;PTR:eu-smtp-delivery-1.mimecast.com;CAT:NONE;SFS:(13230040)(82310400026)(35042699022)(8096899003)(2613699012)(563134004)(44430400038);DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime	13 Jan 2025 10:20:27.3949 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id	3dd354ef-1211-408e-13b2-08dd33bbe66f
X-MS-Exchange-CrossTenant-Id	6980564e-41fc-4d17-b94a-c150b0b0125e
X-MS-Exchange-CrossTenant-AuthSource	AMS0EPF000001A8.eurprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs	Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader	Internet
X-MS-Exchange-Transport-EndToEndLatency	00:00:03.2334953
X-MS-Exchange-Processed-By-BccFoldering	15.20.8335.015
X-Microsoft-Antispam-Mailbox-Delivery	ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
X-Microsoft-Antispam-Message-Info	LinK9x/x+oSKdwOwBSJ/N/oOIKYkGDofKdHzDbgimd2vucSqiGMYBhpvMMJqLn0H2tWC7Lh8A/C/Y7TFlg/Pc73+9vEOuc8o79OrB9Xd78MROiw2J5dpDy5zUiDTFbvmsapTelvws/tpUnvaVJMXOTfm+/mbBWbSZ8tLmyPeEItm3cXAXes4DxvDc8TkpLExbNjTDLIpFmTArdtu4LYAFjHcJ+Fn3btoiMEWGB3ubUgc6M4KQZ0TEgGciVJh6wFScvOVCQoEaSh0s22tZycdAAhRu1D29+amV/Zzbgk/QomtB9KFKxnZT/UKvX7zeroAD+g7cmPdh2NmkQ2sei7SDqU/tAUIuolkli5+DNm8BEv6j6f6zzb6ODjeLMX66365vzfsD4GTABM1YjyiVKoSXWf+2/BrW7asd/Eo+5wfvhUEj/8aaxcubvaZbgTUZQyYsczjcKxQQuTkUzB9EBoil3uNBJww+qw5eAyDw0W+LjhmspaoGh+rmxXWvB5boqTGl+WCaqfM5DVxBfWzuJ8ENiEaN4mV9GluVz9SJTd45xyTa9bXt0u2jV71HMCbvCy9FvGwRGlmkanU0XHuRPjtlj/l3hKKggDB8c/Kj1zCCGiN2O9g0IOe2rqAvm6rGSfGIYoaGvIaA49RpAZEPShcgXtEBpCA9S8f0XgbdViOsJjF5MIZvKJFdwPd4LVScGUEQzfLgoPxPrQKr7LItOI4KYZgXL0ThoCHT5lb8ADx0cH15tP0lhGLrs1+TUavNP8gajovdY4wdMtbekPJfTzoN/Qg4kjg0absKW8+G6qSK5bFIq0BOSxqs2MK74xJ3rDWA3PDA2oxnpCBZucw0PD/zfmHGT12rVM5hbSrF63ykSz7riWbM/Of66WM7+LzFNIFH+tIdASWmI+dOz+s7wI2z5mPYzOHNHa1EpjsLu6EOpExv+w3skqZGWWCrkQmwESlluuZeiCqbLSoh4HWz9sH3KRn2lKuuPaIIN+j6WnWCPQU0E7rF1b1LAHBR8Kdc5eRpwYpCmfgnMlLnsvf7Qyb+uMrCt/6HTP8rdPKHjTZn/j9XtLe01NUT+vDJEtGqtZYZFLXThrsubWdOFewujoWYNAFsowoUQxs/ozlxY1tBNX1Co2hw/yi28+PGvKMqFcU+lV0u9dxPCC4Pz/YxzxxWITjAMUUjYHWJETyGxNUkR+Cy8xgL4i6gWAiWklwS4eK7Sb3zYOMDQ68cjjZvPfUXXPkf5ZsHc1bZrq+3m0WYP9xfuExBWv3k9TDvG80dHBJIrB37luJ1wzdzCamhZTjwTc8mzuWSbQMl1FwUhVokuhBvyREWiOHmdje1Ccfsa/MRkhWN6k8FL6k65P/rJddSAvZB8XoIN75YGfXACm5oIw8DKFDG/pttjiGNG2YyeJN5V+49DBGZ4yBYfVcBz8fwehM1i7cyWwlwqyGWubceD1H7BlHdVFlY3D7rUpZMZiDkxCm1N4592YKVRhcCz4V0xEvnoXAIOWveDMmJfIZAb0UaDdsgnHR4AszS3mE91u1wo4jk3OusxgZtSvtZ99LvTLmrQro/7f6dSO8Z9S1WyuOuMtoTnU/yxs1xFlN8kK1Oc2+6dH5i2AruNvjq6UTkmVHcTMIQhRN9F7V196kOrf8O5XtdPWC/9FHFBGoTwSQT+T5B/mEGqHkLlIPEBRAt+/tzZB7cRxsLdjeRk/tV3Jg5gv3jL0NOcI4/rGVdiS6h+ziT9kULzX1olwC5ohYPoj3MMuQ4Ph1eYwWl36SVcRG4mi0f/ybNthrro6w7vNT6pXk7d9Fk24shHSnsqOyy661zDI8sWxxLMw5wEIPeZq0PEHFTbCpaVRRK74AmNl4rlQS9AniiD2iFWx52muHOaukxS5kU+ZG9bvqwKMeaVzYvZsbePdrSnUK70THP5KdFUmGAAsLh/NFPvFOlzhOMzSLGGZ99Wl0S7N0nRU+UGzPTwIIwzgTNNobzVwKHJt2F7RwDkL08a1w9JIyviVqrBCXd3je/aWO71YuUKISFTF96TebecYKT1ImOLMuB6ykRXXYgj5wWrD6fnA7h7/uAsyFkZNjRvx2IpeX8jrdhXOJVIhpIIYH/ed0cqWuMOp5mmy9ndC66Fr0A/EBauaXEku2Cr7oj6YxRABPSppkOCYqCTO0MK5hWaoqXZiZlhHdR6mdyqFQP/qRiDAL3D9XTe9IllIoG17UIQJDtXrXSO2a6WRGOgHSElStij7vM8+FAFk+AK3rrPtZVOsJArAXZ2OzOn/jDECw3deQEBTUziWSsrPjMJcorhAeRMlD5qj+BY+gR2Koc0ieTpXZNpoxSMBfp7EJ9dywetYglIANzJmVaRCIyxtAYj5j/aS3pxxlvdIoA9LDKKCj9/OBuXpIxgjlRAUw0yCnJ4oDjkCxKe6+9yJGfPi/Ujaqz64lIFQ5zixkIDnVUEPFyuwgTk1XAoYj9q4UYrd4ZoX74g9GIwbMSmC0+rO7YivVTrQz4bJvKXoHiQWDEhS22xXcvp9EJiZs5Cp+BH4/CLhyMNO1IgFQ4qkD/H29aUb9yZB/ZOGNTZNdLzSs0LREiBZwtIKRh8474HGqH9QNqJ9PUFSZu5khxGac8wCVIaemX2BXvDOhRwJLHiD9/WvjOHLqT/KbnkcN85Uuto7lPwZVFcqep+FPk0kxC2uUZp5DZ2iG+/KbXblWf8djkvnlF1wC7+oRZ6ClwlRh5zGX+dXQSevE8CbPPoPncZurs8DBRcPIIzhjjjVZawnMGKs3eFaOphyKSmx+FnDu68F8tViEwbqpsH/Y1yq1q8v2Uv16WIGd7K9al9AvO2ZNbpzuo1t2TY19Tg==
MIME-Version	1.0

File Icon


Icon Hash:	46070c0a8e0c67d6