Windows
Analysis Report
3WzEuwT4vN.eml
Overview
General Information
Sample name: | 3WzEuwT4vN.emlrenamed because original name is a hash value |
Original sample name: | 1f093ec1b8fe0773dc4d99b15d20da1681a2b845e5398f34c40c441e3c1ad1d2.eml |
Analysis ID: | 1590823 |
MD5: | dd2a8708874f5c99644110152d76b40a |
SHA1: | 06b7cd6f235bf9d4a08d84f85af93358c33ca00f |
SHA256: | 1f093ec1b8fe0773dc4d99b15d20da1681a2b845e5398f34c40c441e3c1ad1d2 |
Infos: | |
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- OUTLOOK.EXE (PID: 2292 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\3WzE uwT4vN.eml " MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 5756 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "CDD D2B0A-C284 -4511-B013 -F373E26E4 8FA" "A45A 43CE-A3EC- 4E48-877C- 36AB5ED5B4 1C" "2292" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
- • Phishing
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
Phishing |
---|
Source: | Joe Sandbox AI: |
Source: | Email attachment header: |
Source: | Classification: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | File read: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 11 Browser Extensions | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 12 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | ReversingLabs |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.113.194.132 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
20.189.173.14 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.109.28.46 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
2.16.168.101 | unknown | European Union | 20940 | AKAMAI-ASN1EU | false | |
52.109.76.243 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1590823 |
Start date and time: | 2025-01-14 14:52:03 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | 3WzEuwT4vN.emlrenamed because original name is a hash value |
Original Sample Name: | 1f093ec1b8fe0773dc4d99b15d20da1681a2b845e5398f34c40c441e3c1ad1d2.eml |
Detection: | MAL |
Classification: | mal48.winEML@3/4@0/55 |
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): dllhost.exe, SI HClient.exe - Excluded IPs from analysis (wh
itelisted): 52.109.28.46, 52.1 13.194.132, 52.109.76.243, 2.1 6.168.101, 2.16.168.119, 20.18 9.173.14 - Excluded domains from analysis
(whitelisted): omex.cdn.offic e.net, slscr.update.microsoft. com, eur.roaming1.live.com.aka dns.net, neu-azsc-000.roaming. officeapps.live.com, mobile.ev ents.data.microsoft.com, ecs-o ffice.s-0005.s-msedge.net, roa ming.officeapps.live.com, logi n.live.com, officeclient.micro soft.com, a1864.dscd.akamai.ne t, ecs.office.com, fs.microsof t.com, onedscolprdwus13.westus .cloudapp.azure.com, prod.conf igsvc1.live.com.akadns.net, pr od.roaming1.live.com.akadns.ne t, s-0005-office.config.skype. com, fe3cr.delivery.mp.microso ft.com, s-0005.s-msedge.net, c onfig.officeapps.live.com, osi prod-neu-buff-azsc-000.northeu rope.cloudapp.azure.com, ecs.o ffice.trafficmanager.net, omex .cdn.office.net.akamaized.net, europe.configsvc1.live.com.ak adns.net, mobile.events.data.t rafficmanager.net, uks-azsc-co nfig.officeapps.live.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found.
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 102400 |
Entropy (8bit): | 4.4987662869802865 |
Encrypted: | false |
SSDEEP: | |
MD5: | D855DB45527658E8C5D7A5F29EC54247 |
SHA1: | 7FAFF6E5CE0D2010D28662ED04D2B9459E8066EE |
SHA-256: | B5057EBF0C5ADE686E7586AF21B2916851AA32AED12C042886F7DA935906E5F1 |
SHA-512: | 4A797820FF052DCE3B47D62D45BA891E611DE03652BF5A5A55201A5273D7C18E9D7B7E3F72A0562FAEBE7222F37816B65372A2A165762B6EEE001D163BCF3C6F |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 663 |
Entropy (8bit): | 5.949125862393289 |
Encrypted: | false |
SSDEEP: | |
MD5: | ED3C1C40B68BA4F40DB15529D5443DEC |
SHA1: | 831AF99BB64A04617E0A42EA898756F9E0E0BCCA |
SHA-256: | 039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A |
SHA-512: | C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 2.4982743564032317 |
Encrypted: | false |
SSDEEP: | |
MD5: | F664507A302F4AE93C8E4A30D95E882A |
SHA1: | AEB0AEB81952E1626CE2BDA3EBDB113C6B1AAC7E |
SHA-256: | 165D08FCFDDC5C34A15E5E919DEE6527477622960D62E0F598EDFDB389C273A7 |
SHA-512: | 9AE48C6A4F80D337D8D2CCD91E983026044AAE45207FB854BE097902E10F3DCA0F698493BF6A9DCA0BCAE659EDD1BD5FD2179EE21D1F33F083B408E25FD1824E |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 3.743164031122567 |
Encrypted: | false |
SSDEEP: | |
MD5: | D8EF76AF4680152D4DDA0F47E18D9B9E |
SHA1: | AC1206CF3323947FDDDCAEF52852BF760011ABBD |
SHA-256: | 0146CA08DFFF27579B06EB7889260AAEAB83B4D412CBA0D520CDE0E71BFA3249 |
SHA-512: | 4BB38923166801536D77698C7CAA490B02A1F33FFF1BC5828A86181A4CACA852BE807904EB2B26C9977F4F8E3E734393EBDA54B416E53D3F9C3E8DFABD89C467 |
Malicious: | true |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 5.774461322427669 |
TrID: |
|
File name: | 3WzEuwT4vN.eml |
File size: | 21'804 bytes |
MD5: | dd2a8708874f5c99644110152d76b40a |
SHA1: | 06b7cd6f235bf9d4a08d84f85af93358c33ca00f |
SHA256: | 1f093ec1b8fe0773dc4d99b15d20da1681a2b845e5398f34c40c441e3c1ad1d2 |
SHA512: | c05cf0a5518c72fa0181b620e42d1c8ab5f7c88418abf77784304945e765e592c5690e179d620db64b02954a30d6bbf8aa80146c5d0a74fe1dbe829714a56222 |
SSDEEP: | 384:YvKV9fxJvKtMQsroltIhiM4XbgrMNsZUZopwQ/qjQELXu:YvSZbv8i8nIhihXsr4siZo7/qjQELXu |
TLSH: | 0DA2C53F428608C5722C0DB9246166BC550FEE7E8ACB3B7CF99E1B51462865CB4C8BC7 |
File Content Preview: | Return-Path: <facturacion2871@gmail.com>..Delivered-To: spam@puzatahata.kiev.ua..DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;.. d=gmail.com; s=20230601; t=1736192583; x=1736797383; darn=puzatahata.kiev.ua;.. h=mime-version:date:cont |
Subject: | *** SPAM *** |
From: | D GOV <facturacion2871@gmail.com> |
To: | diia@mysalesmate.com |
Cc: | |
BCC: | |
Date: | Mon, 06 Jan 2025 19:43:02 +0000 |
Communications: |
|
Attachments: |
Key | Value |
---|---|
Return-Path | <facturacion2871@gmail.com> |
Delivered-To | spam@puzatahata.kiev.ua |
DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736192583; x=1736797383; darn=puzatahata.kiev.ua; h=mime-version:date:content-transfer-encoding:message-id:subject :reply-to:to:from:from:to:cc:subject:date:message-id:reply-to; bh=vF8j6sgOL6rA5s9Jx/5Q9NtAXpgq2QXTTuDyn9Vxb7Y=; b=BqMnsJa981DyQXGjEprQNjOda0CHhZSHBmxBQTo+REuk8ONKNPFIjAiNqtfhL16bAe NzCl+Vh9z+WnhL7rU7UpsQzu7yD0IOPVM1PEnW8M6YVh2+BS/rdrpyzGX9FbRi5v64EG T+OuzqwdAPS0lXfRhjKlsltxmPg5fMU7K6sBUoXBrR9WtelGhXqnRx2vu78AOvLVbHz5 UM3HLzhaRg3CCvGJ1bLwFVHi/G9EaMOmvVwQC86gLSNWVprDStLf2POQLNZtxDSFazbj iC6vrFO48qJmCBohgJ1XnfDbi6juRpm4y0dXoKKMyyNvXK9+KQWpUj9g9/VrDW8tpxFd ogkA== |
Authentication-Results | mx1.puzatahata.kiev.ua; dkim=pass header.d=gmail.com header.s=20230601 header.b=BqMnsJa9; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.puzatahata.kiev.ua: domain of facturacion2871@gmail.com designates 209.85.222.172 as permitted sender) smtp.mailfrom=facturacion2871@gmail.com |
ARC-Message-Signature | i=1; a=rsa-sha256; c=relaxed/relaxed; d=puzatahata.kiev.ua; s=dkim; t=1736192584; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:dkim-signature; bh=vF8j6sgOL6rA5s9Jx/5Q9NtAXpgq2QXTTuDyn9Vxb7Y=; b=XO+XQDMdtfVQ7D96kSFdjh0Zwa5iMqR3+VqvBUSgmDMn0BgScN6xeVmsyVtq/At34VfIfY Y5mD71o5gJeOHDtnlJmE5mBAmmEnJyxgcvmEpKPoK9aG84OisaVHqxPoF1fGA4cKgZ6TjW xkJtYOgQvEx5ZaFV9qGmlNMysQULpMatJq8t4grV1l46ke2UpEOextDoEyoTydOGTTiyvl XCAHlWFr/ekoxvXWNZMoxxUwB9xDXWJbX4hkysMzhv0tGIC3zG1CBq8AN6E0pyIaPXTInC Rq74moLvaGOjj2L+f8ofSCuDAjRc/Mg3lWCQ88k8qEEg4h0zbDWJw4x6aety4w== |
ARC-Seal | i=1; s=dkim; d=puzatahata.kiev.ua; t=1736192584; a=rsa-sha256; cv=none; b=c9g0IAJv+g1VyQ+Ha1GxoCfhHNu0qlErzOrdrZHLGXQD7NdmC1NQa+1GsbZIdDoxBZG6HJ 3AtJjtuC/P649m5QkI6w11/pw3HIYVjog3/oQbwBgLjggTr7sOWfQy7bUbAjBQDwb2RlwZ iSG1aqWxRUOJiy653c1r0ZmsnPm3+KUE6HBvJYk3LNBovXDiZKHTsfwtxewqar9vHP1o4j dVb9UzpDkvxSNqWTAORfXDY8FuiYdBZl/iF8R7BxebhVIRkshkvvYsFYMeXjWKQ88Liupz /OqgTthuudOiwQHZluRvH/oYzjyNmNn/j0MAdY8vxdScMw0n6RbV8+UPM8GQ3w== |
ARC-Authentication-Results | i=1; mx1.puzatahata.kiev.ua; dkim=pass header.d=gmail.com header.s=20230601 header.b=BqMnsJa9; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.puzatahata.kiev.ua: domain of facturacion2871@gmail.com designates 209.85.222.172 as permitted sender) smtp.mailfrom=facturacion2871@gmail.com |
X-Google-DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736192583; x=1736797383; h=mime-version:date:content-transfer-encoding:message-id:subject :reply-to:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=vF8j6sgOL6rA5s9Jx/5Q9NtAXpgq2QXTTuDyn9Vxb7Y=; b=VSOkiP+UBQwbl9fCAMWWqRIsInERFXha0FCqwLQyKWnFzlK5AYBer3yQd8ZdcqsAdI l3ixwWoObN6SgkZe74X29iVLs0Svt4r+7Ish5orHb8lmw2HkXHMYzyZv1c2JTIsaJuaq tkrX25J1kutyGA12/hGoDMFQdGeQMz7CxzJad49XG/uLEC4/LzkrS18+I4wLCSWI20br WctZ2p4YjgICMC5Qb5Cg8+Q9/QfNA66qyz8lfW3nMDz++AVJpuENJrgjZB6tqRJFN9k6 wiNpzduL0eQ8m+Sfb2zQ+uWhULZVfkMwhToZD1l8AMjrenawOHejcVSGEL6UmrkoYxRg SZaw== |
X-Forwarded-Encrypted | i=1; AJvYcCV+XUL2lSQgIEUtEZxPVQkEZ9hc3CTB9Qn7OmzUHC6iSY4g2Bps3GwBxqIn+p1JNyTbmfmf@puzatahata.kiev.ua |
X-Gm-Message-State | AOJu0Yx+LpEOJiFkkQEMcfwbl3J0XUdT+T+C2Ohk01rKhR5cFuYCMDig Ib9ESifWYgm5yWHgevekJ9Fd9NWZYJV74JT35fCprBAjAZ3JFH98 |
X-Gm-Gg | ASbGncuSC8xDHBXh+LTXOypFZ4NwYlDdpcmQrQzxy1ad5gXrRpGvv20ALpZyCRxHbrh y1hoC4+hWSUfa3AI+NXaIJz/DjkSGvcXkL9UliIiHoVhUKEw7mvd5r94s38CZvZhnCaCGuVR306 TKiF0+grff621Xeg35mGU6FKZFiEGIYXPWB79MEbo4EjVf2uPKFSNs3y0UK4kftRzsYHd2WSnlK fBPibSaCfsM/ZCgPkf5RVix3zmhbXDqQhgU+e/ft3+fvuSFLBluov6aShX6IeO+X4QcQfpe8AcK eSHHYg== |
X-Google-Smtp-Source | AGHT+IHfBcCFv8ZWC3ps0yId2kSAtC+Y6Xq/MRq+Mm2Wp01wTOBFX//yWFtT6ji1C+0MxmuAUfXQPA== |
X-Received | by 2002:a05:620a:28c9:b0:7b8:5511:f725 with SMTP id af79cd13be357-7bb90348a3bmr86820385a.23.1736192583095; Mon, 06 Jan 2025 11:43:03 -0800 (PST) |
Content-Type | text/html; charset="utf-8" |
From | D GOV <facturacion2871@gmail.com> |
To | diia@mysalesmate.com |
Reply-To | D GOV <facturacion2871@gmail.com> |
Subject | *** SPAM *** |
Message-Id | <tpgg.salesmate.io-e8ba9168-b68-4752-7e7f-78708d74e719@salesmate.io> |
X-Mailer | Salesmate.io |
Content-Transfer-Encoding | quoted-printable |
Date | Mon, 06 Jan 2025 19:43:02 +0000 |
MIME-Version | 1.0 |
X-Rspamd-Action | rewrite subject |
X-Rspamd-Server | mx1.puzatahata.kiev.ua |
X-Spamd-Bar | +++++++++ |
X-Rspamd-Queue-Id | 75D44C0B9077 |
X-Spamd-Result | default: False [9.64 / 10.00]; ZERO_WIDTH_SPACE_URL(7.00)[diia.gov.ua]; WHITELIST_SENDER_DOMAIN(-6.00)[gmail.com]; SEM_URIBL_FRESH15(3.00)[diia-id.com:url]; FORGED_RECIPIENTS(3.00)[m:diia@mysalesmate.com,s:info@puzatahata.kiev.ua]; BAYES_HAM(-2.91)[99.61%]; PHISHING(2.07)[diia.gov.ua->diia-id.com]; BAD_REP_POLICIES(1.10)[]; REPLYTO_EQ_FROM(1.00)[]; RWL_MAILSPIKE_POSSIBLE(1.00)[209.85.222.172:from]; NEURAL_HAM_SHORT(-0.41)[-0.830]; MANY_INVISIBLE_PARTS(0.30)[2]; XM_UA_NO_VERSION(0.30)[]; MIME_HTML_ONLY(0.20)[]; MX_GOOD(-0.01)[]; R_SPF_ALLOW(0.00)[+ip4:209.85.128.0/17]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:~]; FREEMAIL_REPLYTO(0.00)[gmail.com]; FREEMAIL_FROM(0.00)[gmail.com]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; DKIM_TRACE(0.00)[gmail.com:+]; HAS_REPLYTO(0.00)[facturacion2871@gmail.com]; R_DKIM_ALLOW(0.00)[gmail.com:s=20230601]; DMARC_POLICY_ALLOW(0.00)[gmail.com,none]; ARC_SIGNED(0.00)[puzatahata.kiev.ua:s=dkim:i=1]; HAS_DATA_URI(0.00)[]; TO_DN_NONE(0.00)[] |
X-Spam-Level | ********* |
Icon Hash: | 46070c0a8e0c67d6 |