Security Alert. Your accounts was hacked by criminal group.

NOTE:  I smell desperation to "havrested" information here. Definitely a template someone most likely paid money for.  Stupidiots.  Done by dial up no less!  Probably from a cave somewhere. Are there caves in Uruguay?

---

From: <johanne.cormier@gynecolasalle.com> To: "ci121954" < > 21:28:31 CDT, Friday 28 June 2019

Hi, dear user of   We have installed one RAT software into you device For this moment your email account is hacked too. I know your password for this account [ ]: ci121954 Changed your password? You're doing great! But my software recognizes every such action. I'm updating passwords! I'm always one step ahead.... So... I have downloaded all confidential information from your system and I got some more evidence. The most interesting moment that I have discovered are videos records where you masturbating. I posted EternalBlue Exploit modification on porn site, and then you installed my malicious code (trojan) on your operation system. When you clicked the button Play on porn video, at that moment my trojan was downloaded to your device. After installation, your front camera shoots video every time you masturbate, in addition, the software is synchronized with the video you choose. For the moment, the software has harvrested all your contact information from social networks and email addresses. If you need to erase all of your collected data, send me $600 in BTC (crypto currency). This is my Bitcoin wallet: 11NT1KhH3aXsRw4LS6PFFrT5fRkdZFmne You have 48 hours after reading this letter. After your transaction I will erase all your data. Otherwise, I will send video with your pranks to all your colleagues and friends!!! P.S. I'm asking you - not to answer this letter because the sender's address is fake, just to keep me incognito. And henceforth be more careful! Please visit only secure sites! Bye,Bye...

---

Envelope Sender: <johanne.cormier@gynecolasalle.com>
'From' Header: <johanne.cormier@gynecolasalle.com>
Subject: Security Alert. Your accounts was hacked by criminal group.
Timestamp: 21:28:31 CDT, Friday 28 June 2019
Message-ID: <004201d52e09$06f65d7a$8766a69c$@gynecolasalle.com>

Client IP Address: 179.25.189.132
Client GeoIP Lookup: Uruguay
Email Size: 2.6 kB
Encrypted? No

---

Message ID: <004201d52e09$06f65d7a$8766a69c$@gynecolasalle.com>
Return Path: <johanne.cormier@gynecolasalle.com>
Reply To:
MIME Version: 1.0
Content Type: text/plain; charset="ibm852"
Received:
from mx1-us1.ppe-hosted.com (unknown [10.110.49.6]) by pure.maildistiller.com with ESMTPS id E8BF71E0053 for < >; Sat, 29 Jun 2019 02:28:30 +0000 (UTC)

from r179-25-189-132.dialup.adsl.anteldata.net.uy (r179-25-189-132.dialup.adsl.anteldata.net.uy [179.25.189.132]) by mx1-us1.ppe-hosted.com with ESMTP id 75E05B00055 for < >; Sat, 29 Jun 2019 02:28:30 +0000 (UTC)