Loading ...

Play interactive tourEdit tour

Analysis Report COVID19open_closedPodsVACCINE_LETTER2B.docx

Overview

General Information

Sample Name:COVID19open_closedPodsVACCINE_LETTER2B.docx
Analysis ID:353581
MD5:e65769cca6ce8214adf674a8001d83b4
SHA1:d3800da27e0aa660f04da269b5392fb3f4c26eb5
SHA256:b0ecb837f4df662ff941ce2cdb64cea78b07c22b1e9ad0d328229aa9dd9f1996

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

JA3 SSL client fingerprint seen in connection with other malware

Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Startup

  • System is w7x64
  • WINWORD.EXE (PID: 540 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding MD5: 95C38D04597050285A18F66039EDB456)
  • iexplore.exe (PID: 2420 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 4EB098135821348270F27157F7A84E65)
    • iexplore.exe (PID: 2344 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2420 CREDAT:275457 /prefetch:2 MD5: 8A590F790A98F3D77399BE457E01386A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Compliance:

barindex
Uses new MSVCR DllsShow sources
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
Uses secure TLS version for HTTPS connectionsShow sources
Source: unknownHTTPS traffic detected: 199.192.8.2:443 -> 192.168.2.22:49169 version: TLS 1.2
Source: unknownHTTPS traffic detected: 199.192.8.2:443 -> 192.168.2.22:49189 version: TLS 1.2
Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B4CD7B63-97C0-4A14-814E-1968BCE52029}.tmpJump to behavior
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.dhhs.nh.govDNT: 1Connection: Keep-Alive
Source: 4MUVPDOK.htm.3.drString found in binary or memory: <div class="social-media"><span><a href="media/pr/index.htm">News Archive</a></span><a href="https://www.facebook.com/NHDepartmentOfHealthAndHumanServices"><img src="graphics/icon-fb-like.gif" alt="Facebook Icon" width="42" height="20" /></a> equals www.facebook.com (Facebook)
Source: unknownDNS traffic detected: queries for: www.dhhs.nh.gov
Source: 4MUVPDOK.htm.3.drString found in binary or memory: http://coveringnewhampshire.org/
Source: jquery.jshowoff.min[1].js.3.drString found in binary or memory: http://ekallevig.com/jshowoff
Source: 4MUVPDOK.htm.3.drString found in binary or memory: http://thedoorway.nh.gov/
Source: textsizer[1].js.3.drString found in binary or memory: http://txkang.com
Source: element_main[1].js.3.drString found in binary or memory: http://www.broofa.com
Source: ~WRS{A7F4CFE5-FD14-491B-BD17-FD822CEDA35F}.tmp.0.drString found in binary or memory: http://www.dhhs.nh.gov/
Source: textsizer[1].js.3.drString found in binary or memory: http://www.dynamicdrive.com)
Source: index[1].htm0.3.drString found in binary or memory: http://www.recovery.gov
Source: seniors[1].htm.3.drString found in binary or memory: http://www.servicelink.nh.gov/
Source: seniors[1].htm.3.dr, disabilities[1].htm.3.drString found in binary or memory: http://www.ssa.gov/
Source: 4MUVPDOK.htm.3.dr, index[1].htm0.3.drString found in binary or memory: https://business.nh.gov/Sign_Up/cal.asp?w=grid&y=7
Source: 4MUVPDOK.htm.3.drString found in binary or memory: https://nheasy.nh.gov/dcyf/#/
Source: ~WRS{A7F4CFE5-FD14-491B-BD17-FD822CEDA35F}.tmp.0.drString found in binary or memory: https://prd.blogs.nh.gov/dos/hsem/?page_id=11170
Source: 4MUVPDOK.htm.3.drString found in binary or memory: https://schoolsafetyresources.nh.gov/
Source: 4MUVPDOK.htm.3.drString found in binary or memory: https://search.nh.gov/dhhs-search.htm
Source: element_main[1].js.3.drString found in binary or memory: https://translate.google.com
Source: 4MUVPDOK.htm.3.drString found in binary or memory: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
Source: 4MUVPDOK.htm.3.drString found in binary or memory: https://twitter.com/NHDHHSPIO
Source: seniors[1].htm.3.dr, disabilities[1].htm.3.drString found in binary or memory: https://www.cms.gov/
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.go
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/#skip
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/#skip/www.dhhs.nh.gov/favicon.ico
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/#skipj
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/#translate
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/#translateilities.htm
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/#translateilities.htmt
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/R
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/Root
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/about/index.htm
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/about/index.htmies.htmp
Source: imagestore.dat.3.drString found in binary or memory: https://www.dhhs.nh.gov/favicon.ico
Source: imagestore.dat.3.drString found in binary or memory: https://www.dhhs.nh.gov/favicon.ico~
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/adults.htm
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/adults.htmm
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/adults.htmmt
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.dr, ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/disabilities.htm
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/disabilitiesRoot
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/families.htm
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/families.htmx
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.dr, ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/seniors.htm
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/seniors.htmv
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/teens.htm
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/teens.htmm
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/teens.htmmr
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/women.htm
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/women.htmm
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/foryou/women.htmmr
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/index.htm
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/index.htmilities.htm
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/index.htmjNew
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.dhhs.nh.gov/jNew
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.dhhs.nh.gov/ps://www.dhhs.nh.gov/favicon.ico
Source: element_main[1].js.3.drString found in binary or memory: https://www.google.com/images/cleardot.gif
Source: element_main[1].js.3.drString found in binary or memory: https://www.google.com/support/translate
Source: element_main[1].js.3.drString found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
Source: element_main[1].js.3.drString found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_68x28dp.png
Source: element_main[1].js.3.drString found in binary or memory: https://www.gstatic.com/images/branding/product/1x/translate_24dp.png
Source: 4MUVPDOK.htm.3.dr, index[1].htm0.3.drString found in binary or memory: https://www.nh.gov
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.nh.gov/cov
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.nh.gov/covid19
Source: 4MUVPDOK.htm.3.drString found in binary or memory: https://www.nh.gov/covid19/index.htm
Source: ~WRS{A7F4CFE5-FD14-491B-BD17-FD822CEDA35F}.tmp.0.dr, document.xmlString found in binary or memory: https://www.nh.gov/covid19/resources-guidance/vaccination-planning.htm
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.nh.gov/covid198This
Source: ~DF18054AB76B5B25D5.TMP.2.drString found in binary or memory: https://www.nh.gov/covid19://www.dhhs.nh.gov/favicon.ico
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.nh.gov/covid19R
Source: {0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drString found in binary or memory: https://www.nh.gov/covv/R
Source: 4MUVPDOK.htm.3.dr, index[1].htm0.3.drString found in binary or memory: https://www.nh.gov/disclaimer.html
Source: 4MUVPDOK.htm.3.dr, index[1].htm0.3.drString found in binary or memory: https://www.nh.gov/wai/index.html
Source: 4MUVPDOK.htm.3.drString found in binary or memory: https://www.nhcarepath.dhhs.nh.gov/
Source: women[1].htm.3.drString found in binary or memory: https://www.servicelink.nh.gov
Source: adults[1].htm.3.dr, disabilities[1].htm.3.drString found in binary or memory: https://www.servicelink.nh.gov/
Source: 4MUVPDOK.htm.3.drString found in binary or memory: https://www.servicelink.nh.gov/locator/index.htm
Source: disabilities[1].htm.3.drString found in binary or memory: https://www.stablenh.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49189
Source: unknownNetwork traffic detected: HTTP traffic on port 49181 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49189 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49182
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49181
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49180
Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49197 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49199 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
Source: unknownNetwork traffic detected: HTTP traffic on port 49180 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49199
Source: unknownNetwork traffic detected: HTTP traffic on port 49182 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49197
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49196
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
Source: unknownNetwork traffic detected: HTTP traffic on port 49196 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443
Source: unknownHTTPS traffic detected: 199.192.8.2:443 -> 192.168.2.22:49169 version: TLS 1.2
Source: unknownHTTPS traffic detected: 199.192.8.2:443 -> 192.168.2.22:49189 version: TLS 1.2
Source: classification engineClassification label: clean0.winDOCX@4/90@2/3
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$VID19open_closedPodsVACCINE_LETTER2B.docxJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRC6D7.tmpJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
Source: unknownProcess created: C:\Program Files\Internet Explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2420 CREDAT:275457 /prefetch:2
Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2420 CREDAT:275457 /prefetch:2
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: COVID19open_closedPodsVACCINE_LETTER2B.docxInitial sample: OLE zip file path = docProps/custom.xml
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemorySystem Information Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferIngress Tool Transfer2SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
COVID19open_closedPodsVACCINE_LETTER2B.docx0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.broofa.com0%URL Reputationsafe
http://www.broofa.com0%URL Reputationsafe
http://www.broofa.com0%URL Reputationsafe
http://www.recovery.gov0%Avira URL Cloudsafe
https://www.dhhs.nh.go0%Avira URL Cloudsafe
https://www.stablenh.com/0%Avira URL Cloudsafe
http://www.dynamicdrive.com)0%Avira URL Cloudsafe
http://coveringnewhampshire.org/0%Avira URL Cloudsafe
http://txkang.com0%Avira URL Cloudsafe
http://ekallevig.com/jshowoff0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.dhhs.state.nh.us
199.192.8.2
truefalse
    unknown
    www.dhhs.nh.gov
    unknown
    unknownfalse
      high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://www.dhhs.nh.gov/false
        high
        https://www.dhhs.nh.gov/foryou/teens.htmfalse
          high
          https://www.dhhs.nh.gov/about/index.htmfalse
            high
            https://www.nh.gov/covid19false
              high
              https://www.dhhs.nh.gov/foryou/families.htmfalse
                high
                https://www.dhhs.nh.gov/foryou/women.htmfalse
                  high
                  https://www.dhhs.nh.gov/foryou/disabilities.htmfalse
                    high
                    https://www.dhhs.nh.gov/#translatefalse
                      high
                      https://www.dhhs.nh.gov/index.htmfalse
                        high
                        https://www.dhhs.nh.gov/foryou/adults.htmfalse
                          high
                          http://www.dhhs.nh.gov/false
                            high
                            https://www.dhhs.nh.gov/#skipfalse
                              high
                              https://www.dhhs.nh.gov/foryou/seniors.htmfalse
                                high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://www.broofa.comelement_main[1].js.3.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                unknown
                                https://search.nh.gov/dhhs-search.htm4MUVPDOK.htm.3.drfalse
                                  high
                                  https://www.dhhs.nh.gov/foryou/families.htmx~DF18054AB76B5B25D5.TMP.2.drfalse
                                    high
                                    https://www.nh.gov/covv/R{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                      high
                                      http://www.ssa.gov/seniors[1].htm.3.dr, disabilities[1].htm.3.drfalse
                                        high
                                        https://www.dhhs.nh.gov/foryou/adults.htmmt~DF18054AB76B5B25D5.TMP.2.drfalse
                                          high
                                          https://www.nh.gov/covid198This{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                            high
                                            http://www.servicelink.nh.gov/seniors[1].htm.3.drfalse
                                              high
                                              http://www.recovery.govindex[1].htm0.3.drfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://schoolsafetyresources.nh.gov/4MUVPDOK.htm.3.drfalse
                                                high
                                                https://www.dhhs.nh.gov/foryou/seniors.htmv~DF18054AB76B5B25D5.TMP.2.drfalse
                                                  high
                                                  https://www.dhhs.nh.gov/#translateilities.htm~DF18054AB76B5B25D5.TMP.2.drfalse
                                                    high
                                                    https://www.dhhs.nh.gov/foryou/seniors.htm{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.dr, ~DF18054AB76B5B25D5.TMP.2.drfalse
                                                      high
                                                      https://www.dhhs.nh.gov/index.htmilities.htm~DF18054AB76B5B25D5.TMP.2.drfalse
                                                        high
                                                        https://www.nh.gov/cov{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                          high
                                                          https://www.nh.gov/covid19/resources-guidance/vaccination-planning.htm~WRS{A7F4CFE5-FD14-491B-BD17-FD822CEDA35F}.tmp.0.dr, document.xmlfalse
                                                            high
                                                            https://www.nh.gov/disclaimer.html4MUVPDOK.htm.3.dr, index[1].htm0.3.drfalse
                                                              high
                                                              https://www.dhhs.nh.go{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://www.dhhs.nh.gov/foryou/teens.htmm~DF18054AB76B5B25D5.TMP.2.drfalse
                                                                high
                                                                https://www.dhhs.nh.gov/ps://www.dhhs.nh.gov/favicon.ico~DF18054AB76B5B25D5.TMP.2.drfalse
                                                                  high
                                                                  https://www.dhhs.nh.gov/#translate{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                    high
                                                                    https://www.stablenh.com/disabilities[1].htm.3.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    http://www.dynamicdrive.com)textsizer[1].js.3.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    low
                                                                    https://www.dhhs.nh.gov/#translateilities.htmt~DF18054AB76B5B25D5.TMP.2.drfalse
                                                                      high
                                                                      https://www.dhhs.nh.gov/favicon.ico~imagestore.dat.3.drfalse
                                                                        high
                                                                        https://www.nh.gov/covid19://www.dhhs.nh.gov/favicon.ico~DF18054AB76B5B25D5.TMP.2.drfalse
                                                                          high
                                                                          https://www.servicelink.nh.gov/locator/index.htm4MUVPDOK.htm.3.drfalse
                                                                            high
                                                                            https://www.dhhs.nh.gov/{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                              high
                                                                              http://coveringnewhampshire.org/4MUVPDOK.htm.3.drfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://www.dhhs.nh.gov/about/index.htm{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                high
                                                                                https://www.dhhs.nh.gov/foryou/adults.htmm~DF18054AB76B5B25D5.TMP.2.drfalse
                                                                                  high
                                                                                  http://txkang.comtextsizer[1].js.3.drfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://www.nh.gov/covid19{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                    high
                                                                                    https://www.dhhs.nh.gov/foryou/women.htmm~DF18054AB76B5B25D5.TMP.2.drfalse
                                                                                      high
                                                                                      http://ekallevig.com/jshowoffjquery.jshowoff.min[1].js.3.drfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://www.dhhs.nh.gov/foryou/adults.htm{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                        high
                                                                                        https://www.servicelink.nh.govwomen[1].htm.3.drfalse
                                                                                          high
                                                                                          https://www.servicelink.nh.gov/adults[1].htm.3.dr, disabilities[1].htm.3.drfalse
                                                                                            high
                                                                                            https://www.nh.gov/covid19/index.htm4MUVPDOK.htm.3.drfalse
                                                                                              high
                                                                                              https://www.dhhs.nh.gov/R{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                                high
                                                                                                https://www.dhhs.nh.gov/#skip{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                                  high
                                                                                                  https://www.nh.gov/covid19R{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                                    high
                                                                                                    https://www.nhcarepath.dhhs.nh.gov/4MUVPDOK.htm.3.drfalse
                                                                                                      high
                                                                                                      https://www.dhhs.nh.gov/favicon.icoimagestore.dat.3.drfalse
                                                                                                        high
                                                                                                        https://www.dhhs.nh.gov/foryou/women.htmmr~DF18054AB76B5B25D5.TMP.2.drfalse
                                                                                                          high
                                                                                                          http://thedoorway.nh.gov/4MUVPDOK.htm.3.drfalse
                                                                                                            high
                                                                                                            https://business.nh.gov/Sign_Up/cal.asp?w=grid&y=74MUVPDOK.htm.3.dr, index[1].htm0.3.drfalse
                                                                                                              high
                                                                                                              https://www.dhhs.nh.gov/foryou/women.htm{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                                                high
                                                                                                                https://www.dhhs.nh.gov/about/index.htmies.htmp~DF18054AB76B5B25D5.TMP.2.drfalse
                                                                                                                  high
                                                                                                                  https://www.dhhs.nh.gov/#skipj~DF18054AB76B5B25D5.TMP.2.drfalse
                                                                                                                    high
                                                                                                                    https://www.dhhs.nh.gov/jNew{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                                                      high
                                                                                                                      https://prd.blogs.nh.gov/dos/hsem/?page_id=11170~WRS{A7F4CFE5-FD14-491B-BD17-FD822CEDA35F}.tmp.0.drfalse
                                                                                                                        high
                                                                                                                        https://www.nh.gov4MUVPDOK.htm.3.dr, index[1].htm0.3.drfalse
                                                                                                                          high
                                                                                                                          https://nheasy.nh.gov/dcyf/#/4MUVPDOK.htm.3.drfalse
                                                                                                                            high
                                                                                                                            https://www.dhhs.nh.gov/foryou/teens.htmmr~DF18054AB76B5B25D5.TMP.2.drfalse
                                                                                                                              high
                                                                                                                              https://www.dhhs.nh.gov/index.htmjNew{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                                                                high
                                                                                                                                https://www.dhhs.nh.gov/foryou/families.htm{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                                                                  high
                                                                                                                                  https://www.nh.gov/wai/index.html4MUVPDOK.htm.3.dr, index[1].htm0.3.drfalse
                                                                                                                                    high
                                                                                                                                    https://www.cms.gov/seniors[1].htm.3.dr, disabilities[1].htm.3.drfalse
                                                                                                                                      high
                                                                                                                                      https://www.dhhs.nh.gov/foryou/disabilities.htm{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.dr, ~DF18054AB76B5B25D5.TMP.2.drfalse
                                                                                                                                        high
                                                                                                                                        https://www.dhhs.nh.gov/foryou/disabilitiesRoot{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                                                                          high
                                                                                                                                          https://www.dhhs.nh.gov/foryou/teens.htm{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                                                                            high
                                                                                                                                            https://www.dhhs.nh.gov/#skip/www.dhhs.nh.gov/favicon.ico~DF18054AB76B5B25D5.TMP.2.drfalse
                                                                                                                                              high
                                                                                                                                              https://www.dhhs.nh.gov/Root{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                                                                                high
                                                                                                                                                https://www.dhhs.nh.gov/index.htm{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat.2.drfalse
                                                                                                                                                  high
                                                                                                                                                  https://twitter.com/NHDHHSPIO4MUVPDOK.htm.3.drfalse
                                                                                                                                                    high

                                                                                                                                                    Contacted IPs

                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                    Public

                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                    199.192.8.2
                                                                                                                                                    unknownUnited States
                                                                                                                                                    19713STATE-OF-NH-USAUSfalse

                                                                                                                                                    Private

                                                                                                                                                    IP
                                                                                                                                                    192.168.2.22
                                                                                                                                                    192.168.2.255

                                                                                                                                                    General Information

                                                                                                                                                    Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                                    Analysis ID:353581
                                                                                                                                                    Start date:16.02.2021
                                                                                                                                                    Start time:16:12:35
                                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                                    Overall analysis duration:0h 7m 0s
                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                    Report type:light
                                                                                                                                                    Sample file name:COVID19open_closedPodsVACCINE_LETTER2B.docx
                                                                                                                                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                    Number of analysed new started processes analysed:6
                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                    Technologies:
                                                                                                                                                    • EGA enabled
                                                                                                                                                    • HDC enabled
                                                                                                                                                    • AMSI enabled
                                                                                                                                                    Analysis Mode:default
                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                    Detection:CLEAN
                                                                                                                                                    Classification:clean0.winDOCX@4/90@2/3
                                                                                                                                                    Cookbook Comments:
                                                                                                                                                    • Adjust boot time
                                                                                                                                                    • Enable AMSI
                                                                                                                                                    • Found application associated with file extension: .docx
                                                                                                                                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                    • Attach to Office via COM
                                                                                                                                                    • Browse link: http://www.dhhs.nh.gov/
                                                                                                                                                    • Scroll down
                                                                                                                                                    • Close Viewer
                                                                                                                                                    • Browsing link: https://www.nh.gov/covid19
                                                                                                                                                    • Browsing link: https://www.dhhs.nh.gov/#skip
                                                                                                                                                    • Browsing link: https://www.dhhs.nh.gov/foryou/families.htm
                                                                                                                                                    • Browsing link: https://www.dhhs.nh.gov/foryou/women.htm
                                                                                                                                                    • Browsing link: https://www.dhhs.nh.gov/foryou/teens.htm
                                                                                                                                                    • Browsing link: https://www.dhhs.nh.gov/foryou/adults.htm
                                                                                                                                                    • Browsing link: https://www.dhhs.nh.gov/foryou/seniors.htm
                                                                                                                                                    • Browsing link: https://www.dhhs.nh.gov/foryou/disabilities.htm
                                                                                                                                                    • Browsing link: https://www.dhhs.nh.gov/#translate
                                                                                                                                                    • Browsing link: https://www.dhhs.nh.gov/index.htm
                                                                                                                                                    • Browsing link: https://www.dhhs.nh.gov/about/index.htm
                                                                                                                                                    Warnings:
                                                                                                                                                    Show All
                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                    • TCP Packets have been reduced to 100
                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 88.221.62.148, 142.250.180.142, 216.58.209.42, 204.79.197.200, 13.107.21.200, 13.107.13.80, 142.250.180.163, 152.199.19.161
                                                                                                                                                    • Excluded domains from analysis (whitelisted): www.bing.com, e-0001.dc-msedge.net, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, api.bing.com, afd.e-0001.dc-msedge.net, r20swj13mr.microsoft.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www3.l.google.com, a-0001.a-afdentry.net.trafficmanager.net, translate.googleapis.com, go.microsoft.com.edgekey.net, www-bing-com.dual-a-0001.a-msedge.net, translate.google.com, www.gstatic.com, api-bing-com.e-0001.e-msedge.net, cs9.wpc.v0cdn.net
                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                    • VT rate limit hit for: /opt/package/joesandbox/database/analysis/353581/sample/COVID19open_closedPodsVACCINE_LETTER2B.docx

                                                                                                                                                    Simulations

                                                                                                                                                    Behavior and APIs

                                                                                                                                                    No simulations

                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                    IPs

                                                                                                                                                    No context

                                                                                                                                                    Domains

                                                                                                                                                    No context

                                                                                                                                                    ASN

                                                                                                                                                    No context

                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                    7dcce5b76c8b17472d024758970a406bJustificante de pago.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    swift.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    designs and spec 216201.docGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    request.docGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    Request for Quotation76584454.pptGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    necessary (47).xlsGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    Tower messenger link.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    POD.xlsGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    ORDER FRD91PM7.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    D200821ROB.pptGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    D200821ROB.pptGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    WAFPASSION + PDA_NOTICE.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    Sales Contract AS-21033 Caramel 54834758, 763, 764, 779 Becquet.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    scan00006.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    New-Order Requirment.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    MV FORTUNE TRADER.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    significant (92).xlsGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    necessary (47).xlsGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    Purchase Order.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2
                                                                                                                                                    cotizacin.docGet hashmaliciousBrowse
                                                                                                                                                    • 199.192.8.2

                                                                                                                                                    Dropped Files

                                                                                                                                                    No context

                                                                                                                                                    Created / dropped Files

                                                                                                                                                    C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
                                                                                                                                                    Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):237
                                                                                                                                                    Entropy (8bit):6.1480026084285395
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:6:6v/lhPIF6R/C+u1fXNg1XQ3yslRtNO+cKvAElRApGCp:6v/7b/C1fm1ZslRTvAElR47
                                                                                                                                                    MD5:9FB559A691078558E77D6848202F6541
                                                                                                                                                    SHA1:EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31
                                                                                                                                                    SHA-256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
                                                                                                                                                    SHA-512:0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCFB74437DE520395234D0009D452FB96A8ECE236B
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:high, very likely benign file
                                                                                                                                                    Preview: .PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d...-PLTE......(..5..X..h...........................J4.I...IIDAT.[c`..&.(.....F....cX.(@.j.+@..K.(..2L....1.{.....c`]L9.&2.l...I..E.......IEND.B`.
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0B411F14-70B5-11EB-ADCF-ECF4BBB5915B}.dat
                                                                                                                                                    Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:Microsoft Word Document
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):33368
                                                                                                                                                    Entropy (8bit):1.8715052925267142
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:IvSGcpU9fGwp0nlmG/apnnsltGIpHns6bxGvnZpEns6PaaGolVqpqns6PlaEQGoq:MmKXKOpoJ0as0hzV3HBlFyuazC3
                                                                                                                                                    MD5:0918AB22B611EEF104CECACA7B22E8C9
                                                                                                                                                    SHA1:9E80332E5617430D6C0DDCB65630EEB1228DBEF5
                                                                                                                                                    SHA-256:FB3E5A3AA1F52681A52E5A3EA325DCDE344F89B058B7F5DE333830AB08F05B86
                                                                                                                                                    SHA-512:4FC7CCF6AB23EED37B5EF9E2D1AC7A63388C5B999140158F45F3DFCCBD3714ADDC8629D6ED2A35813E40AC4D9432E2E06328F2D9D5E3F9EFBD828E42AA240344
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:low
                                                                                                                                                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B411F16-70B5-11EB-ADCF-ECF4BBB5915B}.dat
                                                                                                                                                    Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:Microsoft Word Document
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):159666
                                                                                                                                                    Entropy (8bit):2.4086007737325374
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:M0JfTErnr0ec2rpE43P1HMEYxE0ikkN3p5a4n9tWcCNN07glMgpF0taTcyFYAM5N:cog/1iHg
                                                                                                                                                    MD5:71AEAA2C5B76D051DC481B9413F06413
                                                                                                                                                    SHA1:24A3F0A6DC6F4055E54F0DEA763E2FC9D2BA4EAB
                                                                                                                                                    SHA-256:3C15D8C313D0D428900A3C54EA274B2C85ABB7F6EB7DD7177D7D71A9EFD6708C
                                                                                                                                                    SHA-512:F39A25A3BB42982D2FED1A1B254724524FD09A6EA81F12B185456922DC0DD119C7EEBD8508FBFFBE4CE03DEB8EC4221FC9EA390CC939727B5B0C925338DE6B0E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:low
                                                                                                                                                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21E37B5F-70B5-11EB-ADCF-ECF4BBB5915B}.dat
                                                                                                                                                    Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:Microsoft Word Document
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16984
                                                                                                                                                    Entropy (8bit):1.5675252823130243
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:IvTdGcpUZWGwpNMG4pPAGrapgSNGQpZVG7HpCiTGIpG:MTDKZObMJeeS3/E02A
                                                                                                                                                    MD5:9F0B533C3B760EB3EE6FF716CA3D9654
                                                                                                                                                    SHA1:DA15809DD9A45921169EB8B1B7D1D12132C59F1A
                                                                                                                                                    SHA-256:002BAD70688470D152254BA8108BE6646AF4007240F4E856DC4F2F2473F67B2A
                                                                                                                                                    SHA-512:979ED740AC5B8C73CD4F55BFBE5E16F03459CD1BEAA88E14AFF9F1485448E072F832A5C7D1C977BA5FDD74CB4FBE82CF27956B4ACB3A3107E88A80E3BED18E65
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:low
                                                                                                                                                    Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\lr5drzg\imagestore.dat
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3860
                                                                                                                                                    Entropy (8bit):5.93674098813162
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4vla4sBnR9IO65JbMY715WtkSCvlaZp0whXeBkCoW5nUbcmZvpy24ZZuk78+zAnh:bt6bYY7X9O0wVjcyvpx4GW8oAnUyu5ol
                                                                                                                                                    MD5:92E9CE310D6E921325AFCFFF5EBF6FCA
                                                                                                                                                    SHA1:18BB4F0B83994025410D19A3868ACC8C8545D4B4
                                                                                                                                                    SHA-256:33D739327DFAC015E56168CD9041B36F83DE17D739A703BD92E4BFEA433064C5
                                                                                                                                                    SHA-512:D573FB8F3A5F1CD08FD1373207F0A4FF9EEDE672D3BB6D02A02477646D8BFF693C220CE6E3661926ACD759B81B09B6B107F35720A7AC0F0846A80069A5B7B794
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:low
                                                                                                                                                    Preview: #.h.t.t.p.s.:././.w.w.w...d.h.h.s...n.h...g.o.v./.f.a.v.i.c.o.n...i.c.o.~.................h.......(....... ...........@...........................R...{....Is.B(B.....B}R.........{.s.s...kUc.)m...41.....1Ec.Ru{..........e..J.........)..AR.)}k.Z.k.J]R.....!}...U..c...Z...B]s.........B...),J.....9}..)01.JIc.)as..as.s.......9q{.R....u..k.s.Z....m{.!8Z.!Ms..<c.....!.{..Y..Rik.cq..9uc.{............Ak.c...k.{.k............u...e..Z.c.94J......().)ec.....!y......R.s.....s....M{.c...J...Juk.9}s..]..s...{....i..1u..............)AZ......Us.!]..k...c.c.R...Z....$1..M...Mk..]{.c.......{...c.s.Zys.J.{..............U{.!Ek.!U{.k...!ek.1Ys..u..)e......J]{.Jms.c...!,).....!<c..a...}..c.k.By..Zu..............10J..Q{.)Ic..a...Y...Y{.)Qs.R...k...!.s.!i..s.s.)u..Ba{.R.k..................Y...e...i..JQc.)a{.)}s.........)u..1m..Z.k.s...s................................Ik..Q{..]..!Qs.JEc..]{..q...e......c...Jqs.Z.k.cu..c.............................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\NewErrorPageTemplate[1]
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):1310
                                                                                                                                                    Entropy (8bit):4.810709096040597
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:5Y0bn73pHIUZtJD0lFBohpZlJiHqw87xTeB0yVFaFG:5b73HJq0TJiHp89TOwU
                                                                                                                                                    MD5:CDF81E591D9CBFB47A7F97A2BCDB70B9
                                                                                                                                                    SHA1:8F12010DFAACDECAD77B70A3E781C707CF328496
                                                                                                                                                    SHA-256:204D95C6FB161368C795BB63E538FE0B11F9E406494BB5758B3B0D60C5F651BD
                                                                                                                                                    SHA-512:977DCC2C6488ACAF0E5970CEF1A7A72C9F9DC6BB82DA54F057E0853C8E939E4AB01B163EB7A5058E093A8BC44ECAD9D06880FDC883E67E28AC67FEE4D070A4CC
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                    IE Cache URL:res://ieframe.dll/NewErrorPageTemplate.css
                                                                                                                                                    Preview: .body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #575757;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #2778ec;.. font-size: 38pt;.. font-weight: 300;.. vertical-align:bottom;.. margin-bottom: 20px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 40px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;.. padding-top: 5px;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsBu
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\arrow_blue0[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 11 x 11
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):56
                                                                                                                                                    Entropy (8bit):4.564221148126157
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:CEaiQEllIpbjuE:zaiQElyb
                                                                                                                                                    MD5:8B3611F88D6E07154DFE8D4A742873E1
                                                                                                                                                    SHA1:614D6285952ECF50A5F0F1440E9D21BBAFD1CB2E
                                                                                                                                                    SHA-256:A3933D871CF7DAD771954B3BF4FB984C0212903943C88873F0E3439E85285F06
                                                                                                                                                    SHA-512:5905DA1FB768EA3B2C5AFC29601BD6A78A68C94E79373AF8B826795839F6E986D85459209D3C96713E29FABA92C4C041A450F47FA61A89138077C311C458B165
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:low
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/arrow_blue0.gif
                                                                                                                                                    Preview: GIF89a.......R.....!.......,.................ta2...4..;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\arrow_ltblue[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 11 x 11
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):57
                                                                                                                                                    Entropy (8bit):4.359205803638424
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:Cd/lfl02fLt+En:OO24En
                                                                                                                                                    MD5:481110EE043514D98BD1293AF5C9AB25
                                                                                                                                                    SHA1:3E578D2A402635332D857D4A5C3FD007A4A9AEEB
                                                                                                                                                    SHA-256:5A25D796794B161D9F544F007A2BF016CF724D9EA39E3DF0EA704CCC3768843E
                                                                                                                                                    SHA-512:270EC8E231006A3BC1AECD0BDB9AACD290D5F84198899FAB75E99E40F550EF67D525B8911ABC22BD66FDB76225162D4CE2C2D1CBFF7C12F5AC6F14A1F14049A3
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:low
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/arrow_ltblue.gif
                                                                                                                                                    Preview: GIF89a..........3f.!.......,........@............0.....;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\button-glencliff[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 149 x 121
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):16961
                                                                                                                                                    Entropy (8bit):7.722181974036868
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:0afxFf87Kr6PQeaKHSYheY+oLey9TuVnCLQoWql8cr0a5mI:tf7f82r41hevQru1o5rbUI
                                                                                                                                                    MD5:C39C3037DA3701E35E53688A1BE5D566
                                                                                                                                                    SHA1:D7CEF2CF7147252F060E80939F18B4557903129A
                                                                                                                                                    SHA-256:1DAE627C236A85D5A1C4E0B5BDC8E8D086A0A4BD613670E75A9AC6FB04D702A2
                                                                                                                                                    SHA-512:4C8A2B3AD40AA7B58D97D68E0946506D7C899A70F6B592564D651B677C2D0A4F8D527549C89DCEF8F08A05702450A29F022F6FBE13AA9D60F61D2B379066155F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Reputation:low
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/button-glencliff.gif
                                                                                                                                                    Preview: GIF89a..y....M7,..K...nh5..........VVVzzz56%...kV3y.O....{rMK..V$).......[.......n7FEFefe..Y..v..a7F+...*1!...FF5VY6...%)".....X.L.hh.QN....yYe6..........j...994...wwvE.{y..a........?XWG..w...DC)GU5.srffD....zD..l....zT.... ....R3.ss..f......zyU....giZeDZG5..I...W[_...=AE.xB.....G..b....j.|......ujD..cdcW...[:@vwi..v.{..e...iuBwgg...fiq...{..m:..m...yt.|w....43...GQ+79F.xx..u^`bSKF.....q.rjVV+....k..i.kh...n[d.{Z...dC.zAIKQ.>E.uiyx..$ '.....OQR........UH)4(#........y.wd...iU.ut..irg..c...i.Q3uhU.......k.zD.NL....a:...%.%...mo........"..P..d.]`&%/...........,21..e.M....{{oss....J....vkqkt.f=.zs..i.......b\MRA...lsW....RWKX.ns1+0................s..K...........I................GB.......]`........................................uv..D......!.......,......y.@.....(@..<x..*\....#J.H..E....X..G.....@.....x..f.&........ ".....##.E.Ae..M..hi1..1...2.D.%.-M.i.G.H..{........&.rQb..G..h*.j...Z.Q."...s...........!.E..5.......{&.H.....%..S0.....>..Y....
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\button-nhh[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 162 x 127
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):13794
                                                                                                                                                    Entropy (8bit):7.8213130255442085
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:DYx89BJjCA890Z/K0B9Ljs7LtGGv/atK++BELUzaYIoSJ82s02Wkv9M29kAL3g:D6aJjC7wPjWLtD/h++BEgIvq2sMkvn7g
                                                                                                                                                    MD5:8DF72335578FD65D2DA9759530E147FB
                                                                                                                                                    SHA1:140CC7ACE1A5883659674FA2679C47F89B744412
                                                                                                                                                    SHA-256:2790E88A1BF3D336DBDD2200DF5D072A6B7B9BC64EA577AFF2739DAC924FC840
                                                                                                                                                    SHA-512:C4D02AFCF99CF0CF50487F3DFF71153E634B2F0A0CB88E8F95DA535EF54C2E7199E3CFF898168AA2DEFA72221186A07C446E9AB6A9CD67E6E9984563D13BF9F8
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/button-nhh.gif
                                                                                                                                                    Preview: GIF89a..........DEBRjo...7GI...Zt.........q..3F1...PiOu..h.l......BI:................lmm........5;6)5"...z.........#/.UVU...DYW......)46...dwyu..uzwi.........#.......h.........28(BWB..}H^f$)$.........t.........$$...bh]s....u../=AZ..tsm@=7`xc........^..PTL...........ANR..._mv..."-/...one...g..MMI.....y......l..|.....0.(.....~~w...........^_ZP;>..............u.........U.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:929FEC153A1411E6A662F62ED57C5719" xmpMM:DocumentID="xmp.did:929FEC163A1411E6A662F62ED57C5719"> <xmpMM:Derived
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\favicon[1].ico
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:MS Windows icon resource - 2 icons, 16x16, 32x32
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):3638
                                                                                                                                                    Entropy (8bit):6.009925075904024
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:Ojt6bYY7X9x0wVjcyvpx4GW8oAnUyu5o:OobYY7P0wVI8xL/Uyu
                                                                                                                                                    MD5:819BA8DE904F2B86056DCC32A92874A4
                                                                                                                                                    SHA1:5128B5AC8EC1CE19E81A928A516FDEE3C1DDA332
                                                                                                                                                    SHA-256:5762EB82D249E88BAE39E8B719EB5F577EEA6C611313332721D7D3079C1ABB7D
                                                                                                                                                    SHA-512:30A17BD3631201641F5D4AC42B327E7A18114ECD8CF54E56768BC0EFEE31FD11856BDFE13464FD69FAD1312F9FD6749B7BC63CE5A7EDBA640EA7E670AFBD3B60
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/favicon.ico
                                                                                                                                                    Preview: ..............h...&... ..............(....... ...........@...........................R...{....Is.B(B.....B}R.........{.s.s...kUc.)m...41.....1Ec.Ru{..........e..J.........)..AR.)}k.Z.k.J]R.....!}...U..c...Z...B]s.........B...),J.....9}..)01.JIc.)as..as.s.......9q{.R....u..k.s.Z....m{.!8Z.!Ms..<c.....!.{..Y..Rik.cq..9uc.{............Ak.c...k.{.k............u...e..Z.c.94J......().)ec.....!y......R.s.....s....M{.c...J...Juk.9}s..]..s...{....i..1u..............)AZ......Us.!]..k...c.c.R...Z....$1..M...Mk..]{.c.......{...c.s.Zys.J.{..............U{.!Ek.!U{.k...!ek.1Ys..u..)e......J]{.Jms.c...!,).....!<c..a...}..c.k.By..Zu..............10J..Q{.)Ic..a...Y...Y{.)Qs.R...k...!.s.!i..s.s.)u..Ba{.R.k..................Y...e...i..JQc.)a{.)}s.........)u..1m..Z.k.s...s................................Ik..Q{..]..!Qs.JEc..]{..q...e......c...Jqs.Z.k.cu..c.........................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\granite-advantage[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=0], baseline, precision 8, 150x95, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):9409
                                                                                                                                                    Entropy (8bit):7.917091441614061
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:d7F8bw8x4bUUmPrdRlYTKJDt/+FXS+8jUNe4rd9KvzxqBYJNmWHYMtT9jv:dK084UUQrtVRUS+e4rdsv8BYJNpHHtJ
                                                                                                                                                    MD5:6C3A8F80884C06933EAFB4EC5FA06097
                                                                                                                                                    SHA1:E76940F48B89C65B91384FB2F13BBBDE7897C419
                                                                                                                                                    SHA-256:6494DEFEDB24BDCFA6D32AD4DEBC58BB064ADB5A55F03E3A6DE2DE7CEF24D04A
                                                                                                                                                    SHA-512:40C3DE8DA0D3757FB76239838DBB25484C64B87EFF3BFAF3202D57921373483A3017F7EB623CB6F1460D97CF727306B4A36D1D14CE30FB5A5404CFAF9B52FFEE
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/granite-advantage.jpg
                                                                                                                                                    Preview: ......Exif..II*.................Ducky.......P......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:cfc4720c-3b55-0f4d-b462-f237ad27231e" xmpMM:DocumentID="xmp.did:9901221A0EC611E9A5EF8686F5A610D2" xmpMM:InstanceID="xmp.iid:990122190EC611E9A5EF8686F5A610D2" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:cfc4720c-3b55-0f4d-b462-f237ad27231e" stRef:documentID="xmp.did:cfc4720c-3b55-0f4d-b462-f237ad27231e"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.............................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\httpErrorPagesScripts[1]
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):8714
                                                                                                                                                    Entropy (8bit):5.312819714818054
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:xmjriGCiOciwd1BtvjrG8tAGGGHmjOWnvyJVUXiki3ayimi5ezxiV:xmjriGCi/i+1Btvjy815HmjqVUXiki3g
                                                                                                                                                    MD5:3F57B781CB3EF114DD0B665151571B7B
                                                                                                                                                    SHA1:CE6A63F996DF3A1CCCB81720E21204B825E0238C
                                                                                                                                                    SHA-256:46E019FA34465F4ED096A9665D1827B54553931AD82E98BE01EDB1DDBC94D3AD
                                                                                                                                                    SHA-512:8CBF4EF582332AE7EA605F910AD6F8A4BC28513482409FA84F08943A72CAC2CF0FA32B6AF4C20C697E1FAC2C5BA16B5A64A23AF0C11EEFBF69625B8F9F90C8FA
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:res://ieframe.dll/httpErrorPagesScripts.js
                                                                                                                                                    Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function expandCollapse(elem,
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\iconseal[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 25 x 25
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):936
                                                                                                                                                    Entropy (8bit):7.566861187240718
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:uDFM0rnx1/PBYjz8hxGmhKAKIqlIxL7Lqpg7NVzOQSAAo7fZv:uZMm1/PBYzgJ0AK9lenLqoNJpfzfV
                                                                                                                                                    MD5:3EF0AE339337F22320D8CCAC504A8449
                                                                                                                                                    SHA1:C747754A317B308869186DEBB10DDB77E756D7E5
                                                                                                                                                    SHA-256:33A14A6CB3939700FE78DEAAFD649992667C7247A84639E627B7168902557367
                                                                                                                                                    SHA-512:2D4B7D0FB58E8EB2A7AC364DACF57B2456317133CB3F24CBA9EFB005C9664486A63DE488326E0839FD5CBD04D3C22B53F02DCF81BD9D605806C647CFB9E3246C
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/iconseal.gif
                                                                                                                                                    Preview: GIF89a.......x-..7..B..S%|2..=..U..i..^).G*.G3.Q/.Z .d..]..@.=.NX!Bn-6x93.M%.YWJ.D.H#.X'.N-.gH.p...............s]'>.Nw.{p.p......n^.aq.u.e.W5.._..x.............r.S=.b...............[{]m4=..........]...........x..p.s@......8.zP..{.i8.s.].{t..s\V`]Vm..t..^NVzyt...[.zo...".pQN.3.w...~..m$.i..!..0..*..>..._gm;...s..T..M..>..{5VsI.n...G.8.[}~O...a...}[f..lu]{..agJ.k]Tqmu48...!.......,.................................................................................. !."....."..# $%&'&()*+,......-../.'0.01/234......566.77'8N..q#...x`p..B..,B.P.....8~.......x..... %ll..c..!..l.A$..]...*."..F. q....v6.,x0.....x(Y....%C..i"DH.'1d<.2.@......"...*U...R.K.,Z.......P.PP.2.K....tQ@c..,X. ..*..0a..C.L.1\Bs1C$...(<.j...0i..Q#f..6m.q......]x....3n..Y.|N..t.P`0`. ..$8h.a..1......;g.Ph.J........"E.=[.........4...P.G.Q.A..]D...|......`......R..|.....W...X....HP`."H`...<....\."...A...4@....R...$.$..D....;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\index[1].htm
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):11358
                                                                                                                                                    Entropy (8bit):5.081230966440111
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:1AAl6lD3R0m3BGTvVrGNI643LJ7jIWqqyapxC8bB4/fxvLLmyySbxo93ILPlUIiK:SaMR0m3mz9oRHa9R54uEBukeX2oK
                                                                                                                                                    MD5:7FAC353FD6E72A2C75820F2276D522D5
                                                                                                                                                    SHA1:DEEC13C8F8CFB6A44E92FE15A5BBB4D18D1EB539
                                                                                                                                                    SHA-256:B8FF55F1551A2611F3890196A3E6EA69D579D2DF441AA6AD6141F84F39511238
                                                                                                                                                    SHA-512:CFF7AEA083A5B873FEB9F8D122BF4C02705FF7FE21135F7D13AAE5AC79A57879E2F56F07A22D5938B8B2C12B6B504E2381A5789347D5F5C2677837C802F1DE81
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/about/index.htm
                                                                                                                                                    Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml"> InstanceBegin template="/Templates/main.dwt" codeOutsideHTMLIsLocked="false" -->..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />.. InstanceBeginEditable name="doctitle" -->..<title>About Us | New Hampshire Department of Health and Human Services</title>..<meta name="Description" content="The New Hampshire Department of Health and Human Services is the largest agency in New Hampshire state government, responsible for the health, safety and well being of the citizens of New Hampshire." />..<meta name="Keywords" content="about, health, human, services, dhhs, new, hampshire, nh, nh medicaid, tanf, child care, substance abuse, wic, child support, food stamps" />.. InstanceEndEditable --> InstanceBeginEditable name="head" --> InstanceEndEditable -->..<link href="../css/base.css" rel="
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\jshowoff[1].css
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):3468
                                                                                                                                                    Entropy (8bit):5.130714868268042
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:gxhTzrJZwi5n3ao8FZpNNNisHrymo4dG4QjRk1:6TvJKi93ao8OHez
                                                                                                                                                    MD5:EA8F627844489B0D84EA383588E13730
                                                                                                                                                    SHA1:D86649EC726D7009B075FEA0DD76C87B73F28857
                                                                                                                                                    SHA-256:28BBAE52F137499A252D25447764FB3A84EE0E6A1C46406C3A62B5E494A6BBBE
                                                                                                                                                    SHA-512:F43F917A7B1E9B32D77017E1A37BD46B463CA829E304C7DAC29459ACC624E22FD7BBB7DA1F34AA211A499621BE92094B92BCD0DFB72132950DD39065E0498787
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/jshowoff.css
                                                                                                                                                    Preview: /*This CSS is for the home page slide show script */....img {...margin: 0;...padding: 0;...border: 0;..}....#features, #slidingFeatures, #labelFeatures, #basicFeatures, #thumbFeatures {...background: #efefef;...position:relative;...overflow: hidden;...width: 515px;...height: 250px;..}..../* These are used to round corners in Chrome and Firefox...-webkit-border-top-left-radius: 6px;...-webkit-border-top-right-radius: 6px;...-moz-border-radius-topleft: 6px;...-moz-border-radius-topright: 6px;..*/......jshowoff {...width: 515px;...margin: 10px 0;..}......jshowoff div {....width: 515px;...height: 250px;..}..../* These are used to round corners in Chrome and Firefox....jshowoff div, .jshowoff img, .jshowoff {...-webkit-border-top-left-radius: 6px;...-webkit-border-top-right-radius: 6px;...}.....#basicFeatures, .jshowoff.basicFeatures, .jshowoff.basicFeatures img, .jshowoff.basicFeatures div {...-webkit-border-radius: 0;...-moz-border-radius: 0;...}..*/......jshowoff div p, .jshowoff div h2
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\largeA[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 16 x 13
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):309
                                                                                                                                                    Entropy (8bit):5.2708689646625055
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:Cx9lyRTYgRO3p/o//nee63zyaaFij00Cjf/FYqtLy0yrtwlIqldJrDsFRkFcipcE:8lyR7c2eVyHTFt0rWIeLERkFTpcTzM
                                                                                                                                                    MD5:BD22ACECC5B91E4BC9207FC9D6EAD4AB
                                                                                                                                                    SHA1:C0503CC700CFBD52477ABBE82987B1A15E4C7AA7
                                                                                                                                                    SHA-256:3FB0331CA28F01CAA741C42F84B0ABED4928B3BD2EF108666C6A1CA08CDD323A
                                                                                                                                                    SHA-512:6E0F48FD273EBCDC3F3FACDEF42DD0C6750F14DCBBEAE806FD7B6C85B433CE46799EAD0F7067670A37714A0B4B64FB179BDDB25B029A2A4FB5449E2FEB7D61DA
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/largeA.gif
                                                                                                                                                    Preview: GIF89a.....#.]]]...===.............................ZZZzzzggg;;;..................GGG......lll___...FFF......>>>XXXhhh.......................................................................................!.....#.,..........R..pH,.G.@@p,...&.`8 .BA .X`G.@..x`.^H .].......T*....Q...M.......oF...D..G .!D".DA.;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\search-icon[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 18 x 18
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):1518
                                                                                                                                                    Entropy (8bit):6.996843137132655
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:HTM8VEZ3al1hJIwWwylZ82lYSqMHYKq9VyJT3byJeyCZ+47aGY8eJsx:oKkNinNus94JKJeyCZl7aL8B
                                                                                                                                                    MD5:5BE960805AA62A3CFB8CFDC14C115507
                                                                                                                                                    SHA1:32A3B1D41AC4289D2F5D20927049E5F14BB75250
                                                                                                                                                    SHA-256:48173769D629B75D62E6AF43347CFBAA504A8A40B96B01D59B81149775235B91
                                                                                                                                                    SHA-512:EA7506A9414197E4626954B39979ABDEC0A3D5A8262B496522A40D7BC23B8B26B4E650EAB7474F7EBF4B7D1C1DE3F6AF452C0B98F8C61418E7279EA9B1D1AE3B
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/search-icon.gif
                                                                                                                                                    Preview: GIF89a.......3.....f...\.....O#...6A..........*.}..H5o$.k}i. .ayW.!.blX......>#.E..?.....G0....K~j....]5.]G.'.t....5M#..z.yX..i.z.J6p...kW....$.F[G.F#....0..Y5.-......................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c111 79.158325, 2015/09/10-01:10:20 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpRights="http://ns.adobe.com/xap/1.0/rights/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpRights:Marked="False" xmpMM:DocumentID="xmp.did:B7F8255DCF5B11E5AA99C19543BEC705" xmpMM:InstanceID="xmp.iid:B7F8255CCF5B11E5AA99C19543BEC705" xmp:CreatorTool="Adobe Photoshop CS3 Windows"> <xmpMM:DerivedFrom stRef:instanceID="uuid:52AD6615EE7FE11186B7C365868D3B59" stRef:documentID="uuid:32F48556EC2AE011BC6EAE981EDE
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\seniors[1].htm
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):13573
                                                                                                                                                    Entropy (8bit):4.988504258614964
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:1AAN6R0m3BGTvVrGNI643LJ7DoWK3aS6pxVHbh4DfxvLLmyySOLrgneinOI6VHtt:SnR0m3mz8Y8RH+/EUh1ymGDb242oK
                                                                                                                                                    MD5:884814DBA14EF841EC18FADE7145DDF7
                                                                                                                                                    SHA1:F8B9924FD70BA0B42959DF852C0FDB2F6B6980B3
                                                                                                                                                    SHA-256:D2A61C184CC788FC32DCE676C1E0D8FB6DE2EA465981069C875E50A60812EA76
                                                                                                                                                    SHA-512:584E41FDC4A54866B919A5802A19632C6CA36B108C86C5F93043B4456CD43AAA3BA9EF2581712D4FD76B672BE3593D556836361227E3A75ECFBC58C37D85AFFB
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/foryou/seniors.htm
                                                                                                                                                    Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml"> InstanceBegin template="/Templates/main.dwt" codeOutsideHTMLIsLocked="false" -->..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />.. InstanceBeginEditable name="doctitle" -->..<title>Services for Seniors | New Hampshire Department of Health and Human Services</title>..<meta name="Description" content="DHHS services for seniors." />..<meta name="Keywords" content="seniors, elderly, health, human, services, dhhs, new, hampshire, nh" />.. InstanceEndEditable --> InstanceBeginEditable name="head" -->.. InstanceEndEditable -->..<link href="../css/base.css" rel="stylesheet" type="text/css" />..<link href="../css/contribute.css" rel="stylesheet" type="text/css" />..<link href="../css/print.css" rel="stylesheet" type="text/css" media="print" />..<script type="text/javascript" src="../scri
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\the-doorway[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=0], baseline, precision 8, 150x112, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):10721
                                                                                                                                                    Entropy (8bit):7.9222857327358
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:n7FuknE1nfULiWFwwlfoy5jtVA/wAkZ1tsMW+kLbY0sspgKtZuKchTKr2aaJdJBN:nfn08LBfRjA49psTLbY0xgiuwr3aJo7y
                                                                                                                                                    MD5:C258A4DB13A03F1076CBD63293759F48
                                                                                                                                                    SHA1:D710F07E70044D66A5021F9FC5A1D72DD7856670
                                                                                                                                                    SHA-256:1482933B0E678AAB9D19132EE458E09FCB16A01712D9755BBA31A74B4A76FEE7
                                                                                                                                                    SHA-512:9308FE2CB30AF1A309E7CDE9562A698D3D7BC67A7415318A0F2A88405B9B036A54420E86DE99521B48BCE2BA69DF4A00109DF95A9F1E772119C6E9CE7C3BAE85
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/the-doorway.jpg
                                                                                                                                                    Preview: ......Exif..II*.................Ducky.......K......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmpMM:OriginalDocumentID="uuid:5D20892493BFDB11914A8590D31508C8" xmpMM:DocumentID="xmp.did:E561AC3D144511E9ADD486A11D2B4417" xmpMM:InstanceID="xmp.iid:E561AC3C144511E9ADD486A11D2B4417" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:56075E5F4414E911AF80F736676497D0" stRef:documentID="xmp.did:066f07fb-c2ec-6a41-98c4-ecf3f60ffcec"/> <dc:title> <rdf:Alt> <rdf:li xml:lang="x-default">Print</rdf:li> </rdf:Alt> </dc:title> </r
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\translateelement[1].css
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):18724
                                                                                                                                                    Entropy (8bit):5.0229050341109795
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:Z6/FpzOTH+pUwFQQFzosq6yzGy60wQHZAOcUcmMt0wGq6K:Z4FxskUwFQdcUcmMp
                                                                                                                                                    MD5:DBC4C9FA52A475411EB75595DA532797
                                                                                                                                                    SHA1:099407F8C66BC19CC7DA10EFB2715EAE0373C966
                                                                                                                                                    SHA-256:6149F95C1EBDDE5391898E22A79821A810336F6BD74318291B4F49F23FBF0FA8
                                                                                                                                                    SHA-512:81EBE7593D3856D282F9C581BA3DE18B1F3F0E42D3B912235BB36ED80CDB7FCE08CB91A0FB537CC5BB751F7FA161635B380C78FD0905E4A5B0395A30A64C9E86
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://translate.googleapis.com/translate_static/css/translateelement.css
                                                                                                                                                    Preview: /* Copyright 2020 Google Inc. All Rights Reserved. */..goog-te-banner-frame{left:0px;top:0px;height:39px;width:100%;z-index:10000001;position:fixed;border:none;border-bottom:1px solid #6b90da;margin:0;-moz-box-shadow:0 0 8px 1px #999999;-webkit-box-shadow:0 0 8px 1px #999999;box-shadow:0 0 8px 1px #999999;_position:absolute}.goog-te-menu-frame{z-index:10000002;position:fixed;border:none;-moz-box-shadow:0 3px 8px 2px #999999;-webkit-box-shadow:0 3px 8px 2px #999999;box-shadow:0 3px 8px 2px #999999;_position:absolute}.goog-te-ftab-frame{z-index:10000000;border:none;margin:0}.goog-te-gadget{font-family:arial;font-size:11px;color:#666;white-space:nowrap}.goog-te-gadget img{vertical-align:middle;border:none}.goog-te-gadget-simple{background-color:#fff;border-left:1px solid #d5d5d5;border-top:1px solid #9b9b9b;border-bottom:1px solid #e8e8e8;border-right:1px solid #d5d5d5;font-size:10pt;display:inline-block;padding-top:1px;padding-bottom:2px;cursor:pointer;zoom:1;*display:inline}.goog-te-gad
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\women[1].htm
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):13071
                                                                                                                                                    Entropy (8bit):4.9799957899156935
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:1AAjGR0m3BGTvVrGNI643LJ7DoWK3aS6pxVHbh4DfxvLLmyySaM9xs/3lCseG9cU:SHR0m3mz8Y8RHV92Gk6h9rXdR72oK
                                                                                                                                                    MD5:86AB93FC9FDDA269C5974261A1D1EB1E
                                                                                                                                                    SHA1:3A0B4753FE80FD8D67F965DED7906DA9C996EBD1
                                                                                                                                                    SHA-256:57BBA8778C55549B83883E7750D4D5E2D18459E8F6C77106063B08ADE2C7B4A3
                                                                                                                                                    SHA-512:3533ECD1066C0C84F7A54EE3689559AC664520E82D483531F23257C3630272074D9476B84F1406124E26918084770F4C8AB1F5DF3706E42D4B613A6ECF744D4D
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/foryou/women.htm
                                                                                                                                                    Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml"> InstanceBegin template="/Templates/main.dwt" codeOutsideHTMLIsLocked="false" -->..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />.. InstanceBeginEditable name="doctitle" -->..<title>Services for Women | New Hampshire Department of Health and Human Services</title>..<meta name="Description" content="DHHS services for women." />..<meta name="Keywords" content="women, health, human, services, dhhs, new, hampshire, nh" />.. InstanceEndEditable --> InstanceBeginEditable name="head" -->...... InstanceEndEditable -->..<link href="../css/base.css" rel="stylesheet" type="text/css" />..<link href="../css/contribute.css" rel="stylesheet" type="text/css" />..<link href="../css/print.css" rel="stylesheet" type="text/css" media="print" />..<script type="text/javascript" src="../scripts/textsiz
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\400x25officialsite[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 400 x 25
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):3455
                                                                                                                                                    Entropy (8bit):7.723531087767753
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:5nlnNANz4PIt65pH87mCYGZG9LFLBxYkjshyV7t0A28qK4JldIQPueht:5n1Yr4pH8KCYGqFLQkjTJrxehPzj
                                                                                                                                                    MD5:C242FCDA1B5DAA99D53BAD09E619D169
                                                                                                                                                    SHA1:36C3FA7B2EFDD718550348B7E3E445782C912341
                                                                                                                                                    SHA-256:90E1AE9F18C3A094D16CC4ED11AC93E3561ABB41308B0FEB0B30C166DC15D130
                                                                                                                                                    SHA-512:995BD2A3B5DB4B2FF05D6796BBF1ED9014ED501E58BD118E8F4886F2EC5FF827B174E365D7D36CEE5A82120693C69B8DF1D709D93EDE78B8D3F0341AE31CD6A3
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/400x25officialsite.gif
                                                                                                                                                    Preview: GIF89a.......?Ts...........;Pp........^p.BWu{.......bs.w.......iz....................hy....;Qpu........~..k{....:PoPc.L`|Ob.I]{M`}\n....G[yH\y=Rq.........Zl.iy....Uh.........................[m....Wi....y........................gx.K_|...........[m..................Xk....>SrMa}Sf..............m}.J^{I]z..............r..Wj.........z..{..`r.....Pd.......<Rq......@Uts.....q..du....AVt..................v.....j{.............ct........Qd.Vi.t........Tg.n~.Yk._p.F[xo.................CXvfw.EYw.........}......p..bt....fv.ar.Tf.]o.l|.t.............p..x..........................Nb~.....|..................m}.........9Oo.................DYw......ev...........................Re..............FZx........._q........................................!.......,...............H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.L. ..............xT........x..i..;.j.....`+..pA$....j...C.p..e..... ...Ao......-A.D`.'H.@.....)..@Hb`.+....X....[\...@....].....
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\4MUVPDOK.htm
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):25487
                                                                                                                                                    Entropy (8bit):5.083554954745144
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:SGunySC4SJLM/Ex1v2xiJgDc0hAtgn5uB+ec2zgrjeAhiN:SGuFyLMMx1ux/Zh6gn5uB+deAhe
                                                                                                                                                    MD5:5E7BD12E328C4AE593734E1AE2AB3317
                                                                                                                                                    SHA1:5E1CF57202212E5A99323A7728FD8D2B5489C244
                                                                                                                                                    SHA-256:D0E97980D5E7C8609F31EDD59D321A0F9A22E44464929387251959EAEFF56069
                                                                                                                                                    SHA-512:962C34614EBC31A9680FAB8DF4CCFF71B9C5B57E9D012B84CA7FBFA1BE466958B2DD3083CD6171DE1D45886269DD07AD9B52FC3B326565BB99738F32CD074CC8
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/
                                                                                                                                                    Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml"> InstanceBegin template="/Templates/home.dwt" codeOutsideHTMLIsLocked="false" -->..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />.. InstanceBeginEditable name="doctitle" -->..<title>New Hampshire Department of Health and Human Services</title>..<meta name="Description" content="Welcome to the New Hampshire Department of Health and Human Services" />..<meta name="Keywords" content="health, human, services, dhhs, new, hampshire, nh, nh medicaid, tanf, child care, substance abuse, wic, child support" />.. InstanceEndEditable --> InstanceBeginEditable name="head" -->.. InstanceEndEditable -->..<link href="css/base.css" rel="stylesheet" type="text/css" />..<link href="css/contribute.css" rel="stylesheet" type="text/css" />..<link href="css/print.css" rel="stylesheet" type="text/css" m
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\arrow_green0[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 11 x 11
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):48
                                                                                                                                                    Entropy (8bit):4.381328385912461
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:Cpr3lIh3uJT+H:43ydUTm
                                                                                                                                                    MD5:FBD0E6E9B04C2C0F0DE3B9B372EB91FF
                                                                                                                                                    SHA1:FF07B76F9896AF9DCFD72E2DB5167C5C7064B0C9
                                                                                                                                                    SHA-256:595D5753D57518C1235FAE639F2665608B8639BB8E12D12DE33339EC4CC9760A
                                                                                                                                                    SHA-512:2D513B0C0A2A18CDB51BC04E8AC900A9B34C378CBFE70A3A0D764D92358F25F34EAEE2CA56AB80F3A314A4E8BBF347117EC05FBCA5C7E04FCDF2E132071E827B
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/arrow_green0.gif
                                                                                                                                                    Preview: GIF89a..........>.r,.................t`2......;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\bullet02[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 10 x 10
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):166
                                                                                                                                                    Entropy (8bit):5.033559159767338
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:C8iX1oBbNTRPVZT4QQ3ZDpP8RalltLy0eFdBus9uYuaD2t/Ch:tikRTjt4FZgqtEdBus9FHD2Qh
                                                                                                                                                    MD5:13124C1D196F71BFBDBF3B68247C2621
                                                                                                                                                    SHA1:23A19F2D059EE561894A7384CBE9CEA240365902
                                                                                                                                                    SHA-256:AF96E242BC1EEA19BFBC52436761ACD8D1E7B4BA4307BD051D2EDD1E04C026AC
                                                                                                                                                    SHA-512:613E32FF84EB6065B97BC39C28EEA7470B631F66D1F0295BF8C4CDF8A186864FC4955AA7A4B11D530C0067BFE5A9F7294BA52BFD2A39F9911DCA6EC5C520BFEF
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/bullet02.gif
                                                                                                                                                    Preview: GIF89a.....................................................................................................!.......,..........#.$.di.@ ..Y.G..I.+.b...(6G...HZ..)..;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\button-sysc[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 149 x 121
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):14621
                                                                                                                                                    Entropy (8bit):7.825199065619867
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:yTq9/R62zTbh9Nj5Jg8mf5FBh5R4xJWEEpRO/PK48:aq9gKI8mRFBSdf8
                                                                                                                                                    MD5:BCF9D8B990427A3FD6076D8B828DC634
                                                                                                                                                    SHA1:249E51075BA8E049CF92373FB31175F03950A54F
                                                                                                                                                    SHA-256:2CADB2795C254C1BC18A7FC3E766D5AB760C9566F323E2DA3A60629E8028A88C
                                                                                                                                                    SHA-512:910AE8C8A959BC19AB332916CFE338999121DA1D7450F0AE4BC1224DE1CC66030D92282DA0F4B6FE3B976C25B456286984E443DFC038E9104E04833BFBB51E3D
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/button-sysc.gif
                                                                                                                                                    Preview: GIF89a..y............."&..!.........47(.l[........|||......CCCy..)3'Xdd...sYF...TWK.............v8E57E*WdT........C71Rb+.......gtv+)#PQPCA<..........HSU...IU*...GTG...0+'...........<CB.....IS8...+,*+40iji.!....gO=.....T[7..."#!...qti...dddCHDEHIIKKgpl...<=9amk120...KIB.....QMG...~.|#)#.$!|bRRZZ......qspad[...[\[$+):;1...k}.191.....GEB{_J........DFGfa7.......YE9...iidGD=AJ*...................CJ<"'.(%"glr..............V^`bhd3;8HMQRYR...............\[R...;3/p{z*..O\+......|..?K3HK>....._hH...........RUW.....ple:>?..................AA4.........>O).............rt{......358...~v\'......03 .........WTQ>O5.{o...hea......L@7...qxqIN2.........bghSMQ5-,;3:... ..@?>ifj...wvpYWX$''(...................0>)oooMGL,''............................!.......,......y.@.....a.D.2..*\....#J.H..."EL...c."T....dE....M.k.".{.h..G%K.>rR.D..5=....d...Z..4e....N.F}*......fEbUkU.Y.b.#...L4J-(e@-.:X~.8q.....(;q...:.Z....R.n..W.!C....d... .."GD.4)h.%...Y*4.....d8p.@....
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\calendar-graphic[1].png
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:PNG image data, 170 x 126, 8-bit/color RGBA, non-interlaced
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):13037
                                                                                                                                                    Entropy (8bit):7.9638596412762785
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:7UUVbS3J79HLEmDVxE+i+HGWAXg0eV+V1fJkm1bT:gkbSTrDZx2+HJug0Y+ym9
                                                                                                                                                    MD5:6452F1EC1866D5ED498BAC41660565B5
                                                                                                                                                    SHA1:B1232C23FCC3A911400E6E6AB9437C14D20D72DD
                                                                                                                                                    SHA-256:87D61DAD66681572B3AC12B40CC346BB37D0FFDB9BB83CCF9482C55CED44386C
                                                                                                                                                    SHA-512:96281ADF7AAFB026E0824671ED1E6F04466CF919F772A78B1623F33C67609BEB9AC941548BE4D329FE1BFAFAE554B92AFA0B8D9E067DCCA2C87D86145712ABE4
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/calendar-graphic.png
                                                                                                                                                    Preview: .PNG........IHDR.......~.......... .IDATx..w|......i....)...J/.W@.C(.@..)6.zE..^D...(...E.....kTP.H.@.M...Bv.........$(...d..9.9g..y.3....?....?....?...g....\}..S'...=...~...*....Wb.T.....%W.V...w.N..RR^EX.....~."...\..$.r9@(P.T.~....-Q...Rd.'.C'...G..j......*.HDr...[.r.%...EJJ......%...RUQ.... .(.......-Q...OB]....K="a.?Q..:`..-A.N...D...k......+b.gyo..*...b.p..|..(/l.B....30.O}...O..a..g..$..0.........1.qa.......f.....8."..U...1A<ps#..G`... =+..K.0.#...4..t.j.W.~../j@.3..f.......}.Y.=.Ao.]..n....LY....({.*.MX.gbl..}p..Ub.R.{.c..X..(...5..#..p}W...m....U?`.. .a...'06.T.O.?k.r1Ag..R.%.....W...Li.O.y.......4..7....:[.+.6PXT.V+.......K.........}O...?}...7.GpL"_..d..S,{.vf.k./........B......8.Z.@.....Np.A*{}.p.&=.&:C..ub...`0F8..f..ov.X.!..q.....(.C`mt].....<|...IB.Z....U.'G7'.A3..tz....1.#..n...sW+...=.V.*....q..&c0F...2i.O.SKJ..!,.6...T.E..M..k~#.Q..C . ..6..0Bb........?.......+.........`.K....av.DR.5...H?.....!$.A.......\.,......eb.
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\carbon-monoxide[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=12, height=292, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=600], baseline, precision 8, 515x251, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):129790
                                                                                                                                                    Entropy (8bit):7.890919421015789
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3072:ie2ke28EzJw9Hew+CLsGU+/7jX94hXGLVjFrRk0:i1k18EzJGHew+CLso7jXOh2ZRrRV
                                                                                                                                                    MD5:C83AD720C9E8C9FF4099CD8A74F63990
                                                                                                                                                    SHA1:EB99ADBE8DC292769D7550A97A0236BDC2F46592
                                                                                                                                                    SHA-256:176E7581B8833A56D160D6CA01B0C29D4951086689BB1293C767DC6F30725181
                                                                                                                                                    SHA-512:55E9CA1348F7065B1D6495CEF4343106DB6ABE7C0DFE13EE216B2004711FD03AF7ABBC67D3A7F0EAAB5518753C987B5352BBECC52B4DC017A15523F237B85395
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/slider/carbon-monoxide.jpg
                                                                                                                                                    Preview: ......Exif..II*...............X...........$...........................................................................(...........1...........2...........i........... ..............'.......'..Adobe Photoshop 21.0 (Windows).2020:02:03 15:10:23............0231................................................................n...........v...(...................~...................H.......H.............Adobe_CM......Adobe.d.................................................................................................................................................N...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...1......y.8X8.e.....X....;..h.........2....L1..X.W n....${P. .54.1.HFr
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\covid-alert[1].png
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:PNG image data, 730 x 50, 8-bit/color RGBA, non-interlaced
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):9978
                                                                                                                                                    Entropy (8bit):7.955383730621116
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:CtuvpBwiUiTYc7VcQVgkcBGQq7Pn0z4z9UwrazRNoBqR:boK7CQDwGF7P0zq2earR
                                                                                                                                                    MD5:59B7681053FC2B1C2C65959FB27A4070
                                                                                                                                                    SHA1:DB31AAE7E08B2094C011ACA0A5154440D65ACB83
                                                                                                                                                    SHA-256:7749ED0E11D5E9D973396ED23D5D430BEB9EE9A0211F5A6B341E716FD38A6C18
                                                                                                                                                    SHA-512:7E9F19A43A3C2C295661447A967C9720CD860C60C8649B2CDB104154976A2D7223AC942ADA2912B3B266D334C4C0563B6426A1767BDC72A5B84A16FE9E1AB302
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/covid-alert.png
                                                                                                                                                    Preview: .PNG........IHDR.......2.....bf|... .IDATx...xU..._H !!...@..e.. EQ.......b.\?..._..Z.Z..V...m.Vx.hQ.............!a.....|...}O..=.n...=O...{.9...wf.-...... .. ...4....A..A...G.. .. .. D... .. ....Dh.. .. .B...-.. .. .Q@.. .. .. D... .. ....Dh.. .. .B...-.. .. .Q@.. .. .. D..........n.........h..R.. .. ...M..{.*hIn.]?*A...9G(3-.F.n&5K..A..A8c.....XMc.7..uRbcz.R.. .. ...M...Z........._.BF...9..3....m.b.... .. .g.Q.....B..`..}...... .. .. ..4....b....8.4.F...~7..T.n.. .. .g..*..}..f...Ty..vt.....V......mA..A...L..&C"..E6D...H..=..UG....M;j.7..e7..C|#.....s....&.Q$....R.........$..A..!.4.G."y...vL.......1t...]CE.1..T?.. 0.....Yc)....$Q.-.....OG.>.|.Bl\{.p.j....BZ.v.S.f=@.....3....j..x.g.p.3e%.t.**....\tB.[uw..{..ZH[.....8.6M...i.U.......u.y..U.e.....{6....Sb.U....@..x....A..i.E.in.-...,.r..8.w8,Y]I];.6.?..~Gg.w'.4q....;.....R4.h.._.H1.1.>.....@.q..../.Nms..;.2...........w<..u..u..i..VZ..UT[.[..O..Y..g.yZ...U..WB9.'..8~h.......J....;r_r......5r.
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\disabilities[1].htm
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):10146
                                                                                                                                                    Entropy (8bit):5.031839379944935
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:1AAOeR0m3BGTvVrGNI643LJ7DoWK3aS6pxVHbh4DfxvLLmyySBa3Zej2kFQc+7Yy:SleR0m3mz8Y8RHgk7d2it2oK
                                                                                                                                                    MD5:2E6BFC98C1A69CF7AF7CB106EEACF2C5
                                                                                                                                                    SHA1:B63D9DA9EB752D4D9D796C52C4BC486649181B7D
                                                                                                                                                    SHA-256:21391118F3550181965D8E741186A81F40D3C9D7F769FD2697D1399125914E48
                                                                                                                                                    SHA-512:1DE7B2D08AFCFBC685AC07DD62C213B31E292280170CD2D62731C6DED76B8BAB3C133B282D5CE8CF7EAA73C52DE0540E07920F62A17DFE22D9CB640E7A2A7A29
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/foryou/disabilities.htm
                                                                                                                                                    Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml"> InstanceBegin template="/Templates/main.dwt" codeOutsideHTMLIsLocked="false" -->..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />.. InstanceBeginEditable name="doctitle" -->..<title>Services for People with Disabilities | New Hampshire Department of Health and Human Services</title>..<meta name="Description" content="DHHS services for people with disabilities" />..<meta name="Keywords" content="disability, disabilities, health, human, services, new, hampshire, nh" />.. InstanceEndEditable --> InstanceBeginEditable name="head" -->...... InstanceEndEditable -->..<link href="../css/base.css" rel="stylesheet" type="text/css" />..<link href="../css/contribute.css" rel="stylesheet" type="text/css" />..<link href="../css/print.css" rel="stylesheet" type="text/css" media="print" />..<scr
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\dnserror[1]
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):1857
                                                                                                                                                    Entropy (8bit):4.6050684780693905
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:rCUcWh0sEimVM4mVMyIjyAV28EFySd8/k+C2E93vjqF4IAr4:uUjEiV4VtLV2lFjq29vjNRr4
                                                                                                                                                    MD5:73C70B34B5F8F158D38A94B9D7766515
                                                                                                                                                    SHA1:E9EAA065BD6585A1B176E13615FD7E6EF96230A9
                                                                                                                                                    SHA-256:3EBD34328A4386B4EBA1F3D5F1252E7BD13744A6918720735020B4689C13FCF4
                                                                                                                                                    SHA-512:927DCD4A8CFDEB0F970CB4EE3F059168B37E1E4E04733ED3356F77CA0448D2145E1ABDD4F7CE1C6CA23C1E3676056894625B17987CC56C84C78E73F60E08FC0D
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:res://ieframe.dll/dnserror.htm
                                                                                                                                                    Preview: .<!DOCTYPE HTML>..<html>.... <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>This page can&rsquo;t be displayed</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:getInfo();">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">This page can&rsquo;t be displayed</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct.</li>.. <li id="task1-2">Look for the page with your search
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\errorPageStrings[1]
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):3470
                                                                                                                                                    Entropy (8bit):5.076790888059907
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:z9UUiqRxqH211CUIRHERyRyntQRXaR8RS6C87a/5/+mhPcF+5g+mOC53B5Fqs1qP:JsUOHaQyYX4yJQOWCbz1Qb5
                                                                                                                                                    MD5:6B26ECFA58E37D4B5EC861FCDD3F04FA
                                                                                                                                                    SHA1:B69CD71F68FE35A9CE0D7EA17B5F1B2BAD9EA8FA
                                                                                                                                                    SHA-256:7F7D1069CA8A852C1C8EB36E1D988FE6A9C17ECB8EFF1F66FC5EBFEB5418723A
                                                                                                                                                    SHA-512:1676D43B977C07A3F6A5473F12FD16E56487803A1CB9771D0F189B1201642EE79480C33A010F08DC521E57332EC4C4D888D693C6A2323C97750E97640918C3F4
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:res://ieframe.dll/errorPageStrings.js
                                                                                                                                                    Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "The security certificate presented by this website was not issued by a trusted certificate authority.";..var L_CertExpired_TEXT = "The security certificate presented by this website has expired or is not yet valid.";..var L_CertCNMismatch_TEXT = "The security certificate presented by this website was issued for a di
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\families[1].htm
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):14882
                                                                                                                                                    Entropy (8bit):4.996850145254629
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:1AA26R0m3BGTvVrGNI643LJ7DoWK3aS6pxVHbh4DfxvLLmyyS3vM5s/9ml0GZGeg:S6R0m3mz8Y8RHUdoyGiZhl5+rs92oK
                                                                                                                                                    MD5:0E04DAF9A1FBC9411CAA3AE7B492F94F
                                                                                                                                                    SHA1:0D34BD0339F12ECCBDAAAA8ABD0A0059878F7035
                                                                                                                                                    SHA-256:5943A3D48401734486E22AA810F54D142DB12E3F94847981F80B416113B937CD
                                                                                                                                                    SHA-512:348A779D9CCB41D3FB90A7B5D4B499D9FED3626B577D5322F328B9BE9E30606FD8F29AF7CBAB80389D47841E159848CD7918E5524CA5891A2181F84875A5F0F8
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/foryou/families.htm
                                                                                                                                                    Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml"> InstanceBegin template="/Templates/main.dwt" codeOutsideHTMLIsLocked="false" -->..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />.. InstanceBeginEditable name="doctitle" -->..<title>Services for Families and Children | New Hampshire Department of Health and Human Services</title>..<meta name="Description" content="DHHS services for families and children." />..<meta name="Keywords" content="family, families, children, health, human, services, dhhs, new, hampshire, nh" />.. InstanceEndEditable --> InstanceBeginEditable name="head" -->.. InstanceEndEditable -->..<link href="../css/base.css" rel="stylesheet" type="text/css" />..<link href="../css/contribute.css" rel="stylesheet" type="text/css" />..<link href="../css/print.css" rel="stylesheet" type="text/css" media="print" />..<scri
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\icon-sp[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 19 x 29
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):62
                                                                                                                                                    Entropy (8bit):4.478946144941852
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:Cq//Rewltxlu3uXU1xn:T2KU1xn
                                                                                                                                                    MD5:BE84D93A3126CAFBBA9E92D25F139F7B
                                                                                                                                                    SHA1:55F18DA72A71AC3F4CF7B4A6FB3053ED0169FFA1
                                                                                                                                                    SHA-256:B264D426F9B80C2C02B49123C628B62AC446AAEAD5F4874780F900AB024228AA
                                                                                                                                                    SHA-512:98089AA6627FFEA2E2B302B1E5B29CB8B64518183D124B66FA731A1B9B40D771C4E5882E3B7350AE547AAA6EF73BF55E32BED5CB3738464FDC2E88220FB36DB7
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/icon-sp.gif
                                                                                                                                                    Preview: GIF89a.............!.......,...........................Hn..;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\icon_flash[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):607
                                                                                                                                                    Entropy (8bit):6.150874141816269
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12:+4fBVm3RLxgpY2CRBs1XGeozZtLTnsO6RSORKPwcXxBmG:+WBMhL+psRy1luXHvs04CBh
                                                                                                                                                    MD5:F39970CEE0E709A2C6225C686E877E23
                                                                                                                                                    SHA1:37193D45B1BD8C7B81F2B50B5BAF80DC3DFA998D
                                                                                                                                                    SHA-256:74F8DF3D7341D6CD60F342F3EFD6433FEA89B34AB60BEBEE6EA17AD728B05360
                                                                                                                                                    SHA-512:BA3AF5CD5A886530C2AB81B7EC6457FE3ECB842F9A552A199D55120F340F705AEDF1759C90203ABFF2B97FC7297B5FDBC98A6C11A3EA473E514E238E78C25E56
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/icon_flash.gif
                                                                                                                                                    Preview: GIF89a.....R.......................<A.JM................[_.......tw.......up.IL.~x....xs.|v.<@............`c....mi....rm.`a.............WZ.HL.......xr.............eb...........|.......@E.QV....9?....rt....5;....xz.......?D.JO.\[.WY....:?...............................................................................................................................................................!.....R.,............RR PO.......PKNQ..K(..ON......Q,5.ROQ.L.4%..Q......L7$6..A.QO.Q3H.).....D..=;.BINK...8."G.10Q..+..O......ML.....-.<..LLK.&.#9C'68q...}O|8(".G...#.Rq .....j..D.../x...K..&#y1."...D0.@)...;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\jquery.jshowoff.min[1].js
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):6579
                                                                                                                                                    Entropy (8bit):5.228753253129017
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:O10Rasp42ZbGDt2rflgINP/iVxQTA39KyJArB:g4pjZiu3/iv1t8B
                                                                                                                                                    MD5:AF1015158867ECB3BC8B923ABA626215
                                                                                                                                                    SHA1:DE5FB1BB2BF305F070A706DFBEFF57249753ECF3
                                                                                                                                                    SHA-256:F40473668CB3C72EF3AC8EDDC7945A672DFF271BF54351F639E704FDE2101237
                                                                                                                                                    SHA-512:FB6BE27AA9899FA322A971C11E8BFE248D5E66B7FDA37952372E45E0F7859FE26CB80444B63850E55BA70943FAC3E0CA39838114F3166D01EDAE0519617EB26D
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/js/jquery.jshowoff.min.js
                                                                                                                                                    Preview: /*....Title:..jShowOff: a jQuery Content Rotator Plugin..Author:..Erik Kallevig..Version:.0.1.2..Website:.http://ekallevig.com/jshowoff..License: .Dual licensed under the MIT and GPL licenses.....*/....(function($){$.fn.jshowoff=function(settings){var config={animatePause:true,autoPlay:true,changeSpeed:2000,controls:true,controlText:{play:'Play',pause:'Pause',next:'Next',previous:'Previous'},effect:'fade',hoverPause:true,links:true,speed:10000};if(settings)$.extend(true,config,settings);if(config.speed<(config.changeSpeed+20)){alert('jShowOff: Make speed at least 20ms longer than changeSpeed; the fades aren\'t always right on time.');return this;};this.each(function(i){var $cont=$(this);var gallery=$(this).children().remove();var timer='';var counter=0;var preloadedImg=[];var howManyInstances=$('.jshowoff').length+1;var uniqueClass='jshowoff-'+howManyInstances;var cssClass=config.cssClass!=undefined?config.cssClass:'';$cont.css('position','relative').wrap('<div class="jshowoff '+unique
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\office[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 300x150, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):16557
                                                                                                                                                    Entropy (8bit):7.956386766435145
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:4/65fha80xWNegyyZioAFikUkJarKhSH/PiLwO9l2u6pb:1tU8yWNegXivF/UGITBO9h6pb
                                                                                                                                                    MD5:D8CDC6D6E056F4A1FEED452196E47D89
                                                                                                                                                    SHA1:E10CE7AB1ED5ED55BBE46EE18C2BF9DCBAEDAB32
                                                                                                                                                    SHA-256:D803225F1F2A6E5B267C8DCF448605D5F7122DD30FF37FAAAC185E044FA291C2
                                                                                                                                                    SHA-512:281DE0385296DC0C319ABF5FBE691BB346953DB1058726BFB631C4D4EFB11FADD77DCA2583BC21D177E85E3DE0028083B3CE4CE10646C4DDD2607E96F83F47D0
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/about/graphics/office.jpg
                                                                                                                                                    Preview: ......JFIF.....H.H.....C....................................................................C.........................................................................,..".................................................................................|..v.R$...|.$.I).9..#..$S......WI.n..Z} ...<..6Wp.%[.|0.S....Z.%.w.H.R$..$=.ZM\I..8....zd..l...x...Z..0o..z.<..V\...\{..H.loC.)._.4:4[..p.m%...R........%v3V.L.X.g.83A..#r.Ul.o:k.y..../x?=.$.K..e9.X.\........yZO.=.|....!7...qD..!.W.[..1.a..ua.C:M.n.j.u...7....Pd/.{.0..Kf.....3..dz.....+..S.0....m.8.w..5..W."..=..EI.1..l....O$...J.c....*.......].HX4.4t.F...t4..B....Q..-.p.k..5`....z.n.._T.}.........F...^...k..v.px....c.;"3G...&..k..]I....).([~..X..EQ.y.*..p...h.O]..............+..W.......1..o8.&....c+...0.Nt.!..5.^lS.#}m.Z..8./...M..QM..H`x...I..L!.MMd..]...%...N....$...H.V...|W .:..}.AE...)7.I..+.XH....sa.A...".T..m4..@un...=`.&8....4...no...M3.n..N.pr.....Q...."].Hs.Y.s.n..n.q..v.."v.}...q.2...{0
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\print[1].css
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):1015
                                                                                                                                                    Entropy (8bit):5.201179617626621
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:Po1/EPH0dRU5PNRxYIpm5t16DRW3BT/jmHTnhcJ1DA4hipBf+v:PoqUdS5FXg1D3B+HTGLAK4p+v
                                                                                                                                                    MD5:32C7EB2120D98C96C282E7A824E7694E
                                                                                                                                                    SHA1:7CDB846962FC7D84DEDE41B922AF71AB8E652134
                                                                                                                                                    SHA-256:9136B91FAF455180E6E18CB97C04C2B79E812DA891B83EB84E30DE87E7BC108F
                                                                                                                                                    SHA-512:7A210A3F212E7059D24174C35D4C265B5834CA820F34D51369FC194C21F3994CEC16A3D8A13978EA9D4A055E94B3104480BE3AA949128B5108B77568B2E6D7FE
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/print.css
                                                                                                                                                    Preview: @charset "utf-8";../* CSS Document */......../*Reset Style*/..body {...margin:0;...padding:0;...line-height: 1.4em;...word-spacing:1px;...letter-spacing:0.2px;...color: #000;...font-size: 12px;...font-family: Arial, Helvetica, sans-serif;...background-image: none;...background-color: #FFFFFF;...}...../*Remove Element*/....nhgovheadercontainer, .headerNavbar, .headerNavbarDS, .agencyheadercontainer, #google_translate_element, #addresscontainer, #leftsidebar, #rightsidebar, .footercontainer {...display:none;...}...../*Show Elements */....contentnarrow {...display: inline;...}.......pagecontainer {...border-right-style: none;...border-left-style: none;...}......../* Show URL */...a:link, a:visited {...background: transparent; ...color:#333; ...text-decoration:none;...}......a:link[href^="http://"]:after, a[href^="http://"]:visited:after {...content: " (" attr(href) ") "; ...font-size: 11px;...}......a[href^="http://"] {...color:#000;...}...../*Break Page*/...#comments {...page-break-befo
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\teens[1].htm
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):12135
                                                                                                                                                    Entropy (8bit):5.0121308162835
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:1AA1GR0m3BGTvVrGNI643LJ7DoWK3aS6pxVHbh4DfxvLLmyySCM5hlAea2c9Wcy0:SLR0m3mz8Y8RHNvkth62oK
                                                                                                                                                    MD5:2705710F50F1FCD80BBE013CFAF39709
                                                                                                                                                    SHA1:31A4D90A2A00B3C49F16FB0997601E47C2B53E01
                                                                                                                                                    SHA-256:7DDE0955645983167AD367FA1C4997027D8DC8743E7DD25556DFAB48C8FF680F
                                                                                                                                                    SHA-512:6A108689C5B6C5A1295BCFA241E49A0801493D57A76CFA9DF08B2D6C15C91DE97AFE0FB1F65C0EF002C54ADDC126F1529066FCDDAF85E8623BFCBA290CADC6A5
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/foryou/teens.htm
                                                                                                                                                    Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml"> InstanceBegin template="/Templates/main.dwt" codeOutsideHTMLIsLocked="false" -->..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />.. InstanceBeginEditable name="doctitle" -->..<title>Services for Teens | New Hampshire Department of Health and Human Services</title>..<meta name="Description" content="DHHS services for teens." />..<meta name="Keywords" content="teen, health, human, services, dhhs, new, hampshire, nh" />.. InstanceEndEditable --> InstanceBeginEditable name="head" -->...... InstanceEndEditable -->..<link href="../css/base.css" rel="stylesheet" type="text/css" />..<link href="../css/contribute.css" rel="stylesheet" type="text/css" />..<link href="../css/print.css" rel="stylesheet" type="text/css" media="print" />..<script type="text/javascript" src="../scripts/textsize
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\textsizer[1].js
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):5219
                                                                                                                                                    Entropy (8bit):5.046059813833912
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:8IRZqnvtiIkyEwmNeYMvAxerL5J6B82o231/BgYrCDgZrSvJLj0zE3bdCAHEsh:8IRZsv0E5mNofr6rF3Ra8CpR0Y34AHE2
                                                                                                                                                    MD5:62BC4FEA155137DB1B998918DD1E30BF
                                                                                                                                                    SHA1:D91108573500AD5AF21159209A97A4C097B43737
                                                                                                                                                    SHA-256:6C4417DE30F53EB52ED26D95EB080F7A14F9F3DA1E522901443A8EAC5B3A8F0D
                                                                                                                                                    SHA-512:1F714211545A997C483622B23D54AC2BD8AFEF12223ACBD5DF9427D860DDAD9C82A8EECC9BF4E59539F66A76C6005FD673F17EA8E006C2C1D27743387AEFE2B6
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/scripts/textsizer.js
                                                                                                                                                    Preview: /*------------------------------------------------------------...Document Text Sizer- Copyright 2003 - Taewook Kang. All rights reserved....Coded by: Taewook Kang (txkang.REMOVETHIS@hotmail.com)...Web Site: http://txkang.com...Script featured on Dynamic Drive (http://www.dynamicdrive.com)......Please retain this copyright notice in the script....License is granted to user to reuse this code on ...their own website if, and only if, ...this entire copyright notice is included...--------------------------------------------------------------*/....//Specify affected tags. Add or remove from list:..var arrTags = new Array('table','span','div','class','td','tr','a','p','h1');....//Specify spectrum of different font sizes:..var arrSizes = new Array( '8pt','10pt','12pt','14pt','16pt' );....// global cookie name..var strCookieName = new String("SIZEPREF");..../********* begin functions section *********/....// this function just calls the regular one without any fuss, did this so can customize
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\1000x100-jpg-header06[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x100, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):17925
                                                                                                                                                    Entropy (8bit):7.961742262047726
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:OnDrAMst9mJecX6TYfTLSNyB+bNU0fxhy4dZXHmHdNvh:Ovzst9uXz7uEB+bD7Lavh
                                                                                                                                                    MD5:5A2DC4F484EF0A7390493900283BF3EE
                                                                                                                                                    SHA1:051CBC0963BB50413B4D30F156B4C4356A82F924
                                                                                                                                                    SHA-256:6BBDA937684C997DDE4E58722C1E6A3EF7850689E47F774E8B36FA02E5ED10F9
                                                                                                                                                    SHA-512:E58C1CF2F2F30C11E8FC017A40B3B66E670B73B3BB88779D8A8235AC53FEC3A93679E09F949B4C522D82C34440311034EA38D116F3B9021FB803E227936EBC2D
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/1000x100-jpg-header06.jpg
                                                                                                                                                    Preview: ......Exif..II*.................Ducky.......(.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:A3E037A50DB911E4B50BCB33DADB8763" xmpMM:DocumentID="xmp.did:A3E037A60DB911E4B50BCB33DADB8763"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A3E037A30DB911E4B50BCB33DADB8763" stRef:documentID="xmp.did:A3E037A40DB911E4B50BCB33DADB8763"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.....................................................$$''$$53335;;;;;;;;;;.............................%......% #...# ((%%((22022;;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\adults[1].htm
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):12691
                                                                                                                                                    Entropy (8bit):5.051305468378174
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:1AAzGR0m3BGTvVrGNI643LJ7DoWK3aS6pxVHbh4DfxvLLmyyS4MRc/jl0Meqm7mM:S/R0m3mz8Y8RHvksqjBT3T2oK
                                                                                                                                                    MD5:85B0F79695E7ED054B29DB8302CA25D5
                                                                                                                                                    SHA1:658F62645B373DFDBEC811C65C03EC4C86251468
                                                                                                                                                    SHA-256:191244EEE601C101C32E698C4D89F0AF93254DD857A98C205EC63F68985FEEA1
                                                                                                                                                    SHA-512:EE9AC9A00284C15B5983E0E47FAB8095D6F085E24A47CAFE1F0C6DC9C6094CE80681976B4A707522254FB1FAE8B7946F4D14B7AA4EC45351AB98BE1D36F73FA3
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/foryou/adults.htm
                                                                                                                                                    Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml"> InstanceBegin template="/Templates/main.dwt" codeOutsideHTMLIsLocked="false" -->..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />.. InstanceBeginEditable name="doctitle" -->..<title>Services for Adults | New Hampshire Department of Health and Human Services</title>..<meta name="Description" content="DHHS services for adults." />..<meta name="Keywords" content="adult, health, human, services, dhhs, new, hampshire, nh" />.. InstanceEndEditable --> InstanceBeginEditable name="head" -->...... InstanceEndEditable -->..<link href="../css/base.css" rel="stylesheet" type="text/css" />..<link href="../css/contribute.css" rel="stylesheet" type="text/css" />..<link href="../css/print.css" rel="stylesheet" type="text/css" media="print" />..<script type="text/javascript" src="../scripts/texts
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\blkbk[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 10 x 1500
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):3561
                                                                                                                                                    Entropy (8bit):7.743642852097257
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:gnvfnvfvH/y5xp3IzQhiLai5/ZbX+UQ5vPChVcfB4DmL:gnnnnnWHA2o/d+U2PChWWmL
                                                                                                                                                    MD5:5DF60B7A94DFBA01BC3D5BA68D251FE8
                                                                                                                                                    SHA1:E565D5D502D3D67A21BF6F1F9E548A8B001D31EC
                                                                                                                                                    SHA-256:1EAC78A2FF61CA6D0C15A9F234AE8F7D9A3F5DB355CCC6ED6E076C8CE9DC63B1
                                                                                                                                                    SHA-512:BCC6484286FB925954768DD840600F10CC617E731889836529E3F91F18556EB14BAF074C6284AFAE6610D04520EC4367A1234BFB7F02EC844E81E118A56F33AA
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/blkbk.gif
                                                                                                                                                    Preview: GIF89a....................................................................................................... !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~...................................................................................................................................................................................................................................................................................................................................................................................................,...............H......*\....#J.H....3j..... C..I..I..R.\...0Y..I...8s.$....@.......H.*].....P.J.J..U...j....`.".K...h.M....p...V..x..........L..a...+^.....H.L....3Wv.....C.......S.^..5..c.M.v..
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\contribute[1].css
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):8648
                                                                                                                                                    Entropy (8bit):5.113242529210202
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:vR4ayh44eZhS2NlGEN2qRh8L7aaPpI+n/3z9Ge048XhFJy85tB/P/JBQvOPtS50b:vRpyhT8Si/2FLq48XlyUFgn6BFaRxUIa
                                                                                                                                                    MD5:F4AA7DC965F75669BA81E2FCADB6C90C
                                                                                                                                                    SHA1:ED92B90179E71ED3FB69524E04E4CB4F3C0BE012
                                                                                                                                                    SHA-256:D618BD7BB0D1C11CAC61D9C0B4EA612A48489373A6438E22605B084B15CFEDD1
                                                                                                                                                    SHA-512:8B3208282A6AA989C4A9023D1D4D7E079A90E671FFBF666D0A35504CE1482F59FAECAB6A0F1115A1502A24770CC3185046029B8F1F356C13D8916DC6B6F83716
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/contribute.css
                                                                                                                                                    Preview: @charset "utf-8";../* CSS Document */.....SubTitle {...font-size: 125%;...font-weight: bold;...display: block;...margin-top: 25px;..}.....Bold {...font-weight: bold;..}.....BoldCenter {...text-align: center;...font-weight:bold;..}.....grayText {...color:#777575;...font-size: 10px;...font-weight: normal;...text-align: left;...vertical-align:middle;...padding: 0px;..}.....caption {...text-align: center;...font-style: italic;...font-family: "Times New Roman", Times, serif;...font-size: 1em;...padding: 0 0 3px 3px;...margin: 0px;...}.....rfp-caption {...line-height: 1.5em;...background: #ccc;...text-align: left;...font-weight: bold;...font-style: normal;...font-size:1em;...padding: 0 0 3px 3px;...}.....Italic {...font-style: italic;..}.....BoldItalic {...font-weight: bold;...font-style: italic;..}.....indented {...padding-left: 42px;..}.....indentedBold {...padding-left: 42px;...font-weight:bold;..}.....indented2 {...padding-left: 62px;..}.....indentedBold2 {...padding-left: 62px;...font-w
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\ds[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 1 x 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):41
                                                                                                                                                    Entropy (8bit):3.4960271529727103
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:CWoflBlll1nE:ow
                                                                                                                                                    MD5:45FAFCED0B565CC5670032533B890B13
                                                                                                                                                    SHA1:91CE14BEAE79694AC4E4BAA8961E92F8BA54A2CE
                                                                                                                                                    SHA-256:7DF51310F47487A4B39B74D302FCDE64FE1AAFCA56299E3D05280965FC659C5F
                                                                                                                                                    SHA-512:C083B8EFF67F31D5D8A77E522A1E04DE0AFED525F1FEBE53DF9B8F88E46741CD05235007143D43286003F25624E7DF45E866317D0EA8874F62912D6E16E5275E
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/ds.gif
                                                                                                                                                    Preview: GIF89a.......@@@.........,...........DT.;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\emergency[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=0], baseline, precision 8, 515x250, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):45170
                                                                                                                                                    Entropy (8bit):7.975705424400901
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:2JkGcmrkzxN4vhummv4CZgIz91xUUeFSFLBHN7/VWaJj+jB3Z6+JZJ:Z0Dhnmv4Ctz5OFSLHN/VbjYp6+t
                                                                                                                                                    MD5:C60B197F794D1EB6EF8D8A73033E969D
                                                                                                                                                    SHA1:4AF6B6DAA296BC4CDC72EDB6A268EF335A5CD8CC
                                                                                                                                                    SHA-256:BFD7FE7E41D9E55BD6BF4B0D9914AC28A93260F09F6D932ED2177BA2178F8956
                                                                                                                                                    SHA-512:EB6584956A6BC9F796502A3BE0C848A02FF9D71271520A2944AB1A130167D2227B7EEFDF8ED97CC9A7C7F894F1F4A1FC3047D92C16EFD18EB7FEE6A76C809C85
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/slider/emergency.jpg
                                                                                                                                                    Preview: ......Exif..II*.................Ducky.......<.....qhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:3BF68D6069DFE7118708B7A8E415CF04" xmpMM:DocumentID="xmp.did:B72AC8C146B411EA8712CF657FF392F3" xmpMM:InstanceID="xmp.iid:B72AC8C046B411EA8712CF657FF392F3" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:e0d1c088-7095-954f-aab6-b0177551b83b" stRef:documentID="xmp.did:3BF68D6069DFE7118708B7A8E415CF04"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\flags[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 133 x 27
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):2907
                                                                                                                                                    Entropy (8bit):7.775139824223661
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:OiQfywiU9qoIZgTtchHBui2qZE2JXeAV1s4exJKzo70BAcophyU:LQgoc+cTuyE2JXeAVe1yzTBAcWyU
                                                                                                                                                    MD5:CEFACB60C7B755E1A53603D7CEAB1BB3
                                                                                                                                                    SHA1:435E52E63BEC97DCC13C2B42A25D5AE761B346A4
                                                                                                                                                    SHA-256:258CC7FC6046B5AB054B2072DE33F2911711C33F49E69651E6012BE6AE33C27C
                                                                                                                                                    SHA-512:535F4720AD534264EAF62DFB619B0EE190D978A8096D1C43CA2A7113F943CBEE25ECF79D532434DF3C9E3C88A497402D071A45419B67ADE444EDA1A0D673EBB1
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/flags.gif
                                                                                                                                                    Preview: GIF89a..........Q\..lm...St..HH....LX.........***.......:;....m/V.ir..TT.fU......qrr.....yy.ww..........i....dd....%$...PPP.......z.11.................AAA.......<C..............L.z.n..0........[[.ii....st.........GG...y.V..~......gE...o.....+......I$...................'.......l.F...Yc.h..........t.....vW....................\.1............z....d.=...]h....._.....n..O.................).....yo)5.=I.aaa.kynllvw.\...............-9.........7.m........ $.}c.$........++q.M................11x.......&.........................=Cz....#-........Pqoo...................GR.H...._...Hj.*1v7\.........k............Za.`d....a.......i..3........5D...........8......?c...........Z]....|..~.\.kU......iff...........>.....tt......v..q..}............!.......,...............H.......T...@.,.J.H.bB..3Z$(. ...?...p..(SZ..O C.,p.......@....#..9..ZTRf.C..6..?.(v.).*..8...9..@.*..c)P./.(p(....V..I.p.#.k.....RFW.....k".9.....5.&l*P.......(..X,J.uM...14b...E.......
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\flu-fighters[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=0], baseline, precision 8, 515x250, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):50879
                                                                                                                                                    Entropy (8bit):7.969332347625548
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:78I+pJaYV+EgGXseX0Dw4uG8uq6UgI4MTaFk9kO2oT3mP+t1KkBTz//cIJuWioYJ:ILaggGXpXCw4u3LEQsqmoX//PtYk9w
                                                                                                                                                    MD5:C6E205CAA1F6106D3F67425E4C6E8E70
                                                                                                                                                    SHA1:4FA3F989BE28B335B08F71A84F9B9DC13172A76E
                                                                                                                                                    SHA-256:4D07033D5B68191D651197A33C485FE6C650B1B01F8D1588F7B82BD8B12AB432
                                                                                                                                                    SHA-512:320FCADF1A76D42EA443A80B900F4050F779ED9CA69F2E3BB66C1FDB0EE872B89C8CD8B7A6E8EEE47F4EF2A5B08A6A63BDC165C4329D4B22C5DFC03552AF869A
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/slider/flu-fighters.jpg
                                                                                                                                                    Preview: ......Exif..II*.................Ducky.......<......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164360, 2020/02/13-01:07:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmpMM:OriginalDocumentID="xmp.did:06ab1a7f-dd40-3c4f-bddc-1b0ba2abf848" xmpMM:DocumentID="xmp.did:69AB87A8649A11EBAF02BFF896AA0070" xmpMM:InstanceID="xmp.iid:69AB87A7649A11EBAF02BFF896AA0070" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:03a6aa20-2557-2d42-8fb0-f01a7fa3285a" stRef:documentID="adobe:docid:photoshop:c0f84c4e-74b8-11e8-bb6e-dc81c73ad40f"/> <dc:title> <rdf:Alt> <rdf:li xml:lang="x-default">Promo</rdf:li> <
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\heart-month[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=0], baseline, precision 8, 515x250, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):38518
                                                                                                                                                    Entropy (8bit):7.9666917785850115
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:8CZFzY4kWAMvZ52+a+yUXBfYKBEOnguKIieeHSg75ncf:J3zY4kWA+pafKBEOgcix7Ra
                                                                                                                                                    MD5:138058CA58F83B75F25F09454E7BF9BA
                                                                                                                                                    SHA1:AD842387E5B44D3B08EB30A63E34D558AF87BF83
                                                                                                                                                    SHA-256:F677978867311882735247A034E6A16E237992510302412FC3F1FEC723586246
                                                                                                                                                    SHA-512:BFF4792ED6174E3CD7739300F460F66BDE930587202D11E26BFE21E8551DB7576C098210455F76A96124EBF3FA5DA65C80A7CE0D146CC061DCD523E6A356D116
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/slider/heart-month.jpg
                                                                                                                                                    Preview: ......Exif..II*.................Ducky.......<.....mhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:994155DDDDD4E5119D159C69CFEA293A" xmpMM:DocumentID="xmp.did:ADE14043014C11E8A225EFB984F909B2" xmpMM:InstanceID="xmp.iid:ADE14042014C11E8A225EFB984F909B2" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A0E157214C01E811B0E59950AED94F4C" stRef:documentID="xmp.did:994155DDDDD4E5119D159C69CFEA293A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...............................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\icon-fb-like[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 42 x 20
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):1461
                                                                                                                                                    Entropy (8bit):7.587767048114994
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:R/MmkxSj6vKf4EQtdZ2VWN3+Qj5dejWfSZgDBsWgLhNk7pavk9HzU49t9iIo/E+n:cSjfytOVi++GC9CDLhNigigIo/31
                                                                                                                                                    MD5:E8DFCB236B83526AF6EB96348B06F0C9
                                                                                                                                                    SHA1:B741A536E0D2AE5C828D55DED39E17A60D5E1FA3
                                                                                                                                                    SHA-256:614EB76A4DD29D91EA72883E702C609CE3E2AE3E12C2E5F96B2FCD32AA87860D
                                                                                                                                                    SHA-512:4A64AB2C2A3B3705CB93D80ADF95A96EA5E257166C979972320884BA1105EFF25F1CD6FA15CBAAC7D31240F2FF09A5BCA8B93F6B5527F63D7631D9BF915194F8
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/icon-fb-like.gif
                                                                                                                                                    Preview: GIF89a*.........v.....u...........................n..............................................r..r............q..h~................................................................................x......................................................................x........~.....q.....y....................................s...................................................................|.........................Uo............................................y......................|...................................k.......................................................s..............................................w...................................................................................!.......,....*........}J.....OB.X......#J..(.?..Zh....-6zl,.%..(S.,w..?,....I.J..!l..7c...@.....D.I;i.!".c8.J.Ju.~BX$..oG.g!\T.K.*..S........d...Z..Y.3.p......<i.).M#9.`.Y..}5h..`....l.4...nk.5...)".<.`......
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\icon-twitter-bird[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 21 x 20
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):604
                                                                                                                                                    Entropy (8bit):6.242982454000789
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:6:6LlShNn2Hveq2Qu79OzUV8e+gToqyj1D00UsR1HjBewOi27SPksum0frmmYxx5W1:2HUQg9x8e+g8j1ZzHtewOdsutrcxhOPN
                                                                                                                                                    MD5:E102D568E8974BB0951E4196BA687BFF
                                                                                                                                                    SHA1:4D019064F21C2322E537DE510F1649418FF573CA
                                                                                                                                                    SHA-256:67DC276FFF422D3FD9A118EC00E8375CBD3BC036BB31507CFD5DF3D4B479D4C6
                                                                                                                                                    SHA-512:5D5AEC096F090DBE608BC1381772FDBACABBC029FC95249EB359FFE91651B1A9B414CBF0395BEB2278CDADDFBB0A30EFFB6D5FB5B82E49E8FC6B85E021B1EC17
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/icon-twitter-bird.gif
                                                                                                                                                    Preview: GIF89a.....W.....................................c..........................R...................(.......p.............o..........I........&.....+...................N..L........t..(..-...........(..U.......I..e............U.....*..Z.....#......................................................................................................................................................!.....W.,............W...............;...G..@.TUT.SK..B>..1&UV.....H......E../5<...VT-N..L .."....(..U.0.VU*..C+..:..I...T...3..=...$7.T...OMT.V.,..........(.P........2B.7kT.DAd...`...bQ..'..P !.......;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\icon_pdf[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):603
                                                                                                                                                    Entropy (8bit):6.298893633281494
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:12:U6LzEJau3+MTkA0iZzRnwAjM3s9RR0KoRxW:U6SLbh9HAsaK0xW
                                                                                                                                                    MD5:47FD53FA9278B645A64B42C31F0A7068
                                                                                                                                                    SHA1:E4293C1BA08413FBCCCA5CC67733F2A972A31869
                                                                                                                                                    SHA-256:72293FE33F7F462A579E0297AB625D20AA53470ABF7A77B5E0AE5112FADA4F4C
                                                                                                                                                    SHA-512:92D277ABA7A5B8F8BCEE6285285B055C5E1CD7125651EDEBF33955665B5483E6FF4A481A312A57CDFF438D78AC8964CE8B895FF273CA7DE281652B5AD645D244
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/icon_pdf.gif
                                                                                                                                                    Preview: GIF89a.....U.....................................................^S........e].........8-....le.nf.|v.z............t....UL.i`................vi....UO.......h].UP.......um..j`.....qm.x...............B=...............PF.yr.}w...s.vl................................................................................................................................................!.....U.,............UU0SR.......SPQT..P+..RQ.=8..."T,@.URT.N(....T..)....-!...*.TR.TQ$6QP.A....T2O....1.TB.9......7. '.T.....E&5%..J.K.P.L.M>G?C..t..5..$..D.0....2` b......A..GI..,...)..,@.R......;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\index[1].htm
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):25487
                                                                                                                                                    Entropy (8bit):5.083554954745144
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:SGunySC4SJLM/Ex1v2xiJgDc0hAtgn5uB+ec2zgrjeAhiN:SGuFyLMMx1ux/Zh6gn5uB+deAhe
                                                                                                                                                    MD5:5E7BD12E328C4AE593734E1AE2AB3317
                                                                                                                                                    SHA1:5E1CF57202212E5A99323A7728FD8D2B5489C244
                                                                                                                                                    SHA-256:D0E97980D5E7C8609F31EDD59D321A0F9A22E44464929387251959EAEFF56069
                                                                                                                                                    SHA-512:962C34614EBC31A9680FAB8DF4CCFF71B9C5B57E9D012B84CA7FBFA1BE466958B2DD3083CD6171DE1D45886269DD07AD9B52FC3B326565BB99738F32CD074CC8
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/index.htm
                                                                                                                                                    Preview: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml"> InstanceBegin template="/Templates/home.dwt" codeOutsideHTMLIsLocked="false" -->..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />.. InstanceBeginEditable name="doctitle" -->..<title>New Hampshire Department of Health and Human Services</title>..<meta name="Description" content="Welcome to the New Hampshire Department of Health and Human Services" />..<meta name="Keywords" content="health, human, services, dhhs, new, hampshire, nh, nh medicaid, tanf, child care, substance abuse, wic, child support" />.. InstanceEndEditable --> InstanceBeginEditable name="head" -->.. InstanceEndEditable -->..<link href="css/base.css" rel="stylesheet" type="text/css" />..<link href="css/contribute.css" rel="stylesheet" type="text/css" />..<link href="css/print.css" rel="stylesheet" type="text/css" m
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\main[1].js
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:ASCII text, with very long lines
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):4053
                                                                                                                                                    Entropy (8bit):5.401733199652954
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:RBJabc3cCahrQN0JxlehAJdQceRExLASPjfm6u2M8tmV+:R2bC7apiaxleh0dQJ1SLfm6u2Rm4
                                                                                                                                                    MD5:8399EAE5D919815405DAECDA2A1C379E
                                                                                                                                                    SHA1:AC81F99AC35067FDAE2A27EAE6DDD46DB00ECB95
                                                                                                                                                    SHA-256:D42383B5324502731C01F9F7A3E006A19287ABD6035519E3DA33F9861FEF1C24
                                                                                                                                                    SHA-512:C4187970DF792A8290A5F4EB32BDB2AB033C2984304B531AE7CA326F115C4E158B1F74F22252A223A1DD54489329A6A8817277E2B7B7144B04540B70D1944C75
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://translate.googleapis.com/translate_static/js/element/main.js
                                                                                                                                                    Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var c="Translate",e=this||self;function f(a,m){a=a.split(".");var b=e;a[0]in b||"undefined"==typeof b.execScript||b.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length||void 0===m?b[d]&&b[d]!==Object.prototype[d]?b=b[d]:b=b[d]={}:b[d]=m}var g=/^[\w+/_-]+[=]{0,2}$/,h=null;function k(a){return(a=a.querySelector&&a.querySelector("script[nonce]"))&&(a=a.nonce||a.getAttribute("nonce"))&&g.test(a)?a:""}function l(a){return a};var n={0:c,1:"Cancel",2:"Close",3:function(a){return"Google has automatically translated this page to: "+a},4:function(a){return"Translated to: "+a},5:"Error: The server could not complete your request. Try again later.",6:"Learn more",7:function(a){return"Powered by "+a},8:c,9:"Translation in progress",10:function(a){return"Translate this page to: "+(a+" using Google Translate?")},11:function(a){return"View this page in: "+a},12:"Show original",13:"The conten
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\mediumA[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 16 x 13
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):299
                                                                                                                                                    Entropy (8bit):5.303426088371302
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:6:6liaaRbZtZNf2jOWxlrt+F5d/bsF2Wt0n/n:6vaRbZf8OWPcxQF2//n
                                                                                                                                                    MD5:5A98EE12BAD5586737424F8F3F58EDB6
                                                                                                                                                    SHA1:1CC67DA5C621209969D0EE01EDAEDBC505187B0D
                                                                                                                                                    SHA-256:43707815C4248E0946B2DB9117290955CB5EB684F8C8D3D45EA467C88EECB197
                                                                                                                                                    SHA-512:2D43F687EB11C6DAA47E465CB746641C05EDAE9292E146A283F313016C71C9D19A5876F5546797D4DBB5BF092A50193CE7F3DC9ADD70DB6AC2AD386A94D4C09A
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/mediumA.gif
                                                                                                                                                    Preview: GIF89a.....%.fff...DDD.........;;;............iiiIII.....................eeeYYY......sss......................===...555SSS.................................................................................!.....%.,..........H..pH,...! H....Sh ...RB. 0..G...*"%..I!TJ...B..1.f..(:H...C. H!"#C$"DA.;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\smallA[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 16 x 13
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):185
                                                                                                                                                    Entropy (8bit):6.185375227859527
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:CxatOa/FA2P/OOlllMJRfyazQy38lDKKNkaaaRrExZd/7S17/Johi13sdvaDw3rR:ZtOW/OKQRfyyYDK18pExZde17Bohi9s9
                                                                                                                                                    MD5:6F8CB4A1EFB4DF5320B6E70E53577E59
                                                                                                                                                    SHA1:22845864135E6938A5DD1B7CE5C7AA44624F1318
                                                                                                                                                    SHA-256:0C45128E99EE08762E4CBB4333C5FFB0C95149B8C3BCCED7A84FB37423CE8C33
                                                                                                                                                    SHA-512:BAADE3D47511B8FC9BFE0EAB9C60AAF9104749544B7A24C7A8BE076B1F3F4DD4C2CDAF9902E8C096907CED9B7FDA11CABF6951A45BB758947DFD429498A94BE7
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/smallA.gif
                                                                                                                                                    Preview: GIF89a.......999....................vvv...SSS......ccclll...............UUU............BBBWWW......<<<???...!.......,..........6.'.di.h..$...7.A\...&......XA".I...T,..&..hD.N.#.y....;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\urlblockindex[1].bin
                                                                                                                                                    Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):16
                                                                                                                                                    Entropy (8bit):1.6216407621868583
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:PF/l:
                                                                                                                                                    MD5:FA518E3DFAE8CA3A0E495460FD60C791
                                                                                                                                                    SHA1:E4F30E49120657D37267C0162FD4A08934800C69
                                                                                                                                                    SHA-256:775853600060162C4B4E5F883F9FD5A278E61C471B3EE1826396B6D129499AA7
                                                                                                                                                    SHA-512:D21667F3FB081D39B579178E74E9BB1B6E9A97F2659029C165729A58F1787DC0ADADD980CD026C7A601D416665A81AC13A69E49A6A2FE2FDD0967938AA645C07
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://r20swj13mr.microsoft.com/ieblocklist/v1/urlblockindex.bin
                                                                                                                                                    Preview: .p.J2...........
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\1095b[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=0], baseline, precision 8, 515x250, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):38861
                                                                                                                                                    Entropy (8bit):7.965890707861492
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:0E0ydRJvF/yLfSRIrdGXij8NNLSwfNM5YFv1eMa:Xja2pSjGZHfG29a
                                                                                                                                                    MD5:0EE5FD39F46045C84BB6EBECBF8035D6
                                                                                                                                                    SHA1:8BC1DEF29E22D9F2480272E0948644564F6480F9
                                                                                                                                                    SHA-256:79B552F5C7B43E7184AE479DE4E41DFDF311D326400FAC2AA60A895C02C0E3E9
                                                                                                                                                    SHA-512:9E431D5D89D3B7966838A0F9BE231400B0DA798B7600C83D09C9923607C029B00C04F51523BCAD5BDD304A048409B8E473C4A3AE51B0671968E933CC1A0AA0EA
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/slider/1095b.jpg
                                                                                                                                                    Preview: ......Exif..II*.................Ducky.......<......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164360, 2020/02/13-01:07:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:64228f6a-a50e-46b2-b829-8abc1f531c88" xmpMM:DocumentID="xmp.did:8BB39165601311EB89E3DE696AE0C59F" xmpMM:InstanceID="xmp.iid:8BB39164601311EB89E3DE696AE0C59F" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6558f1de-c874-3144-b2b8-91ae52843863" stRef:documentID="adobe:docid:photoshop:db8248d2-086c-6a48-94d3-0a1aa0928de9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.....................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\arrow_gold0[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 11 x 11
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):48
                                                                                                                                                    Entropy (8bit):4.381328385912461
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:Ct/00lIh3uJT+H:Ac0ydUTm
                                                                                                                                                    MD5:D7A4D95354A5FFDF666AFFE4F7516A0E
                                                                                                                                                    SHA1:E65484EB06115E888D29C35C3864981BE8EC9D42
                                                                                                                                                    SHA-256:3F4D9CC02EB84C4BC1BF181F3452386B2FFC1D64E62FDA21E03F3B6D94CF0866
                                                                                                                                                    SHA-512:EEE1B4350B08CAB3FEF1ADD3DB67F90F527F289BF64C3EA8D22804A297EA2A830A8426F17348B123E39EA9D6F44E055DC0D334816311BD9D4B0BD41447F52FE7
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/graphics/arrow_gold0.gif
                                                                                                                                                    Preview: GIF89a...........",.................t`2......;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\base[1].css
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):23278
                                                                                                                                                    Entropy (8bit):5.176641778480364
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:UfbUInNntQDokhteIDViTVckNj+3MZh5+l33q7mSB/mm6U23gqK4Gg4R3Va1LhgM:1InNntQfhEIDUTmkNj+3MZh5+5q7mSBW
                                                                                                                                                    MD5:13E2FB1DBE808B94F25CFD15AEE41B5C
                                                                                                                                                    SHA1:E45D3AC77A426E9D1109B2646733F7CC42FCA786
                                                                                                                                                    SHA-256:84DB1D2BE46F6A48520BFC629BF41A4CD1142AD91387836B4764E328F1922233
                                                                                                                                                    SHA-512:DB13392584C1090A7EEEC8B65ADC02836ADAF1AA85A6E02B4B4982E756644541A81C936F4CC68E64C8E1F7F9107280B953DF0D7246959A45BC383A25BAE90732
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/css/base.css
                                                                                                                                                    Preview: @charset "utf-8";../* CSS Document */....body {...margin: 0; /* zero the margin and padding of the body element to account for differing browser defaults */...padding: 0; /* do not change this */...text-align: center; /* centers the container in IE 5* browsers. The text is then set to the left aligned default in the #container selector */...color: #000000;...font-family: Verdana, Arial, Helvetica, sans-serif;...font-size: 70%;...background-color: #CCCCCC;...background-image: url(graphics/blkbk.gif);...background-repeat: repeat-x;...background-position: left top;..}....h1 {...color: #6699CC;...font-weight: normal;...font-size: 175%;...margin-top: 1px;...margin-bottom: 5px;...line-height: 1em;..}....h2 {...color: #6699CC;...letter-spacing: 0.1em;...font-weight: normal;...font-size: 150%;..}....h3 {...color: #000000;...font-size: 150%;...font-weight: normal;...font-family: Tahoma, Verdana, Arial, sans-serif;..}....h4 {...font-size: 125%;...font-family: Tahoma, Verdana, Arial, sans-serif;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\coronavirus[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=0], baseline, precision 8, 525x295, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):54750
                                                                                                                                                    Entropy (8bit):7.970078713308231
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:dnY8WF3kuJcWl0OdwWFu9cWU6C+YQFgLVKwZLPpnyw60Ma5qbTRNliAQV2OXVB:/WleYwiu351F2JRnywTMbAPJf
                                                                                                                                                    MD5:956167D6912A4B6EFC08FE7C6A8C1EDB
                                                                                                                                                    SHA1:1B2D9ABD46E8F6CFC2F40D236592149A63AF6439
                                                                                                                                                    SHA-256:AFD9A3BD4278B33407F7064C304320416ADF34F1C4CF0FE8198CCCDFD4803001
                                                                                                                                                    SHA-512:8898335B7A458594C8521EE1BC591C61E4D58624513F8C171901568913AB4D3F45405F02CF65413C332F13843F085CDBECDB870587728BEBF561DD68F8ACE8F3
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/slider/coronavirus.jpg
                                                                                                                                                    Preview: ......Exif..II*.................Ducky.......<.....|http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164360, 2020/02/13-01:07:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="27E344336F4118BD4DD0D1DA5195F882" xmpMM:DocumentID="xmp.did:4762E0641D1111EBA05BB25D5D4E51D8" xmpMM:InstanceID="xmp.iid:4762E0631D1111EBA05BB25D5D4E51D8" xmp:CreatorTool="Adobe Photoshop 2020 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9dbb5d76-670c-014a-b1c7-009a273515a6" stRef:documentID="adobe:docid:photoshop:cff643a1-c15d-9f45-bd4f-e8d01e934abd"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\december-hours[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=0], baseline, precision 8, 515x250, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):35871
                                                                                                                                                    Entropy (8bit):7.9589827305889225
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:0GKo2aQAaXODyURhlL9Cz1xp/ZlAVLAo1GP54XOdh/Fo:LNTnRhK7/ZlAVEeMdo
                                                                                                                                                    MD5:ECFB185FF12D8F7DE124CF7E8BF0D634
                                                                                                                                                    SHA1:8B2B7B850D1DAFAE39EDF206B31ABB0521A3917C
                                                                                                                                                    SHA-256:BDAFEB1081CA5605A9A4CA075B8D2265D1240EBDE0C68975456C9A99DE9955B9
                                                                                                                                                    SHA-512:248DEBFCE25100EED319ACEAC5965B2F15223C081043D3014F81176092D1E74334597E661499DE17AF8C1EA658825C6ED94366314C08C6762DEAA1920A13B217
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/slider/december-hours.jpg
                                                                                                                                                    Preview: ......Exif..II*.................Ducky.......<......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164360, 2020/02/13-01:07:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:64228f6a-a50e-46b2-b829-8abc1f531c88" xmpMM:DocumentID="xmp.did:1D4389D2494211EB8037D991BE1E167C" xmpMM:InstanceID="xmp.iid:1D4389D1494211EB8037D991BE1E167C" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3577775b-b57d-b348-935d-a236a2fc5864" stRef:documentID="adobe:docid:photoshop:904d25cf-8cf2-ca4f-b9ee-5d5bf23fc086"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.....................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\element_main[1].js
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):249009
                                                                                                                                                    Entropy (8bit):5.477400514029805
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3072:uXpL1f/XaqZ4pmoNGUkaUeH/ktyU2cfRwv+9g5LydY4SeJ/5Hn:u5n/KUef8yU2cfSvCQydBJ/5H
                                                                                                                                                    MD5:92DFFCE3439552F9ACEC893F2868D717
                                                                                                                                                    SHA1:5C9896BAC2ECE31D9AC9EB06F987868305BBC294
                                                                                                                                                    SHA-256:86207A548361E9FCDC830F7CCA9540C7C93FF4132DDE2A72FB38D23151BD46A4
                                                                                                                                                    SHA-512:ED64C2CEC4BB25119747F97370E9ACF905647820F64C80F590C52694975BAD507D1085D4460E53EE26514AA32B24B8CC187A13BD9897BC23034A34D69150ABA6
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://translate.googleapis.com/element/TE_20201130_00/e/js/element/element_main.js
                                                                                                                                                    Preview: (function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa='" style="background-image:url(',ba="-disabled",ca="-document.getElementById('",da="/translate_a/t",ea="/translate_suggestion?client=",fa='</button></div></div></td></tr><tr id="',ha='</span></td><td class="goog-te-banner-margin"></td><td nowrap><div class="goog-te-button"><div><button id="',ia='<head><meta http-equiv="Content-Type" content="text/html; charset=UTF8"><link rel="stylesheet" type="text/css" href="',ja="Component already rendered",g="DIV",ka="Edge",la="Google Website Translator",.ma="IFRAME",na="INPUT",oa="INTERNAL_SERVER_ERROR",pa="Opera",qa="POST",ra="SPAN",sa="TEXTAREA",ta="Unable to set parent component",ua="[goog.net.IframeIo] Unable to send, already active.",va="about:invalid#zClosurez",wa="about:invalid#zSoyz",xa="absolute",ya="action",za="activedescendant",Aa="activity-form-container",Ba="alt-edited",Ca="array",Da="auto",Ea="backgroundImage",Fa="backgroundPosition
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\favicon[1].ico
                                                                                                                                                    Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:PNG image data, 16 x 16, 4-bit colormap, non-interlaced
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):237
                                                                                                                                                    Entropy (8bit):6.1480026084285395
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:6:6v/lhPIF6R/C+u1fXNg1XQ3yslRtNO+cKvAElRApGCp:6v/7b/C1fm1ZslRTvAElR47
                                                                                                                                                    MD5:9FB559A691078558E77D6848202F6541
                                                                                                                                                    SHA1:EA13848D33C2C7F4F4BAA39348AEB1DBFAD3DF31
                                                                                                                                                    SHA-256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914
                                                                                                                                                    SHA-512:0E08938568CD123BE8A20B87D9A3AAF5CB05249DE7F8286FF99D3FA35FC7AF7A9D9797DD6EFB6D1E722147DCFB74437DE520395234D0009D452FB96A8ECE236B
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:http://www.bing.com/favicon.ico
                                                                                                                                                    Preview: .PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d...-PLTE......(..5..X..h...........................J4.I...IIDAT.[c`..&.(.....F....cX.(@.j.+@..K.(..2L....1.{.....c`]L9.&2.l...I..E.......IEND.B`.
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\fostercare[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=0], baseline, precision 8, 515x250, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):42156
                                                                                                                                                    Entropy (8bit):7.979736476744958
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:0xrv7jn9kM+2bzi5DXC9HuWyrevaEDqUYw3mZqFi6V16hFn7mLkaQmAa:k9kMZaebKeitUYw3m1v7mLkTmAa
                                                                                                                                                    MD5:6FE5C99F3AD40EBE00993B05EC5D7F32
                                                                                                                                                    SHA1:E860C4ABE558DE616D9397EE7CFE998350E8E3D8
                                                                                                                                                    SHA-256:96D49E04118C68C4A484AF79321C1A5A2971BB7CF9D999087907D482DED392AC
                                                                                                                                                    SHA-512:3FB3441153120265D3B318560470A1DB68FC8A88D99F4743C652494FD115EF925BB8246C632F1BB978BC3720152002094B8390A54F323AE55C2FF964E227972C
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/slider/fostercare.jpg
                                                                                                                                                    Preview: ......Exif..II*.................Ducky.......<......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164360, 2020/02/13-01:07:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:64228f6a-a50e-46b2-b829-8abc1f531c88" xmpMM:DocumentID="xmp.did:A8E878BF1E0111EB80CE8DB8E0E14A81" xmpMM:InstanceID="xmp.iid:A8E878BE1E0111EB80CE8DB8E0E14A81" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:47456615-15d3-3e4a-9ff2-3fe1b03c56fc" stRef:documentID="adobe:docid:photoshop:cecd2e07-56f2-da40-acd0-42bfbfb743b7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.....................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\gcd-seal[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 180x64, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):4342
                                                                                                                                                    Entropy (8bit):7.896707732925293
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:dXLzANaWDn78v5e76bppPbea/wjGn36TBY9P3rBU:tLsNdn7K5i6bTfB3QBe3rBU
                                                                                                                                                    MD5:07C2F782572AD5329109465D24EBD913
                                                                                                                                                    SHA1:225F2226243AFFAF4BD532E5F648B2EFB7FA5ACF
                                                                                                                                                    SHA-256:395DD501874DA9003C8A81010C9F8ABF42EAA7E4BE9BFB2012292777B6C088DD
                                                                                                                                                    SHA-512:E29FD2215EDA48B98A8E9B6E8C4A775C2C21B17C056A078AB03B1C5F17B3C742DD91CDABFE06E314A5E0B2C181F5D883F9393BA25CC2C59E6C27BA99ED95E88E
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/dcbcs/bds/graphics/gcd-seal.jpg
                                                                                                                                                    Preview: ......JFIF.....H.H.....C.......................................................""""""""""...C................ ! !!! !!!!!!!!"""""""""""""""......@..............................................O............................!1."A.27QRaqt..#35Br......$4Usu.....Vb.......6CT................................(........................1A...!Q2BRa.".............?..m.o.'.Sa..}bkj..5.[i.M..RUT^......2................=.9..-7...y.....=...].T........Se..D$.u..Rv....}.T....fZ.........*..x.J...GM......o....+v\....`5.vs..jo..............<d.3..#..f...b.I.g..Kmj.)jD.DT..X.r.M...s..NQi..U...V...=.9..57...y..=6s...i..e..x.fJ..Ij&k..3Z.f.=.#~..DpS..tU3.1..Jg.VQ...q.n.v.v.x/W.bx...tbg.['J*2.....kX...o...T|I~^..............\m@I{.V..k..W.w.'d.......{;v!J..:.2...t.E...pUN)..<8<....q(..._.....g......A..X....QJ#.&D.rpT{/.|X...f%:.Y...lx@...O.;..tZ..+.Xf.Z#3a.I..H.p...]%t.`...f..g..........v.B.T..X..0..7...$[.K..'.&.'C........|...%Z...@`..}./.'.=..f...\.LUP._...|..y
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\icon-html5[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 14 x 16
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):1049
                                                                                                                                                    Entropy (8bit):6.541958901655976
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:X8dIcGQ8m5JNsX3kwqfh6fTGVRTuCX7TE:sdIc18EJWvqfsxSw
                                                                                                                                                    MD5:55CD44DE3D9F59E354724A9B8F596480
                                                                                                                                                    SHA1:E7475B120C2BFA0C2FCA178A529CCAE8CA59C79A
                                                                                                                                                    SHA-256:ED67A9A6C7C62F034582E52E78B5D49CD905C7F74826515EB57EF8DE44FE0E9E
                                                                                                                                                    SHA-512:03691100D2C1A6391EC1E5709C0BAF19616A34E48DD2F0168B321F5E0BCAD25B6E206DDC3812936FCD2E4CBAEF85A402BD2431BF1969B15A9584C7A5D30FA723
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/icon-html5.gif
                                                                                                                                                    Preview: GIF89a........K#..........J".N..C..M&.E..............B..Q+.L%....r.A..C..B......b'....T..U-.}`.}b.lL.y.=.....N!.L#.W...........>.....O(.A.................g*....f&.M..M..T%....v....H"....y\.S&.......I!.tV.[.....h).]..Z5....{`.^........oO.....6............R".....e....t=.P........Y........M..R..A..N..@.....L.....B...I"....n4.^$...........K"....b%....T.f....F...^....B.....Z..y.......iG._ ..p.~.V1..l..y....s.d%.e%.vZ....M..\6.P+.a=...........qR....pP.l4.y[...........S"...d&.........~._.G.....W..[8.......eB..wZ........................................................................................................................................................................................................................................!.......,........@...I...h......X....:....6..pH...MY^.X....L.....@. R..Q#c."[..<.@ ..9....R...%.hE.s(..9....b...UBRa.C...2.l......V.x<:....[l..h.@.......r*Q...:.pQ....1........NP...H.......f.(N...5f.%Y....Q....0
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\jquery-1.2.6.min[1].js
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):55805
                                                                                                                                                    Entropy (8bit):5.229448793359489
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:0csXS2yYCzATBLK88E1o2z33c8yrtz0GBU3+ySk+f1:0cs1ySToR2T3Fyrt0GBG+Nk+t
                                                                                                                                                    MD5:3D5C23458FF980BD76BEE32E76FAAC86
                                                                                                                                                    SHA1:FE16C08BCEF433F057A253330C3548F46F2DFECF
                                                                                                                                                    SHA-256:FF8FE30E152C0EDDAABEB0738FD227DABB8BF538773A7D5E58875C49B53A4A25
                                                                                                                                                    SHA-512:872FCF4EC4BC114CFCECB16DF3352DA7E9D28B0249A7950183DE8CD90D99BDC4103B126976E22CC3D711019058AEC4282D12A4E3489F2111C68CF0F79637EEC0
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/js/jquery-1.2.6.min.js
                                                                                                                                                    Preview: /*.. * jQuery 1.2.6 - New Wave Javascript.. *.. * Copyright (c) 2008 John Resig (jquery.com).. * Dual licensed under the MIT (MIT-LICENSE.txt).. * and GPL (GPL-LICENSE.txt) licenses... *.. * $Date: 2008-05-24 14:22:17 -0400 (Sat, 24 May 2008) $.. * $Rev: 5685 $.. */..(function(){var _jQuery=window.jQuery,_$=window.$;var jQuery=window.jQuery=window.$=function(selector,context){return new jQuery.fn.init(selector,context);};var quickExpr=/^[^<]*(<(.|\s)+>)[^>]*$|^#(\w+)$/,isSimple=/^.[^:#\[\.]*$/,undefined;jQuery.fn=jQuery.prototype={init:function(selector,context){selector=selector||document;if(selector.nodeType){this[0]=selector;this.length=1;return this;}if(typeof selector=="string"){var match=quickExpr.exec(selector);if(match&&(match[1]||!context)){if(match[1])selector=jQuery.clean([match[1]],context);else{var elem=document.getElementById(match[3]);if(elem){if(elem.id!=match[3])return jQuery().find(selector);return jQuery(elem);}selector=[];}}else..return jQuery(context).find(selector
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mcm-logo[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 150x79, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):17436
                                                                                                                                                    Entropy (8bit):7.969509409078188
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:EqoYu66PdIkt3rziZM3jzl9sQ3YRYsAfSjebHrm2eG0bUNs/WxZfzCIC:9UPdIcrzyM3jzPICfSCi20oGexlzCP
                                                                                                                                                    MD5:E561CBE87F6A44380263CA3ABB7C1E2C
                                                                                                                                                    SHA1:DDD632CDD5F527DDE481A3FED8A2888E08D59045
                                                                                                                                                    SHA-256:AFB1AB303CA752AEF90361ABF3F0357B6A84E7B99FD6A8540314A8B737BB9285
                                                                                                                                                    SHA-512:AA4A0E08183659214E004A633FB88145F4ABF672A758F5C50107E368DB077D545FB1AEA91061D47075EF0E31A112DA0B8A9AA9FB1B3E5C90F29001753DA2643C
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/mcm-logo.jpg
                                                                                                                                                    Preview: ......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................O.....................................................................................................!.1.AQa"..2B#.wq..r..4t.78.b3..(........................!...1.AQ.aq".2B..5...R.#.t..br.3s..$%...C6.c..d.u.7............?...Y..:.f9.c1...u..s..c.f3......9....|:.R....Z|"......N....._R..i....f.p."..."`V....w..L.. .U.i..'#C...AT...k.|.j.8.{...y..3B.:.......Uj.1E8.7.as..#e9.6.I..jjB..T$eRh.>y...5W..6.f..H....-W..+.1.>..[.S..L.t....e......v..JH.....6+..9R.m..)v.;{..m.(H..B&..V.$.......B..9...5.-.\\].ZI.q....H...2.s..~...U2T..K.#.o...MS...z....xm.3.-=.)a)N......b.."PT.A\.Sa...$..m..8"..Q...*...Z..r`r...8..KdY.&..N....kJf.O..w.E.[.0...X.}.Z.b..e.$..oO...S...SI*.[\..*.y...*m..,.p'+...~..m.g.Ywk..m#Q Ed.u...*u.......k..E%.r.....L.[._....V......y.r.......]2.l....5<....x
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\mental-health[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=0], baseline, precision 8, 515x250, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):33303
                                                                                                                                                    Entropy (8bit):7.974316717561031
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:0Oqj4xMlnGpUqpxt29uVPD/4M7DWXM5Vz2fWQhVhz:a4elnGLtCy/3OXeqvz
                                                                                                                                                    MD5:96D4920CFCAF9ABFDCAA8522656A3137
                                                                                                                                                    SHA1:7B2B2F6ED65D0F633DE370711A2F762D18D9AE59
                                                                                                                                                    SHA-256:18F1A2D6CB258D5F92E9EC463EC03D785EBDAC35A24A63B213FAB634871D7570
                                                                                                                                                    SHA-512:E4A4DFB75D01B676383026B81A826C90CAE51AAF64257FC12093A806FAB2D96531A4126537F35B13503B349C312BFCC4B7A9164D99260972343C5FAD0C24E016
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/slider/mental-health.jpg
                                                                                                                                                    Preview: ......Exif..II*.................Ducky.......<......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164360, 2020/02/13-01:07:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:64228f6a-a50e-46b2-b829-8abc1f531c88" xmpMM:DocumentID="xmp.did:5636845C1E1011EB8809AFE341815D76" xmpMM:InstanceID="xmp.iid:5636845B1E1011EB8809AFE341815D76" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:aa4471f1-b7a0-ed43-97bc-895485e21ba5" stRef:documentID="adobe:docid:photoshop:db8248d2-086c-6a48-94d3-0a1aa0928de9"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.....................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nh-carepath-logo[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 150x120, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):6776
                                                                                                                                                    Entropy (8bit):7.898236158393633
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:fEHKyVthL/7zY31KiN1+/SDE8uLYe60p2sm8eMWwpxPqBOw9JadyE7WWVd6:fwKWjz41K+E8uLY90gshxPqqdRpVd6
                                                                                                                                                    MD5:B0C94593EF1C63C0CEAA714BE26132A6
                                                                                                                                                    SHA1:95B1CC7C6E2BE75109866570C9BD0431567A1720
                                                                                                                                                    SHA-256:0B25A99E9C77709FF905B89C867095AE8E2572FE981F1C15D6C402D9F01F8A29
                                                                                                                                                    SHA-512:CB28616424C93E976D2C861A7D08C2FF79429B0CFEFD362EDD11EC32984AE54D3C9E79583D3BF857FF2735B494615D7CDEC066B13842BDC659D98155C386D873
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/nh-carepath-logo.jpg
                                                                                                                                                    Preview: ......JFIF.............C..............................................!........."$".$.......C.......................................................................x...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....(...(...(...(...(...t.......j.S..^.T{...\[.f.A.9.......]x..}...~*....qy..Z.F.S.l0. ..q^.^.F.%R7V_.KO3...iN.h...&...m..+.#...H.P..r.H. ...6.u...*..o.L.......cb.d.......>..z...Cs.......n....v..$z|.....Nc........Tp....r.?+.4L..(...%...3[M....h]O._H.T:J.......6q..=..W......w.!...]..^..1.A,.0#.yl.;............N4....'...O..sP.\W...,.=A...-..^..........n.}%
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\nheasy-sm[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=0], baseline, precision 8, 150x57, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):5072
                                                                                                                                                    Entropy (8bit):7.8154030612201995
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:l236UtdSb7k5nQMataaEtDfpYB/+TAj+ZrNmDIWgNS:yxA/qQ/twrqBmTA6ZrEss
                                                                                                                                                    MD5:62503F5C9E724CE0B0FD8DAE92EEDE35
                                                                                                                                                    SHA1:05C0EC56843E278D8D58907922D5BBC08DE8F7B7
                                                                                                                                                    SHA-256:3945CF14451E5306AD82AE641F105BD4EBDEBBD65F1CB0FD6F865D1F39BE7571
                                                                                                                                                    SHA-512:C0E5EADE4CCCF69415D2AB1D0CCDEF85982F41B7C4F2D58F254F87F9C2AF187C6321C8040C40C0707E4C2068B332AA2166FA21A31253BC83E88368CB8CCC23AF
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/nheasy-sm.jpg
                                                                                                                                                    Preview: ......Exif..II*.................Ducky.......<.....)http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM:InstanceID="xmp.iid:FE9DC7AFFA6311E59447A65323C12060" xmpMM:DocumentID="xmp.did:FE9DC7B0FA6311E59447A65323C12060"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FE9DC7ADFA6311E59447A65323C12060" stRef:documentID="xmp.did:FE9DC7AEFA6311E59447A65323C12060"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\school-safety[1].png
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:PNG image data, 150 x 49, 8-bit/color RGBA, non-interlaced
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):10253
                                                                                                                                                    Entropy (8bit):7.972468978592324
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:eMFTvtFRw3WygedNX9P9+5z51HN4diI0c7aQWIAhCRdBnthIsTb4BVsECF7:1FLtPYWwHW9HmtaQnAhavzIsb44Ei
                                                                                                                                                    MD5:4E5DEEFA8F279F99BB93C9EBECFC7B11
                                                                                                                                                    SHA1:C335E28675D5623D124DB3C6874E09DFCA2E4C0F
                                                                                                                                                    SHA-256:51A3393B9B1D0D215CBE3AECC4B772679AFF02C9581B07DF09035B1D0AA2C651
                                                                                                                                                    SHA-512:627CE68930400103E8D3DFBB0FF91F504609442192732D431AB98DF9815B478D8EDB2C2F313F89F8009FC5915F8B4F279DA25D1AA3B43B9907C8263A8C200DA5
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/school-safety.png
                                                                                                                                                    Preview: .PNG........IHDR.......1.....8.P... .IDATx...t.....[..M6.C.$!!...z...W..\E...6@.."\EE..A.l.{EE....B.5$..4.7.lv.;3.......?gI.y.>...f..B..C...Sy...Z....../.$.....@dpH.4....@V&....Oww.z7lv;.CVZ....~...+(.... ..!.G.%.....'......P..Z..q.n^].1#z.....4....&...3}.G.....).0.L..EX..<4.5^.?......f.s..|.....j !2........3.Gi...<G.W+.{...h...D%1y.<.>.,I#.....q..c... ..2..:...w.u{...,.6:%4.K#QT^.I..........<..>..q1.]....s2/...D..r.l.....e+......l........_..FL`.-"".o.g...EK.....P:'.......OO.<...R.$.V...H;|.C9g..5....8x.....kF\hXm.2......9!.~.i'r..s.3...P{";.....Mq..F.k.[XZ...........'.ss.P^V..l.@AE9..cp......M{....G..I....i.^.||..\..9..l=....@.&.@..8.q.Oo/.B`.....DbLlm..Y..9u.....T..x....,^....:.Mu...C...CG.[.....=i...;M......1#..{.[n.C...ae%..M.h.-....~.V.}..........}+ArsAT.@.H..[.......;{.zn1...V.V...,Hi-..:Rg.}.yP`D<........o..../.7......q.b....M_. .K...:......(..V.....K.."N.6....E........E.. .R........D..J...c. "H...)...;.;...F..
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\trans[1].gif
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):43
                                                                                                                                                    Entropy (8bit):3.292508224289396
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:CUkw0Bl/Hh/:G/
                                                                                                                                                    MD5:BF7D3E1972B3FE5BFE8C119FEE05E89D
                                                                                                                                                    SHA1:081AF0BCFECBA29D5C4AC9025A3AEBADF79032A5
                                                                                                                                                    SHA-256:5B4B97B224D9827C01D7A887A722F4C2A680195C4A66108559BAA0C65220DF90
                                                                                                                                                    SHA-512:69B7926725CC19180618609A92BD27CEEC465BAF3DCE01CB6AA05C6A0EBB057DCA62AD2E5DC57FCE75F5B8B2C3B67E456EC880D6DE2B3F3C2581DB78FD6E8D7F
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/trans.gif
                                                                                                                                                    Preview: GIF89a.............!.......,...........D..;
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vape[1].jpg
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:[TIFF image data, little-endian, direntries=0], baseline, precision 8, 515x250, frames 3
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):44153
                                                                                                                                                    Entropy (8bit):7.96830520540272
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:768:2GYdZ9YOhSRJYGw8kLwAQa2+oljqrenGSDYA8P5xzg8MsizwPGJ0C0t:JYXhciLRQa2+dCntCZMF07
                                                                                                                                                    MD5:BBCCABB443E88E5AFA596CDF3FC323AB
                                                                                                                                                    SHA1:D8CFB0DD1C1E2691C6011D6316EE9B51104A799E
                                                                                                                                                    SHA-256:36E3C7459F9614AE918519CCB7C020AAC80C58F3C69300BF5B04ACD3E17F9C3E
                                                                                                                                                    SHA-512:E73C184836E1E1CF8A63F6435C9296D4E6625DC5E750BF01D3B2C83FAC9439824B7DF25D2061524F5CDDB3226F470BF35B8B7622DB164EE724C3A0279F5F30C6
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:https://www.dhhs.nh.gov/graphics/slider/vape.jpg
                                                                                                                                                    Preview: ......Exif..II*.................Ducky.......<.....qhttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:AB269C91A3C9E911B6D5E52046A14E0C" xmpMM:DocumentID="xmp.did:99A2F8BA46B111EAB138C2FF5C17A9C3" xmpMM:InstanceID="xmp.iid:99A2F8B946B111EAB138C2FF5C17A9C3" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:d7d9797c-5149-294b-b62c-190b65be5894" stRef:documentID="xmp.did:AB269C91A3C9E911B6D5E52046A14E0C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...........................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EDE79FE8.png
                                                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                    File Type:PNG image data, 293 x 295, 1-bit colormap, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):6897
                                                                                                                                                    Entropy (8bit):7.961710048383538
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:C/va+mFRJNG78dpYUIMa3LXA53yBndb4h8HuyHAcD:C0FRJNtdpzUbXA530bw0uBE
                                                                                                                                                    MD5:DA0E31545E3B38505B7318C64BDEC26B
                                                                                                                                                    SHA1:48C54C0AA75AAB40686252301EA47FAB74B1190A
                                                                                                                                                    SHA-256:EBC4D461F08B5EFAF6A44B314B4DDBA9025D6D6FB6614FED17A5A03010C68330
                                                                                                                                                    SHA-512:A6257BD4DCAA72AC63DF003A2E1FBB2048DBB0EE7A894D93D238BFC7CF545757D8D0B96C840B9F7D3DA49F73408938843AF172E73CC103E117B81EAE244B150F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: .PNG........IHDR...%...'......a.?....PLTE.............bKGD....H....pHYs..........+......IDATh.}.}t..u...,.].P.IM7.G..{.T...$K.....{v.....#..4l.u .>.a~<.E{...q.I....v...R.lH......>.9.:k......cW...H...w...._.3G..0.y..}..w.}O.-......l.V.V..J._N....$..b...M.....w.7.q..r..S.=....J..."..y..(.2..oS..x;.... -D`...8*.0..RE...0.$..IG*..nOa..r..o?6v..T.0R.g.)@..:..].&M....P...8T...v..Y.......L..oG.I..`....:.=...@M.:...~k.. "....j..dw....?..1 r+.DZ...*..D.$..[)[23.H.....*<..hn..F.G.e!.\e...5.....xE...Bg....T..j...NY...,Ch...k.....V!.&.k.....t.$Lsy[..).)ii+e.".$...Fox).....Z...d8..vF.......kT....B....\...v3q..rU.v".eYy..M...d.b....7.9.?n.n...$...."i^m....F..?........(.hM.*.p..f....^..w.a...M.d....>D...n.<....M.+..jR....%.0..*....%.*.T...!>.y..NR.)&...V...G?A.yY0..F..qxU].......sq.6.6R6..V...F|.\`..F..t...$c..N.#..h.TQ....... ..3..@..g...QYs.1.r.>....7....TQ.R.Q....b....{$...5U.(.'...2......).:*...SL...,.I...p.Q......8..NQ.....6.(....bC..1..N.}..O,.`+.R..`Q...4W6P.2..
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A7F4CFE5-FD14-491B-BD17-FD822CEDA35F}.tmp
                                                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):8648
                                                                                                                                                    Entropy (8bit):3.9086550011900165
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:v8DY16W2/Zx7P5154V1lGcAxW5aGEFhPqWoFIA0y9Y4UnPwl/lBEM8m/+:QRv7e7lG/vGEF34UnYFHzm
                                                                                                                                                    MD5:BBF0ACE5B4E6E263E81E31E609B5B25E
                                                                                                                                                    SHA1:93F118AA66A0E2F7FEEDA09E548D3D3E23AAF754
                                                                                                                                                    SHA-256:F1848420F03FFE83F59A4F2A4D779ACC906F0E90E733EC8AA010A526FC27C885
                                                                                                                                                    SHA-512:89FA2A2A1187B794A11B17738D4976335ADFB11CF02BD7838098AA3FF0A8D542E04F63831419DF4DF7F352953080671AAA23C5D8E5BDEA47D9DABB744EF3B764
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: ../.....L.o.r.i. .A... .S.h.i.b.i.n.e.t.t.e. .C.o.m.m.i.s.s.i.o.n.e.r.....L.i.s.a. .M... .M.o.r.r.i.s. .D.i.r.e.c.t.o.r.........F.e.b.r.u.a.r.y. .1.5.,. .2.0.2.1.....S.T.A.T.E. .O.F. .N.E.W. .H.A.M.P.S.H.I.R.E. .D.E.P.A.R.T.M.E.N.T. .O.F. .H.E.A.L.T.H. .A.N.D. .H.U.M.A.N. .S.E.R.V.I.C.E.S...D.I.V.I.S.I.O.N. .O.F. .P.U.B.L.I.C. .H.E.A.L.T.H. .S.E.R.V.I.C.E.S...B.U.R.E.A.U. .O.F. .I.N.F.E.C.T.I.O.U.S. .D.I.S.E.A.S.E. .C.O.N.T.R.O.L. .I.M.M.U.N.I.Z.A.T.I.O.N. .P.R.O.G.R.A.M...2.9. .H.A.Z.E.N. .D.R.I.V.E.,. ...................H...J...z...|...~...........$...j................................................................................................................................................................................................................................$.............]...^...a$......$..........dc.......]...^...a$.............^.............d......dx.......]...^.d.`.............d.]...^.d.gd@................$..........d....]...^...a$..............$..........d....]...^
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AD3EC36A-00F7-42F0-AE81-4807857507A1}.tmp
                                                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2
                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:X:X
                                                                                                                                                    MD5:32649384730B2D61C9E79D46DE589115
                                                                                                                                                    SHA1:053D8D6CEEBA9453C97D0EE5374DB863E6F77AD4
                                                                                                                                                    SHA-256:E545D395BB3FD971F91BF9A2B6722831DF704EFAE6C1AA9DA0989ED0970B77BB
                                                                                                                                                    SHA-512:A4944ADFCB670ECD1A320FF126E7DBC7FC8CC4D5E73696D43C404E1C9BB5F228CF8A6EC1E9B1820709AD6D4D28093B7020B1B2578FDBC764287F86F888C07D9C
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: ..
                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B4CD7B63-97C0-4A14-814E-1968BCE52029}.tmp
                                                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1024
                                                                                                                                                    Entropy (8bit):0.05390218305374581
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:ol3lYdn:4Wn
                                                                                                                                                    MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                                                                    SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                                                                    SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                                                                    SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DF18054AB76B5B25D5.TMP
                                                                                                                                                    Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):140241
                                                                                                                                                    Entropy (8bit):1.5157362342413974
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:LyDvO94tV7J17q1DXiLp2L8TgprppmWE0IWFIN1lFIFUN0i8UUUoH9VN9MM0gM+y:U1yA1l2kF
                                                                                                                                                    MD5:E3CE05837CB55C58B3293AD894902DF4
                                                                                                                                                    SHA1:6C25423C1E7AA7CC3F258049BEAFF8904C8C858D
                                                                                                                                                    SHA-256:DB5995599C1B4C840CEECD815C6B5147E97248CEA7C664F5344E26EFFB164307
                                                                                                                                                    SHA-512:CE43AE2EABD15EE3C7D3B11E552AC1E4B8FA6D6349F273E9D7AEBA7F06C47897E407D55527C034D0CD3ED62FFFCE704B486704E79999C409220425D01D061DFA
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... .............................................................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................X......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DF2979F9B86784BA93.TMP
                                                                                                                                                    Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13077
                                                                                                                                                    Entropy (8bit):1.4572348747643993
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:3NlLONlLJ84NlIkNlI/G8G4NlonqXNlon6G864NlWnTQ6Pl6hByhMyhQElEo:LyJ8v/GNnqIn6Gfns6Pl6h0hnhQElEo
                                                                                                                                                    MD5:E78B4254B78A3F39978945C7993F9946
                                                                                                                                                    SHA1:4746A8D439D229D7BCFB29411828C00B7D0AFDD1
                                                                                                                                                    SHA-256:E635A1059CAB03DF170FAC1461A677BF54F5F5A59D0CA3C66B8A262004BD33AC
                                                                                                                                                    SHA-512:436E85643F56AD0A4F521C127346188F3EC2C432EBAD317186C213501EEB09024EAC63B10D652FFF59FD664F4322F879BB2C30384BEF051FF2508D1D986E22FD
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ...................-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e........:..X.(......S6.............................................X......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DF901D34AC6B03FD18.TMP
                                                                                                                                                    Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):25441
                                                                                                                                                    Entropy (8bit):1.9778877695136603
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:LyrdGF79lxxNqyaW8VYvUGF79lxxNqyaW8VhxmGGF79lxxNqyaW8Vjwei79lxxNv:LyrgAfYvJAfh4jAfjwHAfCSaSsl
                                                                                                                                                    MD5:AB93A7D98D5A18E80893085CDDE2CAB4
                                                                                                                                                    SHA1:37A38BA403D2A2E4542E632DE9E698D7D0A009E2
                                                                                                                                                    SHA-256:00971DAE2943F1EBA5F9FF80DFC51710033F344D8293544FC8693375C79264D0
                                                                                                                                                    SHA-512:74AA8EBC27F3CCC91CAFEB8D805555BA77927FDFE3A07266DA5852126EE172DAD374D9F1BE5B4DB5117B7CB66FC9AD3292EE4C55CF94ABF920A8F43C6A16414E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ........................................*9...................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................X......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\COVID19open_closedPodsVACCINE_LETTER2B.LNK
                                                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:16 2020, mtime=Wed Aug 26 14:08:16 2020, atime=Tue Feb 16 23:13:35 2021, length=22673, window=hide
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2318
                                                                                                                                                    Entropy (8bit):4.583339459513804
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:86/XTFGqIRVTKPxSVTh3Qh26/XTFGqIRVTKPxSVTh3Q/:86/XJGqIRVTq4VTh3Qh26/XJGqIRVTq/
                                                                                                                                                    MD5:D8C6EDA74E20B7DF7096E133CE02E0E7
                                                                                                                                                    SHA1:B73E972D36B411DC8F2F4F6D3B5FFCDB4B15DB80
                                                                                                                                                    SHA-256:4BA8FBE7A2CBC1D505234F41F41D981D0364F87065789FE95BD5EE2708D9DC32
                                                                                                                                                    SHA-512:533D776E70DE443ACB844F5402D6FBD2D9B8322695B41D3C4686D005DD79C9BEBFB75579F7071697558BB96CD5013E0B6D3735E9F8273AC362DBA5F55DF5BB3A
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: L..................F.... ...K....{..K....{...........X...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2..X..QR.. .COVID1~1.DOC..........Q.y.Q.y*...8.....................C.O.V.I.D.1.9.o.p.e.n._.c.l.o.s.e.d.P.o.d.s.V.A.C.C.I.N.E._.L.E.T.T.E.R.2.B...d.o.c.x.......................-...8...[............?J......C:\Users\..#...................\\414408\Users.user\Desktop\COVID19open_closedPodsVACCINE_LETTER2B.docx.B.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.C.O.V.I.D.1.9.o.p.e.n._.c.l.o.s.e.d.P.o.d.s.V.A.C.C.I.N.E._.L.E.T.T.E.R.2.B...d.o.c.x.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0
                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):154
                                                                                                                                                    Entropy (8bit):4.977349550230721
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:Htq97PbkK0C0xg3XLBVo+07PbkK0C0xg3XLBVomxWtq97PbkK0C0xg3XLBVov:HtPVjg3X3dVjg3X3ePVjg3X3y
                                                                                                                                                    MD5:F90450B9BEDBBE7298CFA132E86C4FED
                                                                                                                                                    SHA1:4B3F0F9887698DDFB7C58973F52068A1ADB56F34
                                                                                                                                                    SHA-256:268B002D9E13BBA709B6533A2E3B276022AACB56D0CB130A2837E2E12A47BEB9
                                                                                                                                                    SHA-512:0BC9C4A3A5FA87743BEBC043892EEDE80638B4FD4EDB054A4D111F9BF50FDDA9A73B59EFA9BCC8CBBCD1A7853ED78F8AE0FFB3EBAD785D8BA2C4085077247272
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: [misc]..COVID19open_closedPodsVACCINE_LETTER2B.LNK=0..COVID19open_closedPodsVACCINE_LETTER2B.LNK=0..[misc]..COVID19open_closedPodsVACCINE_LETTER2B.LNK=0..
                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):162
                                                                                                                                                    Entropy (8bit):2.431160061181642
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                                                                                                                                    MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                                                                                                                                    SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                                                                                                                                    SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                                                                                                                                    SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...
                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
                                                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                    File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2
                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:Qn:Qn
                                                                                                                                                    MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                    SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                    SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                    SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: ..
                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\W8HCR2ZX.txt
                                                                                                                                                    Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:ASCII text
                                                                                                                                                    Category:downloaded
                                                                                                                                                    Size (bytes):85
                                                                                                                                                    Entropy (8bit):4.419817259969787
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:Fg1QRCkkJXv7YePl2Q8fTcf21l/n:FdRIlUQ87cO1Vn
                                                                                                                                                    MD5:6AF9372C72304891BF9A894EFCAEDA00
                                                                                                                                                    SHA1:0ADC9038572F1A6AFA729EE87E8B5E573FEE1080
                                                                                                                                                    SHA-256:A25D6EC557C20FA2F9133B27FCEFD5AEA90DDFEF4DD08711D63D969483945184
                                                                                                                                                    SHA-512:030DC633563F73F4A13C2623A0806AAC5EFCFC81D57C2D1BE2671DF3B67F4BF991A969B06E9BC6E73BC5E1490543DE87B32B4E0E561D5C9DD74CFF5462A7F05E
                                                                                                                                                    Malicious:false
                                                                                                                                                    IE Cache URL:google.com/
                                                                                                                                                    Preview: CONSENT.PENDING+387.google.com/.2147484672.3138338816.32108254.3484669154.30868673.*.
                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GBLNFL6087EMVG9NCJ7Z.temp
                                                                                                                                                    Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):5026
                                                                                                                                                    Entropy (8bit):3.11048159870444
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:IdmnvZYdIc9GroIGAS6xLdmnvZYdIr683GroIaIxYdmnvZYdIL9GroI3qxL:xvZ6b9S7nxUvZ6Y3SpxBvZ6s9SaxL
                                                                                                                                                    MD5:8A3AB1299008C9A803D3975B0DF5DE11
                                                                                                                                                    SHA1:89986181966C0723C063200ECAC01F5D5D4DFC8C
                                                                                                                                                    SHA-256:E043D3D794B0F5E38C8D8633BA0807A349C82139A79536951F2998894B73D0CA
                                                                                                                                                    SHA-512:55F2E2BBF6257CAD8A850ABD84D7C0EA48AA5DDC3BBF34A471F1D18E26183F007BCAFDF8F5C340E1D98AB3C3F0150EE5E3DF8B5FEFCDC0E7DC8651E156F657A1
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: ...................................FL..................F.@ . ....b.$....b.$....b.$....l...........................P.O. .:i.....+00.../C:\.....................1......Q.y..PROGRA~1..p.......:...Q.y*...<...............F.....P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....wJ.~..INTERN~1..P.......:..wJ.~*.........................I.n.t.e.r.n.e.t. .E.x.p.l.o.r.e.r.....b.2..l..wJD~ .iexplore.exe..F......wJD~wJD~*....H....................i.e.x.p.l.o.r.e...e.x.e.......^...............-.......]....................C:\Program Files\Internet Explorer\iexplore.exe....-.p.r.i.v.a.t.e...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.I.E.F.R.A.M.E...d.l.l.........%SystemRoot%\system32\IEFRAME.dll...................................................................................................................................................................................................................................%.S.y.s.t.e.m.R.o.o.t.%.\.s.y.s.t.e.m.3.2.\.I.E.F.R.A.M.E
                                                                                                                                                    C:\Users\user\Desktop\~$VID19open_closedPodsVACCINE_LETTER2B.docx
                                                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):162
                                                                                                                                                    Entropy (8bit):2.431160061181642
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:vrJlaCkWtVyokKOg5Gll3GwSKG/f2+1/ln:vdsCkWtW2IlID9l
                                                                                                                                                    MD5:39EB3053A717C25AF84D576F6B2EBDD2
                                                                                                                                                    SHA1:F6157079187E865C1BAADCC2014EF58440D449CA
                                                                                                                                                    SHA-256:CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
                                                                                                                                                    SHA-512:5AA3D344F90844D83477E94E0D0E0F3C96324D8C255C643D1A67FA2BB9EEBDF4F6A7447918F371844FCEDFCD6BBAAA4868FC022FDB666E62EB2D1BAB9028919C
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview: .user..................................................A.l.b.u.s.............p.........w...............w.............P.w..............w.....z.........w.....x...

                                                                                                                                                    Static File Info

                                                                                                                                                    General

                                                                                                                                                    File type:Microsoft Word 2007+
                                                                                                                                                    Entropy (8bit):7.5515864823583705
                                                                                                                                                    TrID:
                                                                                                                                                    • Word Microsoft Office Open XML Format document (49504/1) 49.01%
                                                                                                                                                    • Word Microsoft Office Open XML Format document (43504/1) 43.07%
                                                                                                                                                    • ZIP compressed archive (8000/1) 7.92%
                                                                                                                                                    File name:COVID19open_closedPodsVACCINE_LETTER2B.docx
                                                                                                                                                    File size:22673
                                                                                                                                                    MD5:e65769cca6ce8214adf674a8001d83b4
                                                                                                                                                    SHA1:d3800da27e0aa660f04da269b5392fb3f4c26eb5
                                                                                                                                                    SHA256:b0ecb837f4df662ff941ce2cdb64cea78b07c22b1e9ad0d328229aa9dd9f1996
                                                                                                                                                    SHA512:4fb1b69222aa92bd97145eb707a9249ea97a9dfd535cb4adbd0b0debc6c5ca715534d1409db3046d922281187e76eb215e540141d2cbc7a2db444aa9150537a6
                                                                                                                                                    SSDEEP:384:T18xovaJhkQ80FRJNtdpzUbXA530bw0uBGM/xhQl9lce0DIdPuO:BcMaJhkQ9T1eXwEbwZxhQlwe0kd/
                                                                                                                                                    File Content Preview:PK..........!.i...o...........[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                    File Icon

                                                                                                                                                    Icon Hash:e4e6a2a2a4b4b4a4

                                                                                                                                                    Network Behavior

                                                                                                                                                    Network Port Distribution

                                                                                                                                                    TCP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Feb 16, 2021 16:13:55.041014910 CET4916780192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:55.041687965 CET4916880192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:55.180689096 CET8049168199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:55.180797100 CET4916880192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:55.181325912 CET4916880192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:55.184403896 CET8049167199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:55.184525967 CET4916780192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:55.329905033 CET8049168199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:55.330050945 CET4916880192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:55.344153881 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:55.486013889 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:55.486162901 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:55.504636049 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:55.654863119 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:55.654892921 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:55.654910088 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:55.655029058 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:55.662765026 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:55.808024883 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:55.811505079 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.037740946 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.208489895 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.208534956 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.208563089 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.208587885 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.208604097 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.208614111 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.208636999 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.209345102 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.275883913 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.278312922 CET49170443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.280425072 CET49171443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.282579899 CET49172443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.285931110 CET4916780192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.286587954 CET49173443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.287264109 CET4916880192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.287894964 CET49174443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.433811903 CET44349170199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.434022903 CET44349172199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.434564114 CET49170443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.434777021 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.434820890 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.434837103 CET49172443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.434860945 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.434902906 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.434941053 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.434981108 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.435019016 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.435066938 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.435111046 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.435148954 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.435169935 CET44349171199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.435298920 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.435349941 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.435393095 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.435431004 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.435471058 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.435509920 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.435527086 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.436553955 CET49171443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.437552929 CET8049168199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.437654972 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.437833071 CET44349173199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.438487053 CET4916880192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.438519001 CET49173443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.439172029 CET44349174199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.439481020 CET49174443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.440767050 CET8049167199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.441538095 CET4916780192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.511817932 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.517498016 CET49172443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.519073009 CET49171443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.519838095 CET49174443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.520489931 CET49170443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.527468920 CET49173443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.587305069 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.587362051 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.587567091 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.592834949 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.666800022 CET44349174199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.667069912 CET49174443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.667716980 CET44349172199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.667831898 CET49172443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.669681072 CET44349171199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.671456099 CET44349170199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.674001932 CET44349173199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.675606012 CET49171443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.675715923 CET49173443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.675729036 CET49170443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.681552887 CET49172443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.718056917 CET49172443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.745925903 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.745969057 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.746009111 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.746045113 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.746077061 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.746119976 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.746155024 CET44349169199.192.8.2192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.746593952 CET49169443192.168.2.22199.192.8.2
                                                                                                                                                    Feb 16, 2021 16:13:56.805172920 CET49171443192.168.2.22199.192.8.2

                                                                                                                                                    UDP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Feb 16, 2021 16:13:54.078649044 CET5219753192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:13:54.137164116 CET53521978.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:54.974581003 CET5309953192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:13:55.034760952 CET53530998.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:56.629239082 CET5283853192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:13:56.694978952 CET53528388.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:13:57.545371056 CET6120053192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:13:57.613547087 CET53612008.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:05.773835897 CET4954853192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:05.775418043 CET5562753192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:05.795949936 CET5600953192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:05.811722040 CET6186553192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:05.816446066 CET5517153192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:05.820010900 CET5249653192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:05.823937893 CET53556278.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:05.825252056 CET53495488.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:05.847436905 CET53560098.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:05.863111973 CET53618658.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:05.864984989 CET53551718.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:05.871367931 CET53524968.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:06.003070116 CET5756453192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:06.051568985 CET53575648.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:06.262244940 CET6300953192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:06.321316004 CET53630098.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:24.859730005 CET5931953192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:24.919985056 CET53593198.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:25.865617037 CET5931953192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:25.925713062 CET53593198.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:27.473854065 CET5931953192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:27.564975977 CET53593198.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:29.485455036 CET5931953192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:29.547612906 CET53593198.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:33.494574070 CET5931953192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:33.554501057 CET53593198.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:36.787620068 CET5307053192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:36.848195076 CET53530708.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:54.585242033 CET5977053192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:54.642560959 CET53597708.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:55.585988998 CET5977053192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:55.634979010 CET53597708.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:56.600142956 CET5977053192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:56.648740053 CET53597708.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:14:58.612855911 CET5977053192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:14:58.661590099 CET53597708.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:15:02.622845888 CET5977053192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:15:02.682971001 CET53597708.8.8.8192.168.2.22
                                                                                                                                                    Feb 16, 2021 16:15:06.250782967 CET6152353192.168.2.228.8.8.8
                                                                                                                                                    Feb 16, 2021 16:15:06.307936907 CET53615238.8.8.8192.168.2.22

                                                                                                                                                    DNS Queries

                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                    Feb 16, 2021 16:13:54.974581003 CET192.168.2.228.8.8.80x32dfStandard query (0)www.dhhs.nh.govA (IP address)IN (0x0001)
                                                                                                                                                    Feb 16, 2021 16:15:06.250782967 CET192.168.2.228.8.8.80xfb1aStandard query (0)www.dhhs.nh.govA (IP address)IN (0x0001)

                                                                                                                                                    DNS Answers

                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                    Feb 16, 2021 16:13:55.034760952 CET8.8.8.8192.168.2.220x32dfNo error (0)www.dhhs.nh.govwww.dhhs.state.nh.usCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Feb 16, 2021 16:13:55.034760952 CET8.8.8.8192.168.2.220x32dfNo error (0)www.dhhs.state.nh.us199.192.8.2A (IP address)IN (0x0001)
                                                                                                                                                    Feb 16, 2021 16:15:06.307936907 CET8.8.8.8192.168.2.220xfb1aNo error (0)www.dhhs.nh.govwww.dhhs.state.nh.usCNAME (Canonical name)IN (0x0001)
                                                                                                                                                    Feb 16, 2021 16:15:06.307936907 CET8.8.8.8192.168.2.220xfb1aNo error (0)www.dhhs.state.nh.us199.192.8.2A (IP address)IN (0x0001)

                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                    • www.dhhs.nh.gov

                                                                                                                                                    HTTP Packets

                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    0192.168.2.2249168199.192.8.280C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Feb 16, 2021 16:13:55.181325912 CET0OUTGET / HTTP/1.1
                                                                                                                                                    Accept: text/html, application/xhtml+xml, */*
                                                                                                                                                    Accept-Language: en-US
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                    Host: www.dhhs.nh.gov
                                                                                                                                                    DNT: 1
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    Feb 16, 2021 16:13:55.329905033 CET1INHTTP/1.1 302 Found
                                                                                                                                                    Date: Tue, 16 Feb 2021 15:13:55 GMT
                                                                                                                                                    Server: Molly and John
                                                                                                                                                    Location: https://www.dhhs.nh.gov/
                                                                                                                                                    Content-Length: 208
                                                                                                                                                    Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                    Set-Cookie: priv=2p; path=/
                                                                                                                                                    Set-Cookie: pub=87; path=/
                                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 68 68 73 2e 6e 68 2e 67 6f 76 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://www.dhhs.nh.gov/">here</a>.</p></body></html>


                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    1199.192.8.280192.168.2.2249167C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    Feb 16, 2021 16:13:56.440767050 CET37INHTTP/1.0 400 Bad request
                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                    Connection: close
                                                                                                                                                    Content-Type: text/html
                                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 72 65 71 75 65 73 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 73 65 6e 74 20 61 6e 20 69 6e 76 61 6c 69 64 20 72 65 71 75 65 73 74 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                    Data Ascii: <html><body><h1>400 Bad request</h1>Your browser sent an invalid request.</body></html>


                                                                                                                                                    HTTPS Packets

                                                                                                                                                    TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                    Feb 16, 2021 16:13:55.654910088 CET199.192.8.2443192.168.2.2249169CN=dhhs.nh.gov, O=State of New Hampshire, L=Concord, ST=New Hampshire, C=US CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BECN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3Mon Jan 14 17:39:02 CET 2019 Tue Aug 02 12:00:00 CEST 2011Sat Mar 13 20:01:06 CET 2021 Tue Aug 02 12:00:00 CEST 2022771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,07dcce5b76c8b17472d024758970a406b
                                                                                                                                                    CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BECN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3Tue Aug 02 12:00:00 CEST 2011Tue Aug 02 12:00:00 CEST 2022
                                                                                                                                                    Feb 16, 2021 16:15:06.593494892 CET199.192.8.2443192.168.2.2249189CN=dhhs.nh.gov, O=State of New Hampshire, L=Concord, ST=New Hampshire, C=US CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BECN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3Mon Jan 14 17:39:02 CET 2019 Tue Aug 02 12:00:00 CEST 2011Sat Mar 13 20:01:06 CET 2021 Tue Aug 02 12:00:00 CEST 2022771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,07dcce5b76c8b17472d024758970a406b
                                                                                                                                                    CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BECN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3Tue Aug 02 12:00:00 CEST 2011Tue Aug 02 12:00:00 CEST 2022

                                                                                                                                                    Code Manipulations

                                                                                                                                                    Statistics

                                                                                                                                                    Behavior

                                                                                                                                                    Click to jump to process

                                                                                                                                                    System Behavior

                                                                                                                                                    General

                                                                                                                                                    Start time:16:13:35
                                                                                                                                                    Start date:16/02/2021
                                                                                                                                                    Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                                                                                                                                                    Imagebase:0x13f8a0000
                                                                                                                                                    File size:1424032 bytes
                                                                                                                                                    MD5 hash:95C38D04597050285A18F66039EDB456
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high

                                                                                                                                                    General

                                                                                                                                                    Start time:16:14:05
                                                                                                                                                    Start date:16/02/2021
                                                                                                                                                    Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                                                                                                    Imagebase:0x13f850000
                                                                                                                                                    File size:814288 bytes
                                                                                                                                                    MD5 hash:4EB098135821348270F27157F7A84E65
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    General

                                                                                                                                                    Start time:16:14:05
                                                                                                                                                    Start date:16/02/2021
                                                                                                                                                    Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2420 CREDAT:275457 /prefetch:2
                                                                                                                                                    Imagebase:0x280000
                                                                                                                                                    File size:815304 bytes
                                                                                                                                                    MD5 hash:8A590F790A98F3D77399BE457E01386A
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    Disassembly

                                                                                                                                                    Reset < >