Windows
Analysis Report
Invoice#1427743190.eml
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
OUTLOOK.EXE (PID: 7068 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\Invo ice#142774 3190.eml" MD5: 91A5292942864110ED734005B7E005C0) ai.exe (PID: 4660 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "1BD 3D1C1-6621 -4DDB-BBD6 -2D7BAF0F0 92D" "7B45 B0E3-4C62- 4C0F-A278- 5FEEEEDABF C4" "7068" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) chrome.exe (PID: 6964 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized --sin gle-argume nt C:\User s\user\App Data\Local \Microsoft \Windows\I NetCache\C ontent.Out look\33TXK KFF\.svg MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 6280 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=1976,i ,912221325 6895341260 ,500563452 0328275627 ,262144 -- disable-fe atures=Opt imizationG uideModelD ownloading ,Optimizat ionHints,O ptimizatio nHintsFetc hing,Optim izationTar getPredict ion --vari ations-see d-version --mojo-pla tform-chan nel-handle =2196 /pre fetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: frack113: |
- • Phishing
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
Phishing |
---|
Source: | Joe Sandbox AI: |
Source: | Joe Sandbox AI: |
Source: | Joe Sandbox AI: |
Source: | HTTP Parser: |
Source: | Classification: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | File created: |
Source: | File deleted: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | File read: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | Key value created or modified: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File Volume queried: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 21 Browser Extensions | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Modify Registry | LSASS Memory | 1 File and Directory Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 1 Process Injection | Security Account Manager | 13 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 File Deletion | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Extra Window Memory Injection | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.250.65.228 | true | false | high | |
s-0005.dual-s-msedge.net | 52.123.129.14 | true | false | high | |
inv18993383.cloudfaxservice.de | 172.67.158.181 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
52.109.4.7 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.250.65.163 | unknown | United States | 15169 | GOOGLEUS | false | |
52.123.129.14 | s-0005.dual-s-msedge.net | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
20.189.173.12 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.251.40.142 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.65.228 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.65.227 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.32.110 | unknown | United States | 15169 | GOOGLEUS | false | |
172.217.165.142 | unknown | United States | 15169 | GOOGLEUS | false | |
172.253.115.84 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.35.163 | unknown | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1647680 |
Start date and time: | 2025-03-25 06:32:15 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | Invoice#1427743190.eml |
Detection: | MAL |
Classification: | mal52.winEML@23/3@4/101 |
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): svchost.exe - Excluded IPs from analysis (wh
itelisted): 52.123.129.14 - Excluded domains from analysis
(whitelisted): ecs.office.com , dual-s-0005-office.config.sk ype.com, ecs.office.trafficman ager.net - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - Report size getting too big, t
oo many NtQueryAttributesFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtSetValueKey calls fo und. - VT rate limit hit for: file:/
//C:/Users/user/AppData/Local/ Microsoft/Windows/INetCache/Co ntent.Outlook/33TXKKFF/.svg
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 106496 |
Entropy (8bit): | 4.514718434632564 |
Encrypted: | false |
SSDEEP: | |
MD5: | 66B9E1EAEEF2A4ABF26B217668AC2E3B |
SHA1: | 504BB449572487210FBCF4F965B9119B31B28034 |
SHA-256: | CE08940E3E1AA49EEC9E2E264B23F1F4564E0F39540273E64260D665E7FDC08D |
SHA-512: | D1FF0D89BD3BDF1CC42E43A9B8B63CC07EAFC11A9E0790727804778E4791A7F6BFD7F106585BC9B6176AE33B31BA7E057B1BCE6E1AB93BDF139F9F38FB5E1D94 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 271360 |
Entropy (8bit): | 2.5354741026486476 |
Encrypted: | false |
SSDEEP: | |
MD5: | ECC960EBB4B187C04A67762BBB26274E |
SHA1: | 88ED756F7D53E861BF10CEC6940B5B15887D5EB7 |
SHA-256: | 73D49D2C2E494646A5532FD7DCA8B12FE4B7523721AC2BFFD76BDCB8996C5EA7 |
SHA-512: | 2A9638505199CC15C5046E5A81FC71B2AA913A2C956FC9B04C7C57F149970B163CCE875418EF798321037B9B3034303148F25922FE2DF740CB63F3D3B2F426A1 |
Malicious: | true |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 2.7518749878623554 |
Encrypted: | false |
SSDEEP: | |
MD5: | B9EDAFA749D22B6AE32E1BAB1C3036D3 |
SHA1: | FF71474B29FBFD4A4F814D36DD4239BF91388641 |
SHA-256: | D8B0CD3F2FC1E48023461E9B11425F277D5947EB0256798D12FCFCA93EBF5DB0 |
SHA-512: | 52A041E3274A601949AC068D408EB961739A837971C0460FEA4EC2E950C7583C985486F19BED0F6CC5F3066720FDDA0BC65AC1C5438A0C3D84F57B48C817F95E |
Malicious: | true |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 6.064412685473984 |
TrID: |
|
File name: | Invoice#1427743190.eml |
File size: | 13'330 bytes |
MD5: | 36fc49527d7c4a4327cd23b5ec47d36c |
SHA1: | d14990e4b3538bc4197d666a189bb69dd92e33f7 |
SHA256: | 1ce989f8801deb9488e7fd1ee49fecdd079ca8a1dd4766bb7d04a2f6335bc727 |
SHA512: | 4291ad253cae72452b74ffbb4f17731a35f9ff684026c92fa1b3edeffeb454621c8c0600201b52115c79088a493c6555edd66da552ace35ad4f22e88ddb4df2b |
SSDEEP: | 384:+v4aoqSFNdCCsapBXUVbIVemUsGDYGcRriBS8C1ec5Yd/:+gawFNdktIVLGDw1U/ |
TLSH: | 0E526B1A5E3B0C319BD015DC1C78BE4FA2DA2F8268BB51E03A5A85D200421EF5BC56DF |
File Content Preview: | Received: from ME3PR01MB7342.ausprd01.prod.outlook.com (2603:10c6:220:137::7).. by SY4PR01MB5929.ausprd01.prod.outlook.com with HTTPS; Tue, 11 Mar 2025.. 22:29:57 +0000..Received: from MEWPR01CA0067.ausprd01.prod.outlook.com (2603:10c6:220:1de::12).. by M |
Subject: | Invoice#1427743190 |
From: | sales@seytrax.com |
To: | chris.garner@casa.gov.au |
Cc: | |
BCC: | |
Date: | Tue, 11 Mar 2025 22:28:51 +0000 |
Communications: | |
Attachments: |
|
Key | Value |
---|---|
Received | from [127.0.0.1] (unknown) by geopod-ismtpd-4 (SG) with ESMTP id KvyYbSq6QMW46YyOeG8rbQ for <chris.garner@casa.gov.au>; Tue, 11 Mar 2025 22:28:51.114 +0000 (UTC) |
Authentication-Results | spf=pass (sender IP is 149.72.154.232) smtp.mailfrom=em200.seytrax.com; dkim=pass (signature was verified) header.d=seytrax.com;dmarc=bestguesspass action=none header.from=seytrax.com;compauth=pass reason=109 |
Received-SPF | Pass (s5casaseg.secureintellicentre.net.au: domain of bounces+35120025-a98c-chris.garner=casa.gov.au@em200.seytrax.com designates 149.72.154.232 as permitted sender) identity=mailfrom; client-ip=149.72.154.232; receiver=s5casaseg.secureintellicentre.net.au; envelope-from="bounces+35120025-a98c-chris.garner=casa.gov.au@em200.seytrax.com"; x-sender="bounces+35120025-a98c-chris.garner=casa.gov.au@em200.seytrax.com"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:167.89.0.0/17 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:198.37.144.0/20 ip4:198.21.0.0/21 ip4:192.254.112.0/20 ip4:168.245.0.0/17 ip4:149.72.0.0/16 ip4:159.183.0.0/16 include:ab.sendgrid.net ~all" |
X-CSE-ConnectionGUID | xCI/3B/aQpuMVUI/tdxE0Q== |
X-CSE-MsgGUID | hp0LL7ZlQ0ikIa0j/kVaRw== |
Authentication-Results-Original | s5casaseg.secureintellicentre.net.au; spf=Pass smtp.mailfrom=bounces+35120025-a98c-chris.garner=casa.gov.au@em200.seytrax.com; dkim=pass (signature verified) header.i=@seytrax.com |
IronPort-SDR | 67d0b927_4S1JQQT79ioPYOIVOxqTbOIZ/XijD+F/xS81jkL2IZw2MsD el6Tutgm8AM2NGr2mzvotE5ySoFwI6FkgbdXL2w== |
X-SEG-AV | None |
X-SEG-Scan | whitelisted_sender |
X-ThreatScanner-Verdict | Negative |
X-IronPort-AV | E=Sophos;i="6.14,240,1736773200"; d="svg'217?scan'217,208,217";a="2811629" |
DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=seytrax.com; h=content-type:content-transfer-encoding:from:subject:mime-version:to: cc:content-type:from:subject:to; s=s1; bh=jZpNqmM0DMe2JfBtkpXvOYzJld+EUEb2wmVpHd3UatQ=; b=QS1FcEJDq642Q5G0uzsWn+w173kaFENPG0bVbH617gN6RSOdD52qeCmVls5mwDja3brX StreB0mEN++SZbC3mah9jdC99ZlHqHHF733shQ2xKLBebLdgkw97P7t86tMEm4r5kE8ZET f/UKUtE6FBmiS7h33wg4bo2+TDPnrUuihlhhnom9RGDJOprR3LrQicOIo83+F+8RqoRQ83 52eD/WN6brwjzIgmc2Yx4/6wYsiB83HWLiT06THTPjvOE9ekkmbV7sdF3vsQt16xIkrnaW 4cFDKPk3j8Cz/eYMWjRaDyaRxxsKlYtBaD52pkqD01PgF/d7dOZyjAU3O7uYi4mw== |
Content-Type | image/svg+xml; name=".svg" |
Content-Transfer-Encoding | base64 |
Content-Disposition | attachment; filename=".svg" |
From | sales@seytrax.com |
Subject | Invoice#1427743190 |
Message-ID | <a09b5db5-0e14-5a14-3f7b-4fd574d16f45@seytrax.com> |
Date | Tue, 11 Mar 2025 22:28:51 +0000 |
X-SG-EID | u001.oknQl3iCARn/Fw+zmbSPX/ZhO/QXJDb8l91gQs4HxsZoB1gABJsB83GaqoLXDUTQme0m6AXoHOJywYOrXk73DT++gYMgz9DLEFiCFwYy4jyDgkT8pQawhpeHUwpqSDvAVOB4fMd5sxSiEaisWBB0sNcSHWQwIQCnVeXXY0MtmRaYFmBLqi+e3riMKprkkN0Sx5KRPmrHCRRX1L9p/W/RqA== |
To | chris.garner@casa.gov.au |
X-Entity-ID | u001.OHwfc4nOvBQp2DzmxLSeww== |
Return-Path | bounces+35120025-a98c-chris.garner=casa.gov.au@em200.seytrax.com |
X-OrganizationHeadersPreserved | CBR50EXM04P.casa.local |
X-MS-Exchange-Organization-ExpirationStartTime | 11 Mar 2025 22:28:55.5766 (UTC) |
X-MS-Exchange-Organization-ExpirationStartTimeReason | OriginalSubmit |
X-MS-Exchange-Organization-ExpirationInterval | 1:00:00:00.0000000 |
X-MS-Exchange-Organization-ExpirationIntervalReason | OriginalSubmit |
X-MS-Exchange-Organization-Network-Message-Id | 4ed9557f-0974-4e14-eb6e-08dd60ec1c0e |
X-EOPAttributedMessage | 0 |
X-MS-Exchange-Organization-MessageDirectionality | Originating |
X-MS-Exchange-SkipListedInternetSender | ip=[149.72.154.232];domain=s.wrqvwxzv.outbound-mail.sendgrid.net |
X-MS-Exchange-ExternalOriginalInternetSender | ip=[149.72.154.232];domain=s.wrqvwxzv.outbound-mail.sendgrid.net |
X-CrossPremisesHeadersPromoted | ML1PEPF0001130A.ausprd01.prod.outlook.com |
X-CrossPremisesHeadersFiltered | ML1PEPF0001130A.ausprd01.prod.outlook.com |
X-MS-PublicTrafficType | |
X-MS-TrafficTypeDiagnostic | ML1PEPF0001130A:EE_|ME3PR01MB7342:EE_|SY4PR01MB5929:EE_ |
X-MS-Exchange-Organization-AuthSource | CBR50EXM03P.casa.local |
X-MS-Exchange-Organization-AuthAs | Anonymous |
X-OriginatorOrg | casa.gov.au |
X-MS-Office365-Filtering-Correlation-Id | 4ed9557f-0974-4e14-eb6e-08dd60ec1c0e |
X-MS-Exchange-AtpMessageProperties | SA|SL |
X-MS-Exchange-Organization-SCL | 1 |
X-Microsoft-Antispam | BCL:0;ARA:13230040|29132699027|3072899012|5062899012|2092899012|12012899012|82310400026|4143399015|3092899012|4053099003|3613699012|43540500003; |
X-Forefront-Antispam-Report | CIP:203.19.118.18;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:s.wrqvwxzv.outbound-mail.sendgrid.net;PTR:s.wrqvwxzv.outbound-mail.sendgrid.net;CAT:NONE;SFS:(13230040)(29132699027)(3072899012)(5062899012)(2092899012)(12012899012)(82310400026)(4143399015)(3092899012)(4053099003)(3613699012)(43540500003);DIR:INB; |
X-MS-Exchange-CrossTenant-OriginalArrivalTime | 11 Mar 2025 22:28:55.5454 (UTC) |
X-MS-Exchange-CrossTenant-Network-Message-Id | 4ed9557f-0974-4e14-eb6e-08dd60ec1c0e |
X-MS-Exchange-CrossTenant-Id | 70a593b6-9064-47f5-9925-39d2dc35261c |
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp | TenantId=70a593b6-9064-47f5-9925-39d2dc35261c;Ip=[203.19.118.18];Helo=[mail.casa.gov.au] |
X-MS-Exchange-CrossTenant-AuthSource | CBR50EXM03P.casa.local |
X-MS-Exchange-CrossTenant-AuthAs | Anonymous |
X-MS-Exchange-CrossTenant-FromEntityHeader | HybridOnPrem |
X-MS-Exchange-Transport-CrossTenantHeadersStamped | ME3PR01MB7342 |
X-MS-Exchange-Transport-EndToEndLatency | 00:01:01.6410007 |
X-MS-Exchange-Processed-By-BccFoldering | 15.20.8511.025 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910005)(944506478)(944626604)(4710137)(4712020)(920097)(930097)(140003)(1420198); |
X-Microsoft-Antispam-Message-Info | iEau6/2M36GgbZb+zBgx+//bvntoO8U3e8NV+jks9bY+BDHuUxOCFDvlsJPf9Yi1aP3WSj5/F/JI87XfK5poLiWkS2o6HN6koozaAhfMb6Bl418ZJxmAPde68+tge7dDSgr/ykXITOaGkg+9v338TijLZmNV0S8I1nSptXKrat9tCBuZVeiikDkm9efu4G8vF6wYjYZ7Tg/HkeXG1OrALd9MllaL65iDdNnJK34/nKjAbduJobwJzsSAPUMnjDNwW1REFG3DPgq7Nk1pzsEICpVqgHWXPX/5Unu2JLEiJpIwR9ToNxRuoUbjE0UiRIsZ3a6ue1+v+zfVH33zOm7rpXKRfoL/FYRi2R/x1l6f2LjjjaC4orzqy5Kl9tunAXQDLSJuME0xPZaEcD765W0o41nh5kZUgKrtzcLIdcViXIj/yOazYBzkSphY4IBTs2FBzvsnhZ5bcw2DWPJ/4qxEjsDURryXpEdU9H+zviL2PBdCaUEcgIWW/oTifE4gsqWThP1n0gqUx5CBbutH9df2+NA2XH5PULUV3H7W9Mn/uI+D/b5rbGhWjCukPxEQcRLC5wVs+W8YO05nVJ8pZVw5QdyWd0qLE6PvG7bgFD1kqCytSX44lwdNxixdhrVZaIZJr1znEMBXtIP7MNaz5PNh6jZ5QZKB5kl5qKJuoXvzBS0uM915wD6VNQHAYTOgbn1ykC7KMR3vB6UWQCDN8EabPKB+wHvpHaH77ZysYHlpa73kdVI48Fr03CPOI0Ke6CpBJwrHXDNq2HFhvWaGZW3VYoibl/98/D21Uqxfmi8NvYz+g1KpwwSlCKodyPMJ+j6a5lIqi1ZKX3p5Gvocd9AYiRPbPdr5lFY4AtwF40JhJoWCX9rm0PLQz9kbKoHGNgbc1A7cYDw1Nr0QVHmaMO6HokN67TFalFlY4HbmlpNSxXg49yU72g2GE8wXhQw75uSykE5geKUcOYdpmnE2/9PD799pSETcgZ4Sr/HvIWznzsSbXngoD84mlASMWk1Ws6NsMiBx3Wkb+a9Cf6FIvHmHMMm7a5HYxbhqPnm1fPgMXAoTW070z3LxA3kmgtm1wphPgowu2ssSP82DGByEhkRp5wYZGZh3WS5j5ASL3kLzJsV7+mX12YLQ2F5xnSVyVgH/nbzST1qYD+cCYakf2t1P/mJxqB9IfSEkokwAYcFGC8DD14ROTpMzF6OdeUV2esLhuCt9NZRgyA0f8WZBxQQHQ2ZGTH79/jilgeGPrAZ0Oi4seP7PuzqQOLIjX4S1J6Q/Gt+q17BK/qEZI9wk0k92R28HAAsGZVZgD/u/y080WALYEtTQOIWT0awAH1ox7hurtMqJlKr8rnM7c2vuM2e/khuOB+sy3Zq6KF89s0Ep8/BAMsXAvApk2+idGFnX+HUZk6iD0MiIhLtpy10GIKGsK+D3Otrwu4HMAlC48BgOibJ/DAzXeLsYBNoM4sJhMSUBYr4vWYuesPeiRniQEVxptPaVDAkokbXN65UpvQSyvpbin8LxBBwI2BlM6JXXsevBXaRcMf2hmELBSu40/ZVwVJwGc6fEVrr+fjcW6Ej7/y62Jeb682ASbUKO7SCu8QqLt/A8r0G/4pkGR1KcsIhOMeyiQUO/DBBay1sCprDfTHxcHnbTWkflzqsonqJLCx926IbhUhI6U2rTjXkzD32Gpa5IrMONksEqiGonHs8hjGjyl+ekXs75VLqVc8hdwghIwivgnuy5lYh2XLINVVJKnxiMwZgQgMAy1YnpO34UumVyrV+Y3qxnL6ob86707cXmebOAFYXqNAQJQkeUlYuawpjMcJUnM1xYKOpGChnqoSLnOiCr3uqE9Y0b0ljfwyDl96LL831hMaZkxYYkqHmPOU7QpuIHKhaRs3hEzO2BYRV0+dA0t2PNHj5z8cyjAEPfg4xG0GkV3PWaLGRon2vMep6BT0mztZUMR9IZqXEO6U4cotAykk9Xn8iAymUrY3ok |
MIME-Version | 1.0 |
Icon Hash: | 46070c0a8e0c67d6 |