Windows
Analysis Report
phish_alert_sp2_2.0.0.0.eml
Overview
General Information
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
Analysis Advice
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
- System is w10x64_ra
- OUTLOOK.EXE (PID: 3572 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Root\Offi ce16\OUTLO OK.EXE" /e ml "C:\Use rs\user\De sktop\phis h_alert_sp 2_2.0.0.0. eml" MD5: 91A5292942864110ED734005B7E005C0) - ai.exe (PID: 1864 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \root\vfs\ ProgramFil esCommonX6 4\Microsof t Shared\O ffice16\ai .exe" "915 E857C-AE5E -4ED8-A591 -A057A1D5B C0F" "1EBA 292B-A959- 459E-8BAB- 06B87A4529 56" "3572" "C:\Progr am Files ( x86)\Micro soft Offic e\Root\Off ice16\OUTL OOK.EXE" " WordCombin edFloatieL reOnline.o nnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD) - chrome.exe (PID: 6304 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// ucasm-ci.o rg/univers ite/critic al_login_n otificatio n.html MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 6556 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2232 --fi eld-trial- handle=194 4,i,163325 9757195250 5129,84968 4494928376 7507,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- cleanup
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: |
Source: | File created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key value queried: |
Source: | Window found: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | Key value created or modified: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File Volume queried: |
Source: | Process information queried: |
Source: | Queries volume information: |
Source: | Key value queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Modify Registry | LSASS Memory | 13 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
ucasm-ci.org | 158.69.168.192 | true | false | unknown | |
graficaonline.com.br | 186.226.58.28 | true | false | unknown | |
www.google.com | 142.251.215.228 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.113.194.132 | unknown | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
158.69.168.192 | ucasm-ci.org | Canada | 16276 | OVHFR | false | |
142.250.217.78 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.217.67 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.217.99 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.217.110 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.215.228 | www.google.com | United States | 15169 | GOOGLEUS | false | |
20.189.173.26 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
173.194.203.84 | unknown | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
52.109.28.46 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
186.226.58.28 | graficaonline.com.br | Brazil | 262954 | VirtuaServerInformaticaLtdaBR | false | |
199.232.214.172 | bg.microsoft.map.fastly.net | United States | 54113 | FASTLYUS | false | |
104.98.118.147 | unknown | United States | 20940 | AKAMAI-ASN1EU | false | |
52.111.246.17 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.109.20.39 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
IP |
---|
192.168.2.17 |
192.168.2.7 |
192.168.2.6 |
192.168.2.23 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1438438 |
Start date and time: | 2024-05-08 18:21:20 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Sample name: | phish_alert_sp2_2.0.0.0.eml |
Detection: | CLEAN |
Classification: | clean2.winEML@18/14@8/189 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe
- Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.109.20.39, 104.98.118.147, 52.113.194.132, 52.111.246.17, 52.111.246.10, 52.111.246.11, 52.111.246.16, 199.232.214.172, 142.250.217.99, 142.250.217.78, 173.194.203.84, 34.104.35.123, 20.189.173.26
- Excluded domains from analysis (whitelisted): officeclient.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryAttributesFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: phish_alert_sp2_2.0.0.0.eml
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 338 |
Entropy (8bit): | 3.4482660751239402 |
Encrypted: | false |
SSDEEP: | |
MD5: | 56C8E5AE42EE69FA1F9EBBA425E9DDA8 |
SHA1: | 3D8E8AC3F2E0739465A420A96E4801DF9AFE2F0B |
SHA-256: | 50BC1F3F42564B213F46355D0A9C773401E5029D54D394FE6BEB124F88175BE5 |
SHA-512: | 1B1EF0FDECB8CC30355DBD9FD0B3222371A06F485271F60286673E0DD2D80BD8EC2B01796B20C610D9593574A6BDF86FCF8756AF850F448EB293C08C6360346E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 231348 |
Entropy (8bit): | 4.376212208395857 |
Encrypted: | false |
SSDEEP: | |
MD5: | 80C062D4B0D9C5442AB2366513798A24 |
SHA1: | 3A56A4B24154DE1FE0CA389913B517A51A7C65C9 |
SHA-256: | 31B365D678F8B836AD57FCB80D5DF7F51B54155067F62A5D118114F33B345F78 |
SHA-512: | 65E7C4ACF5FFBAAB47147BD1425294EFE001ED335756506A84C627C833A3D474B98EEDC42DBEB4D31FDB7699282D2732CB920F92F59CC6321D1BD9B6686A6604 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 322260 |
Entropy (8bit): | 4.000299760592446 |
Encrypted: | false |
SSDEEP: | |
MD5: | CC90D669144261B198DEAD45AA266572 |
SHA1: | EF164048A8BC8BD3A015CF63E78BDAC720071305 |
SHA-256: | 89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899 |
SHA-512: | 16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 10 |
Entropy (8bit): | 2.1219280948873624 |
Encrypted: | false |
SSDEEP: | |
MD5: | 9476B03967B37FE5AD5CD09A1520B40D |
SHA1: | 938D07354EB21DC9CB2BE15918FBFDE3B2B9824E |
SHA-256: | 1718741C982376530FEFBC81318463AF137B1F194AC2A79E57B6EA339A4DC3BC |
SHA-512: | DB01D2194EC6E6645644687BFF661E46E16D34F987C05A6C5DCF314CB67FBAEA5B92C79F7547A328B1D0394A7D19016AE140A5FEF0B87D36A4012B9D7A5E6316 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\29562B8A-FD24-45A8-88EB-943122267417
Download File
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 166208 |
Entropy (8bit): | 5.340937128167958 |
Encrypted: | false |
SSDEEP: | |
MD5: | DED5EE08C6EA93DADB8CB31F11EF607F |
SHA1: | 6DBB94C291537008F5FD7AF5405D29B55E993CD7 |
SHA-256: | 256428263FE1D60E4DE17A0F1EC6C6EFC7AD26593EFAEBD3E274086F3EEB40F5 |
SHA-512: | 323763687890425DCBCE9B876C979F14BFC03C136107D0352A5B8861F3EFE23E8CA49BC326C501CD9C47908BA6D93D595B0CA84199C2F808AFEEF23810377E8E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4616 |
Entropy (8bit): | 0.13640804182083316 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1E8DA3AB96A5BBDA7831D20CA8833FC8 |
SHA1: | 4F1F7E2E88C1F2BF098C5CD6FB6B448F6A0692B0 |
SHA-256: | E65B66D7D674E7E504F82C39960272E48F75132A631BB467D905AC921B07AECF |
SHA-512: | 7A21744BF655C7A4212F3280BB91588E5BDE942F7E37E7DD3D77311CCFDF31929FF13845CD5184B36B4851AAC28CE4DD2E3B05B246C5E2D27962532813F4652E |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 1.2389205950315936 |
Encrypted: | false |
SSDEEP: | |
MD5: | B86C1378F8436598B926ADA5D1079673 |
SHA1: | CBB1AE8314D8F83EB65E31B77AE1C4F06EE86452 |
SHA-256: | 4A7AF95823CCA22BAB1C79F892734E00069172C42C18D25CDED550DD7C87C191 |
SHA-512: | B5A96613E1546939C89C552D96A9698DFC2787F5B4CC7CDD3628C76EC845F36118FA413B232B88F73F580299C129C9410964186AD02BDACEEB256BF852CA8AB9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 18 |
Entropy (8bit): | 2.725480556997868 |
Encrypted: | false |
SSDEEP: | |
MD5: | A5E51FDFAF429614FB5218AB559D299A |
SHA1: | 262EC76760BB9A83BCFF955C985E70820DF567AE |
SHA-256: | 3E82E9F60CE38815C28B0E5323268BDA212A84C3A9C7ACCC731360F998DF0240 |
SHA-512: | 9B68F1C04BDE0024CECFC05A37932368CE2F09BD96C72AB0442E16C8CF5456ED9BB995901095AC1BBDF645255014A5E43AADEE475564F01CA6BE3889C96C29C9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9952497791043906 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1203B43E74C6C8F9EE360DD1A8D66CF7 |
SHA1: | 4B8B7501F0A937C0EBCFDD57F10B80BD56273EF1 |
SHA-256: | 9C5BA6578B0DE27D8B0A1148515E6BAF8E9E6D2EFCC75C8E805CB5192A7E388F |
SHA-512: | D63D49382072D67CD568EBAA42A5A355AD5A95AC4C4C70658497199A7ADDFB371B37131659B5292200E210AB6FE3F06530946A652A91E7F481DAA342D8476747 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.010303840256914 |
Encrypted: | false |
SSDEEP: | |
MD5: | 792F8C5667468E73026FEC2CFBCE0EC7 |
SHA1: | 33773C1EAB11846883E0AF021AA1397B3540085E |
SHA-256: | 6469BA4F55D472F6F003505616BCADB0773D16818E28533A243BB6B66AEDAA5B |
SHA-512: | B40A3C54ACCD89129F6A631579B85208908C8FAFCD84064BF7DE983F17C3083E2B9828F378A78E4F926FFCCF7F2E0FAA666AB58E86FF7131C48D0E3E66760302 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.0193018615625835 |
Encrypted: | false |
SSDEEP: | |
MD5: | 84BCF8C0D2EEB28FB86895792F10705A |
SHA1: | 43FA2CF4C89DFC4D34383033D67471DA991C794F |
SHA-256: | EE98DB2C23B842F923062CCC449C32EB7CB8CF1D5CB6796039E8AA1829CA83F1 |
SHA-512: | E0044A0E1AF53A3C2EDA0385DC6AB39B97647C23B05C3C315B5DAC0E14F99B285FF82E0E987270FE9CF9C66CE33B94B84859AB40BC032C84B06B4181A474A02F |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 4.009451027120586 |
Encrypted: | false |
SSDEEP: | |
MD5: | 1AD93D01BB93B99A14503EB8C94D439B |
SHA1: | 59AB3E40E88A4D22BBD66A0F6C671C11C1AA4022 |
SHA-256: | 13AC7D7A3B047404F59761A66EDB3B1B8A05C880C6680759FF22E9A06D656FF6 |
SHA-512: | 0DB30C07C4D91BCC3ED8C2938702784CBD2356E1593EB46C76EEC5E6EAEC33B5535B1919A5795140E1BF7F67B24B8FD837E5857209FD6FEC330DE1BE57F31363 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.996812542934521 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8EA593D569F117515B0832C37CD2C22C |
SHA1: | 7A7ACCF5A8AF96BE153E94E83F33A6BE3178F3B1 |
SHA-256: | 13BFB20A44DAA6B5462D7A94EE0D48D278D0639AEC159508F6F66ECD79169CF2 |
SHA-512: | C71D63359BD73EB0DA1997E4DA638646E60DBEA21D5D84D64A0F79D7D2B8E2616079F50E300FF55498129B764C71F63A10FDE319FA654E038B91B82F619C9B00 |
Malicious: | false |
Reputation: | unknown |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 4.008329135382137 |
Encrypted: | false |
SSDEEP: | |
MD5: | 40FD44D0EBA00FA72526E14857D33A4A |
SHA1: | DFC8A15C7E28D794B19CA00EE9F3DC5E7F2BA1D6 |
SHA-256: | 38FB2AEBDB16DDCEBCEB540B118EB451EB28648A74508D41A877AB6B5CB96965 |
SHA-512: | 92CE315D5EAEC0FA6390C26113BD9586B73292EC3EB707A45F95F903D542FD419CCD65FB6FEC5C7F7EA35948A06C9BB24B812CD5B5C8FC58BC31ADB47A18CEBB |
Malicious: | false |
Reputation: | unknown |
Preview: |
File type: | |
Entropy (8bit): | 6.126008292186626 |
TrID: |
|
File name: | phish_alert_sp2_2.0.0.0.eml |
File size: | 32'321 bytes |
MD5: | ffdd9a9e3a0cbfa99ba79d23b526cf54 |
SHA1: | 279a4686e1fbbb7e2572a4c42c68314db10d3d48 |
SHA256: | 0864c9f802e9208ab5e494d6358ce99123b585eea300eda2078744dfe56e6e09 |
SHA512: | ba5600cd67a29e09431f766c2481d1ff9a10421611dc9ef766f36c7b1d724bb3471dd10cfe5171b52234225b58b4e2a869232415094739cbffab1d397f39b6f2 |
SSDEEP: | 768:w/HUdGT42mNST/EoNAQpD/Mc7q9A4Fj0AFMPdduaAl4jR:w/HUdGDT/E2X7M6I0+l4jR |
TLSH: | 2CE2AF529A902962A9B306DA93367902E25B30C298F3D4C17FDD86C117DE98D3F29D4F |
File Content Preview: | Received: from SJ0PR17MB4957.namprd17.prod.outlook.com.. (2603:10b6:a03:3b9::22) by CO3PR17MB5791.namprd17.prod.outlook.com with.. HTTPS; Wed, 8 May 2024 14:44:15 +0000..Received: from DM5PR08CA0056.namprd08.prod.outlook.com (2603:10b6:4:60::45).. by SJ0P |
Subject: | Unauthorized access from new device (102.78.36... |
From: | SINCH Mailgun Centre <rbcfulfillmentcentre.32395@edu.faesa.br> |
To: | "Charmayne T. Bernhardt" <charmayne.bernhardt@vailhealth.org> |
Cc: | |
BCC: | |
Date: | Wed, 08 May 2024 07:43:04 -0700 |
Communications: |
|
Attachments: |
Key | Value |
---|---|
Received | from mail-dm3nam02on2126.outbound.protection.outlook.com (HELO NAM02-DM3-obe.outbound.protection.outlook.com) ([40.107.95.126]) by esa1.hc2054-55.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 08 May 2024 08:43:09 -0600 |
Arc-Seal | i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GzouqajvYsfucgpvzB85WWPK/noeKCAsQp+b1vVLx7MxG3MC4adNJTpNtZrGsvyq5fYL8cYXwq5l8tDLAto8yk03Sduy/4FK2LhYw5rexYS8tbtBSjpkm7i1PQEr28XYMO8/1DfTl9fV16ZIQcKr347EvqcbDLHNTo2q7TtRSfwGUVt1pa48XccgOF87MrbJfL4c2Ti/nGtfhZTJPKpa+pXVsppaXAkYwNo9UjfBrftzg5Kx0HoqGQZqDbCKiwfKxWmYrv5UYUiz8hgS/ecl4K2zOz76KIm7x9/rJPvCpXkQPHr79gwYrz4yASaKiBm7F8dTxRDt8OC51iFc1lcZrQ== |
Arc-Message-Signature | i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Kqlhtc7SM1KgDjB8h1CY0IYjoe8tdL+jFUWLey8H8Ik=; b=Gmy0KrX3xzn40OVSFlqVUWsf0DXeua9RpffqUTMJWA/Y9zFBK05DUkTB7orVJykYSKYRQh8LsqRoAKZhfR6ErY/6L0zo+pxX54Uscp3IOvgqnroZ5y1ZxvUinwySDHFlexvw4ZKBbTt8MlP0vJbD4L0wIRf2rdgrkaLYfXKeMDKOf52FggfXyOp8+zFrHLpxHJpHl8j9kuuv63mePbYJ/BkB629TjJLnsLluYMTuJj0CRDGo3+AlEH6ULgdhSL0RJ9Ed09XOhO/p33mvUV2Q5NgV7SCZtmoZxecF2P9QdE4xsD5ZvpJT0pjNSfOfAYBWqP1ymRlwEMZIEL3NP7C/WA== |
Arc-Authentication-Results | i=1; mx.microsoft.com 1; spf=permerror (sender ip is 185.192.125.150) smtp.rcpttodomain=vailhealth.org smtp.mailfrom=edu.faesa.br; dmarc=fail (p=none sp=none pct=100) action=none header.from=edu.faesa.br; dkim=fail (signature did not verify) header.d=rbc.com; arc=none (0) |
Authentication-Results | spf=permerror (sender IP is 216.71.149.123) smtp.mailfrom=edu.faesa.br; dkim=fail (body hash did not verify) header.d=edufaesa.onmicrosoft.com;dmarc=fail action=none header.from=edu.faesa.br;compauth=none reason=405 |
Received-Spf | Pass (esa1.hc2054-55.iphmx.com: domain of postmaster@NAM02-DM3-obe.outbound.protection.outlook.com designates 40.107.95.126 as permitted sender) identity=helo; client-ip=40.107.95.126; receiver=esa1.hc2054-55.iphmx.com; envelope-from="ll8zuhnp.if488wryDoNotReply@edu.faesa.br"; x-sender="postmaster@NAM02-DM3-obe.outbound.protection.outlook.com"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/49 ip6:2a01:111:f403:8000::/51 ip6:2a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 -all" |
X-Cse-Connectionguid | JqlOLV3WRHuB2nPjn0AJUg== |
X-Cse-Msgguid | yTV6k+KgQuyZZxpKTCqJ0g== |
Authentication-Results-Original | shw-ibgw-4002a.ext.cloudfilter.net; spf=pass (shw-ibgw-4002a.ext.cloudfilter.net: domain of prvs=8453ce841=rbcfulfillmentcentre@rbc.com designates 216.71.135.41 as permited sender) smtp.mailfrom=prvs=8453ce841=rbcfulfillmentcentre@rbc.com; dkim=pass header.d=rbc.com header.b=5TH8F9+v; dmarc=pass header.from=rbc.com |
Ironport-Sdr | 663b8f7d_ImqkHqg9NqHpzRHSMJpqVCowRZWDzm8d8NXOiPEfntCH0+K 8bFzhurRpMGyvH2dWnyT3FwUpzOv4kIULWDFF9Q== |
X-Ironport-Remoteip | 40.107.95.126 |
X-Ironport-Mid | 13966841 |
X-Ironport-Reputation | 3.4 |
X-Ironport-Listener | IncomingMail |
X-Ironport-Sendergroup | UNKNOWNLIST |
X-Ironport-Mailflowpolicy | $ACCEPTED |
X-Threatscanner-Verdict | Negative |
X-Ipas-Result | A0GJBQBrjjtmhn5fayhagliCHCh6AlYzAQhPA4RTg0+FLAGIQSyJGJR1FIERAxgWNwEBAQEBAQEBAQk5CwQBAQMBA4R6AwIfiBUgBwEzCQ4BAgQBAQEBAwIDAQEBAQEBAQEGAQEBBAEBAQIBAQIEAwIBAQIQAQEBASAZBw4QJ4V0AQyCYDtrXkcBAQEBAQEBAQEBAQEBAQEBAQEBAQEBFAIZDBA0OBEdAQEGMhIxBAEBEwIvLzWCXgGCMAMxBg4GP6NbAYEVARY/AigBQAEBC4ELhUmEQ4EygQGCDAEBBmIm2hwYgkMDBgkBgSYFE4Fggg6BBIM8ASSBMQKEIocSgT8IhhcDgRh0EgkCgxEzgjaOMywPglyDR4UXgjuCBFkPW4IohlmBbQNZIhABJCcKExcLPgkWAhYDGxQEMA8JCwcfAyoGNgISDAYGBlkgFgkEIwMIBANEAyBxEQMEGgQLBzgzCkCCEjMEAwIjBBNEAzSBBIFUgTaBLApRhGmDPYIghCBLf4N3gXgOYohNHTYKAwttPRkcFBsGIqIRBDeCORAGhD8UgScBAQGVZ400WqBqAQYBASqDa4wOjXuHcBODcox+iTCECYt4h32QZSCNVJUWQ4U0BoFlOoFcTSKBb4FJTwMXAg+PTwECgkmFFIR4t38mMgIIMQIHCwEBAwmIcDJoQh4BAQ |
Ironport-Phdr | A9a23:v1cvrBJrL9QEY8XwJNmcuHNvWUAX0o4c3iYr45Yqw4hDbr6kt8y7e hCFtLM31weCAtqTwskHotSVmpioYXYH75eFvSJKW713fDhBpOMo2icNO4q7M3D9N+PgdCcgH c5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTajZb5+N gu6oAvNusUZg4ZvKLs6xwfUrHdPZ+lZymRkKE6JkR3h/Mmw5plj8ypRu/Il6cFNVLjxcro7Q 7JFEjkoKng56sLzuxbMVAeC+HQSXHgOnhVHHwbK4hf6XozssiThrepyxDOaPcztQr8qXzmp8 rpmRwXpiCcDMD457X3Xh8lth69VvB6tuxpyyJPSbYqINvRxY7ndcMsUS2RBQMhfVDFPDYygY IYUCuoNIfxVopPhq1cSrxazAxSnCuP1yj9Pg3/7xbA03ec5HwzY3gIrAtUAv27VrNXxO6cST Oa1x7TWwDrdafNWxS3955bVeR0mu/GDRq5/ccTMyUkrGQPFj1GQqYjgPzyL0OQNr3SU4PRmV eKzkW4otRt9rzaxysoijoTEhpkYxU7Z+iVk2oo1K8e3R1BgYdG+CpdfrDuaOpJwT8g/TG5mp Dw0xacauZ6nYicK0pInygbfZfGFcYWE/hLuWPuPLTp3mH9ofL2xiRiy/EWkyeDwSNS53VdIo yZZj9TBtHEA2h3X58SaSvZx40Os1zaA2g3Q7OxPPE46la3eK5E7w74wkIIesVnfESDsg0X2i baaeVkl+uSy7OTneLrmq5mBPIF3kgHzKqsjltClDeglLgQDXXKX9OC82bH54EH1XrRHguUrn qTasJ3WP9kXq6qnDwNPz4ov9RayAy273NkYgXUKKk9OdhKAj4jzIF7OIe33AuqhjFSqkzlr3 +jLMqDiD5jNNHTPjbPscahn50JB1gY+zcpT649UB70dJv/4R0//tNvCDhAiMgy73vvoB8t71 o0dQWKBGrGWML/csF+P/OIvIPGBaJIWtTv9MfQp+vrjgWEjlVMAY6Wk3YEbZG24E/h6JUiSf GDijc0bEWgQuwozVOzqh0OGUT5Uf3u8R74x6DYnBI64FIvNSIejjbKY0Ce8BZJZeHpKCleRE Xf0bIqEXOoMaCSPLcN7ijwET7+hS5M/2h6yqA/6yr1nLuzO9i0fqJLjyNx15+rUlREx7zB7E 8Od02SVQ2F1mGMHWSM20bhwrEBh0FuPzLR0jv5CGdFX5/5FSBo2OYDdwuBiDtD9QAPBftOHS Fa8RdWmBCk8TtY1w9INYkd9BtWijhbb3yawAr8VmbOGCZ83/6PSxXjwJ8hzy3He2qkmk1koX tVANXWihq9/7AXcGZPGk1iDm6akb6sTwjXN+32ZwWWVpkFUSAhwXr7dUnAFekTWtcj55l/FT 7K2FLgrKhFBxtKaKqtWdt3pik1LS+vjONvEeWKxnn2/BBaOxrySdoblYHsS3D/bCEgEiQ8T5 2uJNRQlCye/uW3eDThuFVLxbEz29el+tHO7QlUzzwGQYE1tz6e6+h0UhfyZU/4dxr0Ktyk/p TtoAFuz2craC8GYpwpvZKhSe9wz7ktA22zWqwJzIoWuIbx6il4FawR3sVvh1xVpBYVElsgnt GkkwRZvJ6yFgxt9cGbS1pD5ILjeO2//uhqicajW00vSzP6I86YL6Pkxr0nj+gazGQBqp35n2 sNQ2mqa69PAARAUUZvrXlof6RF7o7HXay0h58XTz3I6YoeutTqX4PMPL8tt7x+he9hCNuuvG QnuCcBSU9KkI+I3n1aoahYBMeZO/6MyI9mrMaDcg//2FOtsgXSohGlc6cZ3yBTfpGJHVufU0 sNdkLmj1QydWmKk5L/Ams3skNkCZTpIRjfjjHW5Qo9JZqhiO40MDDTmONW5k+1znZvAQWRf7 ha4Ak8ensqgeB6cdVv4iAlUhVYKoXq/3yq2k2wkjCs4gq252zD0zvzmZTIKNnMNSmBvll6qK 5Lnx8sCUh2QZhMy3ACg+V68x6Vfo/FnKHLPRE5TYyXsB0dLd/Pq85anOItI4p5utjhLWuOhZ 1zcUqT6vxYRzyLkGS1Z2Sw/cDap/J7+mnSWkUqlIWx2gWDDfts4hRrE7YWaRfULhmdaAXQlz zjPBl2sedKu+IfcnJ7FtOeiMgDpHpZUazPmxp+EpWO643FnGwWlkuz7gdDhHQUgmSbmy9lnU znJpxfgc8Hq0aq9K+duYkhvAhfy8c1/f+M22oc3gZgR3zAdiN2R+SoVjGf1KZNa1/6uPGUXV BIM5dnJ2gX93FxLI36UgYzwW26UhMF7JrzYKisX1i8788FWGfKR5b1AkzFypwnwpgbQbP5h2 zYFnKd2ridC3KdY5Ux0lHvOZ9JaVVNVNiHtiRmSut2lpfwRZG31KeXskRcj29G5DLSS5ApbX SWcGN9qEClu48F4KF+J3mf079SufN2Af88TsAXSkhmc37hKMoMdkdwNmRBqIWbslXAp1qg1h BF11NewpsLUTgcltLL8GRNeOjDvMokX/mH/kKZYhoCX0dz/Top7CxkMepz0d/+wFCM6uPj6c QiHHSY17H2BU+m6f0fX+AJtqHTBFIquPnecKSwC1dtVQx+ZNSSzmSgsVS4h1t40DQnzgszqK h8kunVMuxj5shtJ2qRjMBytGmvYoQ6pbH8zRv39ZFJO6Rpe4k7OLcGExsRaOnkCu7GE90mKI GHdYBlUB2YUXEDCH0rkIrSl+djH9a6fG/a6KPzNJ76JrIk8H7+EyImu3Y1v4zuXfpnXeCA6U LtqhwwaBy4xEt+RgzgVTi0Liy/BJ9WWohux4Gw/r8yy9ujqRBO65YaLDOg3U50n8BS3jKGfc u+I0Xohb28AidVdmDmRkuZMlEQfgCxvaTS3RLkbvHeLTKmKwvILSkNGLSJrNM5Yqak721ooW 4aTh9Xr27p/lvNwBU1CUAmrnsX5d9EKJXn7NV2bVBaULqWqIhvM3/v6eaetYbBckaNavhCrs HCRCQWwW1bL3ymsTB2pPexW2WuDOwdCvYimbht3IU7KaYq8LzGea5pwhzBwxqAojHTXM2JaK SJ7b05GsryX62Vfn+l7HGtCqHFiKKPX/kTRp/mdIZEQv/xxBy1ynO8P+2w0/LxT6DAXDOwwg ibZqcRi5k23iuTagCQySwJA83wY4eDD9VUnI6jS8YNMHGrJ7A5Yp3vFEAwE/pNkEoG95/gWm 4KJzOSrb24fu9PMoZlAX46NcJ3BaDx5dkO3fVycRAodEWz2byeG3xQbyLfKsSTJ5pki9sq1w MZIFuAdDBptUapFQkV9Qo5YKc8uDGp9yOyV0JZQtyj58Em0Jo0Sv4iZBKibWay9cW/A37cYP 0Bak/SkfMwSLtOpgUU6Mwsjxd2YFRaIBoId+nU5PF1z/RwokjA2T3VtiRjsMlr/uSZKR/Dox kVkgVMmObZ/s2q1q1YveAiQrXNpwhBowIfr3WjKIjCpdP/iD8YLUWKxvkw1ePsTrC54YRD0k 0VpLz6CTagD0dOIlEhNoSqE495jPKUZSqdJJhgN2fuQevMkl0xGrTmqzlNG4u2DDoZ+kAwtc tinqHcSgmpe |
Ironport-Data | A9a23:sAq5IquTOVxBwb8gc6iF2Ub4KefnVFpVMUV32f8akzHdYApBsoF/q tZmKWmOaf7cZGryeY0gPd629UIE6sXVxtExHlZv+X9kFSIU9ZOVVN+UB3mrAy7DdceroGCLT ik9hnssCOhuExcwcz/0auCJQUFUjPzOHvylTrafYkidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw/zF8EMHUMja4mtC4gRjPaAT4jcyqlFMZH4hDfDpR5fHatQMdgKKb 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v1T2M4nVKtio27hc+ada jl6ncfYpQ8BZsUgkQmGOvVSO3gW0aZuodcrLZUj2CA6IoKvn3bEmp1T4E8K0YIwptZMLF5x7 O0iAhMBRAuh18uT54KBc7w57igjBJGD0II3nFhFlWucIdN9BJfJTuPN+MNS2yo2ioZWB/HCa sEFaD1pKhPdfxlIPVRRA5U79AuqriWnNWQA9xTE+OxuuTa7IA9ZiNABNPLRfoyYWMVThgCZq D6Wr3vjEz0dEtuD8zed9mOEi+PS2y3yVZkbUreinhJvqATIlzJNWEFPPbe9ieSWkh/jC+phE FcJpzF3iqwvqWGnceCoCnVUp1bf5URABLK8CdYS4wGE0K/d8gCUQGIJVDhBYcYqqOcoTD0u1 lKAm8/pQzt1v9WopWm1876VqXa+PHMTJGpaPygCF1JfvZ/kvZ05iQ/JQpB7Cqmpg9bpGDb2h TeXsCw5gLZVhskOv0mmwbzZq26cnbX2cRck3C/0Uki+zFNQQamVXbX9vDA38s18BIqeS1CAu l0NlM6f8P0CAPmxeMqlEb1l8FaBt6ftDdHMvWODCaXN4NhExpJOVYVZ4TU7KEIyNM8BIWXuZ hWK410X44JPNny3a6Mxe5i2F8kh0annE5LiS+zQad1NJJN2cWdrHR2Ch2bPgggBc2B1y8nT3 Kt3l+7xVh727ow6lFKLqx81i+ND+8zH7Tq7qWrH5xqmy6GCQ3WeVK0INlCDBshgs/rZ+V2Lr IcBaJvUo/m6bAEYSniPmWL0BQFSRUXX+biq8ZwIHgJ+ClY4Rz16W6eBqV/fU9U8wfkFzo8kA U1RqmcDkwCj2hUr2C2Pa3t5b6joU4o3pnUhJUQR0aWAihAejXKUxP5HLfMfJOF5nMQ6lKIcZ 6dfJ62oXK8UIhyZoGt1UHUIhNc+HPhdrVnTZ3bNjflWV8IIejElDfe9IFK/pHJeVXDm3Sb8y pX5vj7mrVM4b1wKJK7rhDiHljtdZFBEwLgoDXjbaMJeYlvt+4VMIin8xK1/acIVJBmJgnPQ2 w+KCF1K7aPAsq0kwunv3KqkloaOF/chP0x4G2KA0626GxOH9UWewKhBct2yQxbjaE3O9p6PX 95ll8PHDKVfnXJhkZZNLLJw/Kdvu/rtv+B7yypnLlXqbnOqKLdSAkSb78xhsqYX66Jovyq3f mmt+dBqH6qDF+24MVwWJSsjNv+i09NNkBbszP0FGmfIzw4pw6imCGJ8ZwKtjg5ZJ5tLaLIV+ /8r4pMq2lbumygUPcajpQEK0Wa1d1grcbgt77MeC6/V0jsb8ElIO8HgO3Wn8aO0Sot+N2cxK WWpn4vEvbNXw3TCf1cVFXTg2el8h4wEiCtVzW0tdki4pd7YusAZhBFh0yw7bgBw/CV11+heP mtKNUosAY6s+zxuptZIXkHyOgVnKSCaxHfMyAoypDWEd3Wra23DF31iGOCv+EtCzXlQUAIG9 56lyUHkcw3QQufP4gUIV3VIldnfXP1q1wibmMmYD8WPRJY7Rjz+g56RX2kDqjq5IMBsrnH7j PhOwdxWTLyiKx8VnrAxULfC5LFBERqBHXFJYdN/8Iw3H23zfC+42GWQJ3CLYckXdubu9GmmA fdPPeNKbQy1jwyVnwAYBIkNAr56p+Eo79w8YYHWJXYKnr+cjzhxurfC33HaqE5yZP5xgOAvK Zj0dT2QIlePhHBRpXDBnPNENkW8f9MAQg/2h8Kxz8kkCLMBt/NKY2gp877poUiQDhRrzyiUs CzHeaXS6e5okqZovon0F5R8FxeGEszyWMuI4TKMnYx3N/2XCvj3tiQRtlXDFCZVN+FIW91Iy JK8gOSu10bB5LsLQ2TVnqeaLJZw5OKwYfF2N/zmJ3wLjAqAX87RuyE4wV6aEqAQst1h5ZiAf TCaOe+Qbt8eXulPyEJFMxZ+FwkvMIWpT6PCix7kkdGyJEkz7Qj1Iumj10fVVkBAVypRO5TBG g7+4PmvwdZDrbVzPhwPBtA4IppGI1PYBK4XSOPjhALFD2Kpo0ijv4H6nkEK8gD7CXijEef77 6naRxP4Sg+AhaHQwPxdsK1wphcyDkshsdIvf0kYxcF6uwq6AEECM+4ZF5cMUbNQrQDfy7D6Y 2vrQFY5KCCgQwlBTwrw0O7jUiibGOYKHNXzfR4t3kGMbhaJFJGyO6Rg+ghg8kVJVGPals//E u4n+1r0IhSV6bNqT7xK5vWE3MFW9smDzXcMoU3Ag8j+BigFOooz1VtjIRFsUBLWGMSchWTJI mkIHVp/en+ZcnKoM8hceC9yIio77QPfl2BiKW/FxdvEoIyUwdFR0PC1aam5zrQHa99MP7IUA 2/+Q2yW+W2Nx3gPou0Ttsk0hbNvQ+e+diRgwHQPmSVJ901x1ogmAy/GtQwmaZl4vSJ6SBban DTq5GUiDkOYLkwXwKeR1QgC55N2VDQLEi3Niwn84zTBlHTVCvDHLgOywluTxY7Y8sDeU4dwG F/+r3p9Z3WbuCaiqzBzrf1drEbv7QT905Xben5Ac64eWStAhIOQ+H6NHq36Ox9sHKV4+7hp |
Ironport-Hdrordr | A9a23:oZSxDKANF+2WIZ3lHei8sseALOsnbusQ8zAXPh9KJCC9I/bzqy nxpp8mPNrP+VUssRAb6KS90cy7LQK4yXcb2/huAZ6OXBPtvWOpKI14x43uz1TbalHDH4JmpN ZdmstFeajN5DpB/LXHCWCDer4dLcG8npxA7d2+854Hd3AZV0gW1XYxNu/0KDwHeCB6A6AyHJ 2ww/MvnUveRZyVBf7LZEXsg4D41pX2fbHdEFU7Li9iwjOjyRmv77n3GQWZ2BAxbxNjqI1SlV TtokjS3Inml+u05CP9+gbonvNrce/au5F+Lf3JptkJAT3qphetfe1aKsa/VX0O0aSSAVAR4b +82mZcA+1Dr1D2QlqTiT6F4Xib7B8er1vZjXOIi3rqpsL0ABo8Fsp6nIpcNiDU7kIx1esMkJ 6iiwii2KZ/PFflpmDQ9tLIXxZlmg6funw5i9MeiHRZTM83dKJRhZZ3xjIOLL4wWAbBrKw3Gu hnC8/RoNxMd0mBUnzftm5zhPSxQ3UIGAucSERqgL3P79FvpgEl86Ik/r1Hop5AzuN6d3B83Z WCDk28rsAXcicUBZgNRdvpD/HHVlAleii8f156EW6XWZ3vBEi956IfwI9Fp91CK6Z4jqfa3q 6xFG9whCoKd0znJcmH3JgO0xjLTWCwNA6dvP121txBtrP1erzxM2mjQFcilsfImYRpPuTrH8 yTBtZxON/MaVDFILsh5W3DcqgXFEI3f+I0kL8AKiqzi9jWM5TtrfHzfPvOK7LgCz5iXmv+Bz wEWzzyLt5H9EalRzjzhhy5YQKiRnDC |
X-Talos-Cuid | 9a23:tuH3+2ugGFo8MVlVTHcTXi146It5Qkbw80jJMnWSKmpDU5/FYHq3yJldxp8= |
X-Talos-Muid | 9a23:abEzcAbD2JYHIeBTqhD01WwyDPlT+LnzExkqlYhblsW7DHkl |
X-Ironport-Anti-Spam-Filtered | true |
X-Ironport-Av | E=Sophos;i="6.07,247,1708405200"; d="scan'208,217";a="1960474" |
X-Amp-Result | SKIPPED(no attachment in message) |
X-Amp-File-Uploaded | False |
X-Ironport-Inbound-Banner | Applied |
X-Mga-Submission | MDEYG865FeP2R8p/Ei9gWw4e3dFP1PmPP4yLiXPkJ9XIL3SIEyFlLwEQS8Ttmg5LZSCUdd3ljhTMeXgmt3BbT0m+dySrUUFd9kD6vHkNZ4//mqSia382eJ/x55LWvQ9KmnI5jHSQQBOILNdnwOu+xhAH |
Dkim-Signature | v=1; a=rsa-sha256; c=simple/simple; d=rbc.com; q=dns/txt; s=RBC; t=1714655540; x=1746191540; h=date:from:to:message-id:subject:mime-version; bh=c5LMVoU3r5uFZHDImBzVzk4z6dbTcTSj26sQ7DzF1fs=; b=5TH8F9+v0/jQsNV0gRtzYLOaEsKLij0QU2OURZapx/b1EVPNwGn4nokk df3jQVs7KI9mPXUnkOAFqRHUjfpdyybfZXZomO6ZV6ov1MSZ2Bhxkgajf 5+E1wNJWdE2CTpXY25inMRd9Z8xktOYgNSjDJ8JlCl+6/BUrxbPUge64F VKBzPFKkWThHl2JbJfDcOYpE2EQDTDXdy8jYv4xOe1nooFBp8q+fjejzn Dun522df/ZfYBsboawUvJNfzHZbEcQhntbAzPg0Nqmd8cV0OwS2LjJhA5 zaDeJopczK+A/4Q9JykvhLDe+TT9N3hqyW2GJtGbRPhupzYCcFM8cIW51 A==; |
X-Ms-Exchange-Authentication-Results | spf=permerror (sender IP is 185.192.125.150) smtp.mailfrom=edu.faesa.br; dkim=fail (signature did not verify) header.d=rbc.com;dmarc=fail action=none header.from=edu.faesa.br; |
Return-Path | ll8zuhnp.if488wryDoNotReply@edu.faesa.br |
X-Shw-Orig-Rcpt | westernoffshore@shaw.ca |
X-Authority-Analysis | v=2.4 cv=I6zGR8gg c=1 sm=1 tr=0 ts=6633913c b=1 cx=a_idp_d a=2Iyjdt7RV5vIZNNPQ76ExA==:117 a=2Iyjdt7RV5vIZNNPQ76ExA==:17 a=TpHVaj0NuXgA:10 a=fmD_JHji_u0A:10 a=1aDYQK28AAAA:8 a=dXVGZaIvAAAA:8 a=ugMSXX19BVcGZ4BAVLEA:9 a=2CuH74qrS3bknK6I:21 a=_W_S_7VecoQA:10 a=QEXdDO2ut3YA:10 a=op97kHZnuq4A:10 a=I7kiWFAN-pQA:10 a=6FV3I5y8eeIA:10 a=_q0_23XmFo88nGPBWSc9:22 a=HH7FIXwXL_sUf1zzYxQd:22 a=jWr6V4IEnpsbooOZh93r:22 a=UHHi6PeMp6s7W3s98eAc:22 cc=prm |
X-Traffic | APPLICATION |
X-Extbanexmp | true |
Disclaimercode | True |
Date | Wed, 08 May 2024 07:43:04 -0700 |
From | SINCH Mailgun Centre <rbcfulfillmentcentre.32395@edu.faesa.br> |
To | "Charmayne T. Bernhardt" <charmayne.bernhardt@vailhealth.org> |
Message-Id | <-69121071.21098493.7767358709712671.JavaMail.wasadmin@87105925> |
Subject | Unauthorized access from new device (102.78.36... |
MIME-Version | 1.0 |
Content-Type | multipart/mixed; boundary="----sinikael-?=_1-17151823874260.5503596938242141" |
X-Pegawork-Handle | RBC-BANK-XCS0 BUS-12682692 |
X-Pegaemail-Handle | DATA-CORR-EMAIL RBC-BANK-XCS0 BUS-12682692!20240502T131147.568 GMT |
Thread-Topic | (RBC-BANK-XCS0 BUS-12682692;DATA-CORR-EMAIL RBC-BANK-XCS0 BUS-12682692!20240502T131147.568 GMT) Request Resolved - RBC Reference # BUS-12682692 |
X-Cfilter-Loop | Reflected |
X-Cmae-Envelope | MS4xfIq6PERVCH6Fg8fqtHnvQ+kRdRdrHBlBfWwb0kF2jwODi1rfey3k1bnWpwjgymL/AH/U8Qv2TFWOxs9Oi08iZk+evXkNZXJOyNfvwZ7uIRJhAImx2s8y PnUv0EfaZsfs9p7V+T+TWLii6kA4Yg93gA9WNR4/oPhxVOUopjOV4f4IXvLMYnfm1BWQ1391J96WY6Q3v1mtILztZ+o6+NClrHVMARe+pz/w4SrVcw+wT3WB NLB7ByKAyZOdnknsjBK3Sw== |
X-Eopattributedmessage | 1 |
X-Ms-Traffictypediagnostic | DS3PEPF000099E1:EE_|CH3PR20MB6422:EE_|DS3PEPF000099D9:EE_|SJ0PR17MB4957:EE_|CO3PR17MB5791:EE_ |
X-Ms-Office365-Filtering-Correlation-Id | bc5117cc-1498-4c8e-480d-08dc6f6d2eea |
Support@edufaesa.mail.onmicrosoft.com | From |
X-Ms-Exchange-Senderadcheck | 1 |
X-Ms-Exchange-Antispam-Relay | 0 |
X-Microsoft-Antispam-Untrusted | BCL:0;ARA:13230031|36860700004|82310400017|376005|61400799018; |
X-Microsoft-Antispam-Message-Info-Original | K2Ps7cSqx3kI3+JwzGG5x8QumbFHGbhyl8Y8YAaFRQsSSV4BGX4ygd2ZBfBiQB+WMo4lyd2uwD9ZPjUV6MqBT9VKF9CfV0Py/OMqkvlAyUbRQ8ojFW+dgyyUbBXzrKSrZ/ZCpT7hj459A94jolLYI8ibbrQkUuE5jbTLXxTDqqr+nSiJuy9wTQKfoLQ8TgwZ4INerw1hgor4O8NY7gGoWV86+nkkI+7+8RvX0Qxl0BUTLOvsvUluca/HWZSdssKuBb/7urbhtAIioS9ATL2vSIskkMPW+ie3GoKEjkGy3TPeNqAMjGbqyxqpUAij3jlORsN58ijpkpoKIaq9MgBAxRHn5xu5K8A3KJSd71ekq9UEKWkNRG3ItpIYMa7YfBaq/8PCHw9LjOlqbBtR6IbY/ouZyUR+IeUqaLM9f6fDOeIq1YQa0+z4tfwATDcLzErA/Ic6oB/KA7EDJ2aZn+86/AjJPfXAhtCacTopkDFZtPq4ZKV9d4tVm5+Uqfq2pVSNCaGeddAL3UXK6nrFWVSHIdbsS5JL7n8LxUWSZ6ugpqQo0rQY9ThVoWjP7E3O0z6QB5V7q9LnluvtOMZ4o4grjrPFaDNx9o/wwcgg55sut0wTWECYqBHHqo4o1MyGbZXU33l8lzq5EGafkLkKJmfPT+PUzxgSUXILlrC2Kkw732CmWkaYkC/9HfucwwFFwYzPfnzhzJTOGbN72w3871TMRdMD+U+vuway4TjrIlJ395nYmAvewPeiaz4Qf41SKSIbGLA1hfukmNbvSa4ZNHGMUXRllzWiJ5lLpoqG3j8z6jVixWKKa0DcLbHTk0M7JZ9lz9InCOgGTLUMJaQljaHPBJz7r20x6yBiAAlgSSBM2wNpGRz3oO+aThfBhp/AC0pVBUMePSWb0KSSonm5VoK/wR7ha8rZrurZMB/R1NXQUPu+6RMDMvSMJcV43xkwoTolOlrr98X/SU9taO5ke2vEUagTYXbuQwzru4KNQoKcIGIEZBXnDg7lKksekvgnlM5cjwOfUcvNBbmX/ccM1tNylTWDZvsZbEnE6ZUApNfG7WKYwe56Ks7YrCfl3oRA5++mdQWzATK+yHlpIDMYD1HS90S4+RfgliewtH+Cd/nENvjypcvW5Qhl3NFH3mAIYpn5JBhMCv08CeyUewDI66XsPEJ+pSJqwyka//z53/KXt/nGUlO0AsKlsc8yp5CBihT+MVG+dXlNLF3BjSQ+Wt0cvG5mLvOrRgmow/oZJ3c33hGA6dNfBYORCpWEq/DN7fjPly8S8wPN4LkYDCXZ6vxJ/8ViTlhhHqCCAz0g8gKslv9lK+PwVS5FSR9TU7hhwrza |
X-Forefront-Antispam-Report-Untrusted | CIP:185.192.125.150;CTRY:HR;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:edu.faesa.br;PTR:w846.peachguest.com;CAT:NONE;SFS:(13230031)(36860700004)(82310400017)(376005)(61400799018);DIR:OUT;SFP:1102; |
X-Ms-Exchange-Transport-Crosstenantheadersstamped | SJ0PR17MB4957 |
X-Ms-Exchange-Organization-Expirationstarttime | 08 May 2024 14:43:10.8992 (UTC) |
X-Ms-Exchange-Organization-Expirationstarttimereason | OriginalSubmit |
X-Ms-Exchange-Organization-Expirationinterval | 1:00:00:00.0000000 |
X-Ms-Exchange-Organization-Expirationintervalreason | OriginalSubmit |
X-Ms-Exchange-Organization-Network-Message-Id | bc5117cc-1498-4c8e-480d-08dc6f6d2eea |
X-Eoptenantattributedmessage | 959b1606-71b2-4d25-b5e6-337349399b4f:0 |
X-Ms-Exchange-Organization-Messagedirectionality | Incoming |
X-Ms-Exchange-Transport-Crosstenantheadersstripped | DS3PEPF000099D9.namprd04.prod.outlook.com |
X-Ms-Publictraffictype | |
X-Ms-Exchange-Organization-Authsource | DS3PEPF000099D9.namprd04.prod.outlook.com |
X-Ms-Exchange-Organization-Authas | Anonymous |
X-Ms-Office365-Filtering-Correlation-Id-Prvs | cd77db79-f55b-4c9f-a284-08dc6f6d2be9 |
X-Ms-Exchange-Atpmessageproperties | SA|SL |
X-Ms-Exchange-Organization-Scl | 1 |
X-Microsoft-Antispam | BCL:0;ARA:13230031|35042699013|5073199003; |
X-Forefront-Antispam-Report | CIP:216.71.149.123;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:esa1.hc2054-55.iphmx.com;PTR:esa1.hc2054-55.iphmx.com;CAT:NONE;SFS:(13230031)(35042699013)(5073199003);DIR:INB; |
X-Ms-Exchange-Crosstenant-Originalarrivaltime | 08 May 2024 14:43:10.6960 (UTC) |
X-Ms-Exchange-Crosstenant-Network-Message-Id | bc5117cc-1498-4c8e-480d-08dc6f6d2eea |
X-Ms-Exchange-Crosstenant-Id | 959b1606-71b2-4d25-b5e6-337349399b4f |
X-Ms-Exchange-Crosstenant-Authsource | DS3PEPF000099D9.namprd04.prod.outlook.com |
X-Ms-Exchange-Crosstenant-Authas | Anonymous |
X-Ms-Exchange-Crosstenant-Fromentityheader | Internet |
X-Ms-Exchange-Transport-Endtoendlatency | 00:01:04.5281202 |
X-Ms-Exchange-Processed-By-Bccfoldering | 15.20.7544.013 |
X-Microsoft-Antispam-Mailbox-Delivery | ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003); |
X-Microsoft-Antispam-Message-Info | iPJZZo/wj0xIWKJviCNTEw8be8Xm/KCU+x0AZMjz0QKRmwLUOC6loGO9+o5zBvjxg6aTtGlg7JdlCy8Id1Dt2wMdwCUYqgb7IfbUYv4NrxlfYXUMEyHEJElvgYw2iaShDaUDgsdTS6mrSp6Pcn5esrCl2yF3gZ6b0BGo4QHdRKhk+4X0ltSYMTDsVJDx4x+OD6f388i1GcZdKmdfbrO91G2ZgYvIBeeFJ6E5RltZtvNhvIsuqhNRNSN2u9hgkDAzSh7y2ndI3tp14RIgfZ3KQvmjYKIL6T4BbPPoQH5RsquY8MK2YryiA42r7BWao3Yi5I+3vXGTxQL5u2RaPhl4YcC8+VKyeCkIAIXJlCJD9+yDhJ048BYpznMr/GkYH8s52oSUa9HgjSPior7XFT0t0xO7RX/By4fvlYivHQSMYcgcVdn79H9EitfyLXRW6eEqhMDixe6L8jJhMdCgtvlvlHgepOcDJQ76ibhOUswQZj6TqUVTCxhbR64OxcgtGc7vkt+PYXLgDDvJugAzvnxkUT9tTOrgFeoJlrev89EZGkA4Ht4zlTW/RGMyg1Sx+9PtbSI3txODWGLGaQxe0AW7dMjP0zXBrtHSTHD0Dj5ZOPUN4yjjffLEEYw5j/kbpYKo9TNWQgQqRZv23pIw0XxrpYvt0JlGBbAteId6O9wlZ4q6dehTVHaTd4xUe7FIdt1T3dTKyjgqti9ovytDKLvFwKTVBES4dJX7Pva4vNa3d/sxL5U25S+5xhwmDOKS8cEVSFuzESoi/YH8LChQ3HmwOcxaGC8okl3VkZijRZilRIp4SI+A1OJy3BoOVCf5OtBZ67OSWCMhzoN3lGFz2npZUJm4joHEnFfAxfUbbYSSBycskjdbX4Bgk1yVHc+t5ENISHg553PLghhu8qO0aWXLTTNZdfIg+mU40wdFuECgBsETOire3McuwEmVGcpvfHBTH0oXDs4U8ymVz4WivRo18YGMbRyUTxMr6RSTnu4uTkapTgN44oDKSop3+b7o8gnaCdSokgY9niWJEHXLsdoM3Wtz4pSKBJPCWJW/tjF40bAEBewwmubUDokExEYSBfSKI1QmrToaCXezVIpNUoNcy2qjUoDCNkZ3xDdtEBRd1XvPP+81lvx0HIJBjrhXwDHf0rfUGtxYqrrU+NAbKUhhPGtiPDBAregoa2oImhmRccaLCTDEcL3UeIMRnWEfq5GKAJPa1/EMfn1f5gyhmOkPzwXUNwN9CXe8TjApX+bEr1WQQB+Y/VhncNxZhCrFMBLCvBIsMdjaflLfm5xLcR7iltofqzZTz3EysSdEvd9UxOe61kkzCNat6aJvFpf0/AQu9pAYY4c3yT7qaJUdR3/lTJs7Z3v3eWuG3SMw8iSd9+RkijcJxYVvjhFskhKPFyk8wROEcXaChMiVHVUZp19V7smOVB6KdsZZjcvW3R4w0IHUDO8thD0Ho60rVfbZQ+xbvofJLJR8JX1Zt4rkjukB8klqQZ2UoZH5ADDnwVmED0dKDX9tbQDC6/udMHW0Ku5B20Ylk+i0BDurnvd1Rf2tlcfLw7cFqsj8JsPxEu5dn7gLjOb8s5amYqLb8IkgptPJMCo3KVMGn7zsxEev9JT7JjhwfoHLflvm7sSQlHDn26VqpcKRjA7wlE5AZwwFkvpUwgMox2Xs6X1pTJ81SHqoGmzwvs+6x1DmojxM7VOpXXQxA/XZYbuvRRg/WKvxMOVsAlLiIZmE8QvPATApJoSTOjWoG6cDflG7zN5EcbcowIRMY2nvCcwj1e8ZFLkzCW8ZVHPznQcVk6VxmGcucI1DSuxEGZFIX8tyzvDkXt007IS+uh38aKbjarpXA7oh2Z5BPZjTmTtMOIHvD4VVBhEM2g== |
Content-Transfer-Encoding | 7bit |
Icon Hash: | 46070c0a8e0c67d6 |