Play interactive tour

Edit tour

Analysis Report http://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.html

Overview

General Information

Sample URL:	http://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.html
Analysis ID:	371645
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Startup

System is w10x64

iexplore.exe (PID: 5980 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 5692 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5980 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Source: unknown	HTTPS traffic detected: 64.111.99.224:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.167.186.86:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.167.186.86:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.111.99.224:443 -> 192.168.2.3:49733 version: TLS 1.2

Source: global traffic

HTTP traffic detected: GET /public/covidInitialDose/instructions/en.html HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: scheduling.mesacountyhealth.comConnection: Keep-Alive

Source: ACSO60C5.htm.4.dr	String found in binary or memory: href='https://www.facebook.com/MesaCountyPublicHealth' equals www.facebook.com (Facebook)
Source: ACSO60C5.htm.4.dr	String found in binary or memory: href='https://www.linkedin.com/company/mesa-county-public-health/' equals www.linkedin.com (Linkedin)

Source: unknown

DNS traffic detected: queries for: scheduling.mesacountyhealth.com

Source: custom.unified[1].js.4.dr	String found in binary or memory: http://benalman.com/about/license/
Source: custom.unified[1].js.4.dr	String found in binary or memory: http://benalman.com/projects/jquery-hashchange-plugin/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: http://bit.ly/MesaCounty_COVIDVaccine
Source: style[1].css.4.dr	String found in binary or memory: http://daneden.me/animate
Source: js[2].js.4.dr	String found in binary or memory: http://g.co/dev/maps-no-account
Source: embed[1].htm.4.dr	String found in binary or memory: http://health.mesacounty.us/
Source: onion[1].js.4.dr	String found in binary or memory: http://maps.google.cn
Source: init_embed[1].js.4.dr	String found in binary or memory: http://maps.gstatic.cn
Source: init_embed[1].js.4.dr	String found in binary or memory: http://maps.gstatic.cn/mapfiles/embed/images/entity11.png)
Source: init_embed[1].js.4.dr	String found in binary or memory: http://maps.gstatic.cn/mapfiles/embed/images/entity11_hdpi.png)
Source: Homepage-buttons-20[1].png.4.dr	String found in binary or memory: http://ns.attribution.com/ads/1.0/
Source: style[1].css.4.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: custom.unified[1].js.4.dr	String found in binary or memory: http://robert-fleischmann.de)
Source: js[2].js.4.dr	String found in binary or memory: http://www.broofa.com
Source: style[1].css.4.dr	String found in binary or memory: http://www.elegantthemes.com
Source: style[1].css.4.dr	String found in binary or memory: http://www.elegantthemes.com/gallery/divi/
Source: style[1].css.4.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl-2.0.html
Source: common[1].js0.4.dr	String found in binary or memory: http://www.google.cn
Source: custom.unified[1].js.4.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: js[1].js.4.dr	String found in binary or memory: https://ade.googlesyndication.com/ddm/activity
Source: js[1].js.4.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: js[1].js.4.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: analytics[1].js.4.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://api.w.org/
Source: js[2].js.4.dr	String found in binary or memory: https://cbks0.googleapis.com/cbk?
Source: js[2].js.4.dr	String found in binary or memory: https://cbks1.googleapis.com/cbk?
Source: js[1].js.4.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: common[1].js0.4.dr, util[1].js.4.dr	String found in binary or memory: https://developers.google.com/maps/documentation/javascript/error-messages#
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://docs.google.com/forms/d/e/1FAIpQLSd-ecahucj-QWF4GQYCC2JphkeGl7SXAs4NosGdd912yM-fqg/viewform?
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://docs.google.com/forms/d/e/1FAIpQLSeef-aCUPliBWlboFFcLrpkjNN_qpCMCHVmLHHFSUBnJmiFfA/viewform?
Source: js[2].js.4.dr	String found in binary or memory: https://earthbuilder.googleapis.com
Source: css[1].css0.4.dr	String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:100
Source: css[1].css0.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff)
Source: css[1].css0.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwA.woff)
Source: css[1].css0.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLV154tzCwA.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-ciZK.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v22/u-4l0qyriQwlOrhSvowK_l5-eR71Wvf2jvo.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v22/u-4l0qyriQwlOrhSvowK_l5-eR7NWPf2jvo.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v22/u-4l0qyriQwlOrhSvowK_l5-eR7lXff2jvo.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v22/u-4m0qyriQwlOrhSvowK_l5-eRZAf-Q.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l521wRZVsf8.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l52_wFZVsf8.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l52xwNZVsf8.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOXOhv.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN8rsOXOhv.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OXOhv.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOXOhv.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem6YaGs126MiZpBA-UFUK0Xdcs.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFW50d.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKW-U9hlIqU.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWiUNhlIqU.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWyV9hlIqU.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKXGUdhlIqU.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiAyp8kv8JHgFVrJJLmE0tMMPQ.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLBT5Z1JlEw.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLCz7Z1JlEw.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDD4Z1JlEw.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1JlEw.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1JlEw.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLFj_Z1JlEw.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1JlEw.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLm111VGdeI.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLm21lVGdeI.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLm81xVGdeI.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLmg1hVGdeI.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLmr19VGdeI.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLmv1pVGdeI.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLmy15VGdeI.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJnedA.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiGyp8kv8JHgFVrJJLufntG.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/poppins/v15/pxiGyp8kv8JHgFVrLPTufntG.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOiCnqEu92Fr1Mu51QrEz4dKQ.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51S7ACc0CsI.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TLBCc0CsI.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TjASc0CsI.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TzBic0CsI.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1MmgVxGIzQ.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xGIzQ.woff)
Source: css[1].css0.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fChc-.woff)
Source: css[1].css0.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fChc-.woff)
Source: css[1].css0.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfChc-.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmYUtfChc-.woff)
Source: css[1].css0.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu7GxM.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7psDQ.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7j.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCdi18I.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokSdi18I.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkidi18I.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSdi18I.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklydi18I.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwmRdo.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wmRdo.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRdo.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmRdo.woff)
Source: css[1].css.4.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwmRdo.woff)
Source: js[2].js.4.dr	String found in binary or memory: https://geo0.ggpht.com/cbk
Source: js[2].js.4.dr	String found in binary or memory: https://geo1.ggpht.com/cbk
Source: js[2].js.4.dr	String found in binary or memory: https://geo2.ggpht.com/cbk
Source: js[2].js.4.dr	String found in binary or memory: https://geo3.ggpht.com/cbk
Source: blankshield.min[1].js.4.dr	String found in binary or memory: https://github.com/danielstjules/blankshield
Source: custom.unified[1].js.4.dr	String found in binary or memory: https://github.com/imakewebthings/waypoints/blog/master/licenses.txt
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://gtranslate.io/
Source: {5E9EA403-8862-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://health.mesacou
Source: {5E9EA403-8862-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://health.mesacouacountyhealth.com/public/covidInitialDose/instructions/en.html
Source: ACSO60C5.htm.4.dr, en[1].htm0.4.dr	String found in binary or memory: https://health.mesacounty.us
Source: ~DFB413126732D5739A.TMP.2.dr	String found in binary or memory: https://health.mesacounty.us/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/birth-death-records/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/blueribbonaward/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/board-of-health/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/body-art/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/child-care-facilities/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/comments/feed/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/conditions_airquality/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/covid19/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/covid19/datadashboard/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/covid19/vaccine/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/covidtesting/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/data-reports
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/data-reports/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/document-library/
Source: ~DFB413126732D5739A.TMP.2.dr	String found in binary or memory: https://health.mesacounty.us/ealth.com/public/covidInitialDose/instructions/en.html
Source: ~DFB413126732D5739A.TMP.2.dr	String found in binary or memory: https://health.mesacounty.us/ealth.com/public/covidInitialDose/instructions/en.htmlTL0
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/emergency-preparedness/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/family-planning/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/feed/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/flu-meter/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/fruita-clinic/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/illness-injury/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/immunizations/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/media-communications/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/medicaid-chp/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/mosquito-meter/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/news/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/nurse-family-partnership/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/openburn/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/our-agency/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/pediatric-health-care-support/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/restaurant-inspection-search/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/retail-food-safety/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/saferathome/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/variance-protection-program/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/water-quality/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/women-infants-children-wic/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/et-cache/290/et-core-unified-290-16160952701986.min.css
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/et-cache/290/et-core-unified-tb-229597-290-16160952701986.mi
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/plugins/better-wp-security/core/modules/wordpress-tweaks/js/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/fonts/Socicon.eot?87
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/fonts/Socicon.svg?87
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/fonts/Socicon.ttf?87
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/fonts/Socicon.woff2?
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/fonts/Socicon.woff?8
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/style.css?ver=3.3.9
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/plugins/gtranslate/gtranslate-style16.css?ver=5.6.1
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/tablepress-combined.min.css?ver=3
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/themes/Divi/core/admin/fonts/modules.ttf
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/themes/Divi/core/admin/js/common.js?ver=4.9.0
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/themes/Divi/js/custom.unified.js?ver=4.9.0
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/themes/Divi/style.css?ver=4.9.0
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent-150x44.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent-260x76.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent-300x88.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent-50x15.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent-768x226.png
Source: ACSO60C5.htm.4.dr, en[1].htm0.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/2017/04/cropped-MCPH-Logo-Tag-Transparent-180x180.pn
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/2017/04/cropped-MCPH-Logo-Tag-Transparent-192x192.pn
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/2017/04/cropped-MCPH-Logo-Tag-Transparent-270x270.pn
Source: ACSO60C5.htm.4.dr, imagestore.dat.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/2017/04/cropped-MCPH-Logo-Tag-Transparent-32x32.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-12-150x150.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-12.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-13-150x150.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-13.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-14-150x150.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-14.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-15-150x150.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-15.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-16-150x150.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-16.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-17-150x150.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-17.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-19-150x150.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-19.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-20-150x150.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-20.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-22-150x150.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-22.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-4-1-150x150.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-4-1.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/MCPH_Blue3.14-480x271.jpg
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/MCPH_Blue3.14.jpg
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Untitled-design-32-480x96.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/Untitled-design-32.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/wtfdivi/wp_footer.js?ver=1607306625
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-content/uploads/wtfdivi/wp_head.css?ver=1607306625
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-includes/css/dashicons.min.css?ver=5.6.1
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-includes/css/dist/block-library/style.min.css?ver=5.6.1
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-includes/js/wp-embed.min.js?ver=5.6.1
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-json/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fhealth.mesacounty.us%2F
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fhealth.mesacounty.us%2F&#038
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/wp-json/wp/v2/pages/290
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://health.mesacounty.us/xmlrpc.php
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://healthymesacounty.org/
Source: js[2].js.4.dr	String found in binary or memory: https://khms.googleapis.com/mz?v=894
Source: js[2].js.4.dr	String found in binary or memory: https://khms0.google.com/kh?v=128
Source: js[2].js.4.dr	String found in binary or memory: https://khms0.google.com/kh?v=894
Source: js[2].js.4.dr	String found in binary or memory: https://khms0.googleapis.com/kh?v=128
Source: js[2].js.4.dr	String found in binary or memory: https://khms0.googleapis.com/kh?v=894
Source: js[2].js.4.dr	String found in binary or memory: https://khms1.google.com/kh?v=128
Source: js[2].js.4.dr	String found in binary or memory: https://khms1.google.com/kh?v=894
Source: js[2].js.4.dr	String found in binary or memory: https://khms1.googleapis.com/kh?v=128
Source: js[2].js.4.dr	String found in binary or memory: https://khms1.googleapis.com/kh?v=894
Source: js[2].js.4.dr	String found in binary or memory: https://lh3.ggpht.com/
Source: js[2].js.4.dr	String found in binary or memory: https://lh4.ggpht.com/
Source: js[2].js.4.dr	String found in binary or memory: https://lh5.ggpht.com/
Source: js[2].js.4.dr	String found in binary or memory: https://lh6.ggpht.com/
Source: js[2].js.4.dr	String found in binary or memory: https://maps.google.com
Source: js[2].js.4.dr	String found in binary or memory: https://maps.googleapis.com
Source: js[2].js.4.dr	String found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/44/6
Source: js[2].js.4.dr	String found in binary or memory: https://maps.googleapis.com/maps/api/js/GeoPhotoService.GetMetadata
Source: js[2].js.4.dr	String found in binary or memory: https://maps.googleapis.com/maps/api/js/GeoPhotoService.SingleImageSearch
Source: embed[1].htm.4.dr	String found in binary or memory: https://maps.googleapis.com/maps/api/js?client=google-maps-embed&paint_origin=&libraries=geo
Source: init_embed[1].js.4.dr	String found in binary or memory: https://maps.gstatic.com
Source: js[2].js.4.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/
Source: init_embed[1].js.4.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/defaultphoto
Source: init_embed[1].js.4.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/entity11.png);background-size:70px
Source: init_embed[1].js.4.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/entity11_hdpi.png);background-size:70px
Source: init_embed[1].js.4.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/exp2.png);background-size:109px
Source: init_embed[1].js.4.dr	String found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/exp2_hdpi.png);background-size:109px
Source: js[2].js.4.dr	String found in binary or memory: https://maps.gstatic.com/maps-api-v3/api/images/
Source: embed[1].htm.4.dr	String found in binary or memory: https://maps.gstatic.com/maps-api-v3/embed/js/44/6/init_embed.js
Source: init_embed[1].js.4.dr	String found in binary or memory: https://mt0.google.com/vt/icon/name=icons/spotlight/star_S_8x.png&scale=
Source: js[2].js.4.dr	String found in binary or memory: https://mts.googleapis.com/maps/vt/icon
Source: init_embed[1].js.4.dr	String found in binary or memory: https://myaccount.google.com/
Source: js[1].js.4.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: js[1].js.4.dr	String found in binary or memory: https://pagead2.googlesyndication.com/
Source: imagestore.dat.4.dr	String found in binary or memory: https://scheduling.mesacountyhealth.com/favicon.ico
Source: ~DFB413126732D5739A.TMP.2.dr, en[1].htm.4.dr	String found in binary or memory: https://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.html
Source: ~DFB413126732D5739A.TMP.2.dr	String found in binary or memory: https://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.htmlDDrive
Source: {5E9EA403-8862-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.htmlRoot
Source: {5E9EA403-8862-11EB-90E4-ECF4BB862DED}.dat.2.dr	String found in binary or memory: https://schedulinnty.us/ealth.com/public/covidInitialDose/instructions/en.htmlRoot
Source: embed[1].htm.4.dr	String found in binary or memory: https://search.google.com/local/reviews?placeid=ChIJO-4_lWccR4cRkgKrCWXaGlQ
Source: js[2].js.4.dr	String found in binary or memory: https://static.panoramio.com.storage.googleapis.com/photos/
Source: analytics[1].js.4.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: js[2].js.4.dr	String found in binary or memory: https://support.google.com/fusiontables/answer/9185417).
Source: init_embed[1].js.4.dr	String found in binary or memory: https://support.google.com/maps/?p=thirdpartymaps
Source: init_embed[1].js.4.dr	String found in binary or memory: https://support.google.com/maps?p=kml
Source: element_main[1].js.4.dr	String found in binary or memory: https://translate.google.com
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://twitter.com/mc_publichealth
Source: js[1].js.4.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.4.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.4.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[1].js.4.dr	String found in binary or memory: https://www.google.com
Source: element_main[1].js.4.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: js[2].js.4.dr	String found in binary or memory: https://www.google.com/maps
Source: ACSO60C5.htm.4.dr, ~DFB413126732D5739A.TMP.2.dr	String found in binary or memory: https://www.google.com/maps/embed?pb=
Source: js[2].js.4.dr	String found in binary or memory: https://www.google.com/maps/preview/log204
Source: element_main[1].js.4.dr	String found in binary or memory: https://www.google.com/support/translate
Source: js[1].js.4.dr	String found in binary or memory: https://www.google.com/travel/flights/click/conversion/
Source: js[1].js.4.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.4.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-76351459-1
Source: element_main[1].js.4.dr	String found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
Source: element_main[1].js.4.dr	String found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_68x28dp.png
Source: element_main[1].js.4.dr	String found in binary or memory: https://www.gstatic.com/images/branding/product/1x/translate_24dp.png
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://www.instagram.com/mcphinaction/
Source: ACSO60C5.htm.4.dr	String found in binary or memory: https://www.linkedin.com/company/mesa-county-public-health/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 64.111.99.224:443 -> 192.168.2.3:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.167.186.86:443 -> 192.168.2.3:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 108.167.186.86:443 -> 192.168.2.3:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 64.111.99.224:443 -> 192.168.2.3:49733 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/143@4/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFE78E318E656894F2.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5980 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5980 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol2	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.html	0%	Virustotal		Browse
http://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.html	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
scheduling.mesacountyhealth.com	0%	Virustotal		Browse
health.mesacounty.us	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://robert-fleischmann.de)	0%	Avira URL Cloud	safe
http://www.broofa.com	0%	URL Reputation	safe
http://www.broofa.com	0%	URL Reputation	safe
http://www.broofa.com	0%	URL Reputation	safe
http://www.broofa.com	0%	URL Reputation	safe
https://health.mesacounty.us/wp-content/uploads/2017/04/cropped-MCPH-Logo-Tag-Transparent-270x270.pn	0%	Avira URL Cloud	safe
https://health.mesacounty.us/covid19/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent-300x88.png	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-17.png	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/tablepress-combined.min.css?ver=3	0%	Avira URL Cloud	safe
https://health.mesacounty.us/data-reports/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fhealth.mesacounty.us%2F&#038	0%	Avira URL Cloud	safe
http://health.mesacounty.us/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-22-150x150.png	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fhealth.mesacounty.us%2F	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/themes/Divi/js/custom.unified.js?ver=4.9.0	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/fonts/Socicon.svg?87	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-15.png	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-20-150x150.png	0%	Avira URL Cloud	safe
https://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.htmlRoot	0%	Avira URL Cloud	safe
http://ns.attribution.com/ads/1.0/	0%	URL Reputation	safe
http://ns.attribution.com/ads/1.0/	0%	URL Reputation	safe
http://ns.attribution.com/ads/1.0/	0%	URL Reputation	safe
https://health.mesacounty.us/xmlrpc.php	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/2017/04/cropped-MCPH-Logo-Tag-Transparent-32x32.png	0%	Avira URL Cloud	safe
https://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.htmlDDrive	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-4-1-150x150.png	0%	Avira URL Cloud	safe
https://health.mesacounty.us	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-includes/css/dist/block-library/style.min.css?ver=5.6.1	0%	Avira URL Cloud	safe
https://health.mesacounty.us/comments/feed/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/MCPH_Blue3.14.jpg	0%	Avira URL Cloud	safe
https://health.mesacounty.us/feed/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/fonts/Socicon.woff?8	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/style.css?ver=3.3.9	0%	Avira URL Cloud	safe
http://maps.gstatic.cn/mapfiles/embed/images/entity11.png)	0%	URL Reputation	safe
http://maps.gstatic.cn/mapfiles/embed/images/entity11.png)	0%	URL Reputation	safe
http://maps.gstatic.cn/mapfiles/embed/images/entity11.png)	0%	URL Reputation	safe
https://health.mesacounty.us/wp-content/uploads/MCPH_Blue3.14-480x271.jpg	0%	Avira URL Cloud	safe
https://schedulinnty.us/ealth.com/public/covidInitialDose/instructions/en.htmlRoot	0%	Avira URL Cloud	safe
https://health.mesacounty.us/conditions_airquality/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/fonts/Socicon.eot?87	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/themes/Divi/core/admin/fonts/modules.ttf	0%	Avira URL Cloud	safe
https://health.mesacounty.us/news/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-includes/js/jquery/jquery.min.js?ver=3.5.1	0%	Avira URL Cloud	safe
https://health.mesacounty.us/immunizations/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/wtfdivi/wp_head.css?ver=1607306625	0%	Avira URL Cloud	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-12.png	0%	Avira URL Cloud	safe
https://health.mesacouacountyhealth.com/public/covidInitialDose/instructions/en.html	0%	Avira URL Cloud	safe
https://health.mesacounty.us/emergency-preparedness/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/document-library/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/themes/Divi/core/admin/js/common.js?ver=4.9.0	0%	Avira URL Cloud	safe
http://maps.gstatic.cn	0%	URL Reputation	safe
http://maps.gstatic.cn	0%	URL Reputation	safe
http://maps.gstatic.cn	0%	URL Reputation	safe
https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent-50x15.png	0%	Avira URL Cloud	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://health.mesacounty.us/pediatric-health-care-support/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-19.png	0%	Avira URL Cloud	safe
https://health.mesacounty.us/restaurant-inspection-search/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/variance-protection-program/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent-768x226.png	0%	Avira URL Cloud	safe
https://health.mesacou	0%	Avira URL Cloud	safe
https://health.mesacounty.us/our-agency/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/body-art/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/ealth.com/public/covidInitialDose/instructions/en.html	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/et-cache/290/et-core-unified-290-16160952701986.min.css	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/fonts/Socicon.ttf?87	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/Untitled-design-32.png	0%	Avira URL Cloud	safe
https://health.mesacounty.us/board-of-health/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent-150x44.png	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/plugins/gtranslate/gtranslate-style16.css?ver=5.6.1	0%	Avira URL Cloud	safe
https://health.mesacounty.us/ealth.com/public/covidInitialDose/instructions/en.htmlTL0	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/2017/04/cropped-MCPH-Logo-Tag-Transparent-180x180.pn	0%	Avira URL Cloud	safe
https://scheduling.mesacountyhealth.com/favicon.ico	0%	Avira URL Cloud	safe
https://health.mesacounty.us/blueribbonaward/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/medicaid-chp/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-16.png	0%	Avira URL Cloud	safe
https://health.mesacounty.us/women-infants-children-wic/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/2017/04/cropped-MCPH-Logo-Tag-Transparent-192x192.pn	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-includes/js/wp-embed.min.js?ver=5.6.1	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	0%	Avira URL Cloud	safe
http://daneden.me/animate	0%	URL Reputation	safe
http://daneden.me/animate	0%	URL Reputation	safe
http://daneden.me/animate	0%	URL Reputation	safe
https://health.mesacounty.us/openburn/	0%	Avira URL Cloud	safe
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-16-150x150.png	0%	Avira URL Cloud	safe
https://health.mesacounty.us/flu-meter/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
stats.l.doubleclick.net	64.233.167.156	true	false		high
scheduling.mesacountyhealth.com	64.111.99.224	true	false	0%, Virustotal, Browse	unknown
health.mesacounty.us	108.167.186.86	true	false	0%, Virustotal, Browse	unknown
stats.g.doubleclick.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.html	false		unknown
http://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.html	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://robert-fleischmann.de)	custom.unified[1].js.4.dr	false	Avira URL Cloud: safe	low
http://www.broofa.com	js[2].js.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://health.mesacounty.us/wp-content/uploads/2017/04/cropped-MCPH-Logo-Tag-Transparent-270x270.pn	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/covid19/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent-300x88.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-17.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
http://g.co/dev/maps-no-account	js[2].js.4.dr	false		high
https://health.mesacounty.us/wp-content/tablepress-combined.min.css?ver=3	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/data-reports/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://github.com/danielstjules/blankshield	blankshield.min[1].js.4.dr	false		high
http://benalman.com/about/license/	custom.unified[1].js.4.dr	false		high
https://health.mesacounty.us/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fhealth.mesacounty.us%2F&#038	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://lh6.ggpht.com/	js[2].js.4.dr	false		high
http://www.opensource.org/licenses/mit-license.php	custom.unified[1].js.4.dr	false		high
http://health.mesacounty.us/	embed[1].htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-22-150x150.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fhealth.mesacounty.us%2F	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/themes/Divi/js/custom.unified.js?ver=4.9.0	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/fonts/Socicon.svg?87	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
http://www.gnu.org/licenses/gpl-2.0.html	style[1].css.4.dr	false		high
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-15.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-20-150x150.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://lh3.ggpht.com/	js[2].js.4.dr	false		high
https://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.htmlRoot	{5E9EA403-8862-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	Avira URL Cloud: safe	unknown
http://ns.attribution.com/ads/1.0/	Homepage-buttons-20[1].png.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://health.mesacounty.us/xmlrpc.php	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/j/collect	analytics[1].js.4.dr	false		high
https://geo0.ggpht.com/cbk	js[2].js.4.dr	false		high
https://health.mesacounty.us/wp-content/uploads/2017/04/cropped-MCPH-Logo-Tag-Transparent-32x32.png	ACSO60C5.htm.4.dr, imagestore.dat.4.dr	false	Avira URL Cloud: safe	unknown
https://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.htmlDDrive	~DFB413126732D5739A.TMP.2.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-4-1-150x150.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us	ACSO60C5.htm.4.dr, en[1].htm0.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-includes/css/dist/block-library/style.min.css?ver=5.6.1	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/comments/feed/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/uploads/MCPH_Blue3.14.jpg	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/feed/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://www.instagram.com/mcphinaction/	ACSO60C5.htm.4.dr	false		high
https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/fonts/Socicon.woff?8	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/style.css?ver=3.3.9	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
http://maps.gstatic.cn/mapfiles/embed/images/entity11.png)	init_embed[1].js.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://health.mesacounty.us/wp-content/uploads/MCPH_Blue3.14-480x271.jpg	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://lh5.ggpht.com/	js[2].js.4.dr	false		high
https://schedulinnty.us/ealth.com/public/covidInitialDose/instructions/en.htmlRoot	{5E9EA403-8862-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/conditions_airquality/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/fonts/Socicon.eot?87	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/themes/Divi/core/admin/fonts/modules.ttf	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/news/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
http://benalman.com/projects/jquery-hashchange-plugin/	custom.unified[1].js.4.dr	false		high
https://health.mesacounty.us/wp-includes/js/jquery/jquery.min.js?ver=3.5.1	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://github.com/imakewebthings/waypoints/blog/master/licenses.txt	custom.unified[1].js.4.dr	false		high
https://health.mesacounty.us/immunizations/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/uploads/wtfdivi/wp_head.css?ver=1607306625	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://cct.google/taggy/agent.js	js[1].js.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-12.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacouacountyhealth.com/public/covidInitialDose/instructions/en.html	{5E9EA403-8862-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	Avira URL Cloud: safe	unknown
http://www.elegantthemes.com/gallery/divi/	style[1].css.4.dr	false		high
https://health.mesacounty.us/emergency-preparedness/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/document-library/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/themes/Divi/core/admin/js/common.js?ver=4.9.0	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
http://maps.gstatic.cn	init_embed[1].js.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent-50x15.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://www.google.%/ads/ga-audiences	analytics[1].js.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
https://health.mesacounty.us/pediatric-health-care-support/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-19.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/restaurant-inspection-search/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/variance-protection-program/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent-768x226.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.html	~DFB413126732D5739A.TMP.2.dr, en[1].htm.4.dr	false		unknown
https://health.mesacou	{5E9EA403-8862-11EB-90E4-ECF4BB862DED}.dat.2.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/our-agency/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/body-art/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/ealth.com/public/covidInitialDose/instructions/en.html	~DFB413126732D5739A.TMP.2.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/et-cache/290/et-core-unified-290-16160952701986.min.css	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/fonts/Socicon.ttf?87	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
http://www.elegantthemes.com	style[1].css.4.dr	false		high
https://health.mesacounty.us/wp-content/uploads/Untitled-design-32.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://www.linkedin.com/company/mesa-county-public-health/	ACSO60C5.htm.4.dr	false		high
https://health.mesacounty.us/board-of-health/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent-150x44.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/plugins/gtranslate/gtranslate-style16.css?ver=5.6.1	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/ealth.com/public/covidInitialDose/instructions/en.htmlTL0	~DFB413126732D5739A.TMP.2.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/uploads/2017/04/cropped-MCPH-Logo-Tag-Transparent-180x180.pn	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://scheduling.mesacountyhealth.com/favicon.ico	imagestore.dat.4.dr	false	Avira URL Cloud: safe	unknown
http://maps.google.cn	onion[1].js.4.dr	false		high
https://health.mesacounty.us/blueribbonaward/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/medicaid-chp/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-16.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/women-infants-children-wic/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
http://www.google.cn	common[1].js0.4.dr	false		high
https://geo1.ggpht.com/cbk	js[2].js.4.dr	false		high
https://health.mesacounty.us/wp-content/uploads/2017/04/cropped-MCPH-Logo-Tag-Transparent-192x192.pn	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-includes/js/wp-embed.min.js?ver=5.6.1	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
http://daneden.me/animate	style[1].css.4.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://gtranslate.io/	ACSO60C5.htm.4.dr	false		high
https://health.mesacounty.us/openburn/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-16-150x150.png	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown
https://health.mesacounty.us/flu-meter/	ACSO60C5.htm.4.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
64.233.167.156	stats.l.doubleclick.net	United States	15169	GOOGLEUS	false
108.167.186.86	health.mesacounty.us	United States	46606	UNIFIEDLAYER-AS-1US	false
64.111.99.224	scheduling.mesacountyhealth.com	United States	26347	DREAMHOST-ASUS	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	371645
Start date:	18.03.2021
Start time:	20:21:55
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 32s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	http://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.html
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/143@4/3
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://health.mesacounty.us/
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, svchost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 104.43.139.144, 88.221.149.168, 13.88.21.125, 40.88.32.150, 168.61.161.212, 184.27.11.238, 216.58.215.234, 216.58.212.136, 142.250.185.78, 172.217.168.3, 172.217.168.68, 172.217.168.10, 172.217.168.14, 172.217.168.74, 216.58.215.227, 152.199.19.161, 23.57.80.111, 20.50.102.62 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, maps.googleapis.com, go.microsoft.com, www.googletagmanager.com, www.google.com, watson.telemetry.microsoft.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, www.google-analytics.com, fonts.googleapis.com, khms0.googleapis.com, fs.microsoft.com, www-google-analytics.l.google.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, www-googletagmanager.l.google.com, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, www3.l.google.com, store-images.s-microsoft.com, translate.googleapis.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, translate.google.com, maps.gstatic.com, skypedataprdcolwus15.cloudapp.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5E9EA401-8862-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8541135131648394
Encrypted:	false
SSDEEP:	96:rVZ2ZH24W+Ht+df+iFM+T+E+E+f+Egq8X:rVZ2ZH24WQt2f3FMONR+fRgq8X
MD5:	E8D07810EB8E96C9A676F6A96ABC0DAE
SHA1:	A716FFD63F89B611EC603FBFF4382E97521FE8E2
SHA-256:	3B1938BF28BE8384F7EF3F76D0C70D697E50FFA30DF5F7381515ACA75E54F1F5
SHA-512:	6D02F9DF398DD61DAF1513B9F9464BFCD2C30A48F0AA0A98C5999EE2047D9BE5CAF754CDD92E10CB1BD4B01E184B47D32590A82B3ED95AF067B63CA5C32BCB4C
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E9EA403-8862-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	42976
Entropy (8bit):	2.235519247776411
Encrypted:	false
SSDEEP:	192:riZhQR6pk1jZ2FWfMfjWIAQreK+9Vw1L0Q/hHA7clH+T+t+hZN:re2s6RocUbDAQqhfMgQ/RAglwr
MD5:	D5797336E373D5757C08837053698E17
SHA1:	88E3AB915C72E0C7B9B8CDDACE79E83CDD0E9A8B
SHA-256:	669614ADE695D410DFDAF3B5DAC60D1AE6CE1893BED52934DE9294106FC21CDC
SHA-512:	3A53926E3BC31DEB481C92C75DCD36F7425371AAFB54EC6527DD2E4591CEF5FAB9D510BF90FAE6722A84F876C599853D91760887043A198A3C6ED9FE6DFEB1F5
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E9EA404-8862-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5644811744898814
Encrypted:	false
SSDEEP:	48:IwgGcprlGwpateG4pQbsGrapbS5GQpK6eG7HpRQTGIpG:rEZvQte6bqBSTAeTEA
MD5:	09E9970CCFBD6DB5E85F5B6ED3959770
SHA1:	A561615621743362BE96A6F03A2636F4A96CA436
SHA-256:	1C666266881BD02DAB345A8B2A7C2D656607E0EB2EF33692D04996072D2B34FE
SHA-512:	9601879E71D90FA38FABE133950515DA0A1771D4A6C0AB9BB792F0540E34E768F4C7F1C17CA19CDACBBAB200A54BAA51C3477B8B0ACE17F378C23274509E51DA
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	1780
Entropy (8bit):	7.191766073741825
Encrypted:	false
SSDEEP:	48:oIDUmTJJrYSf5wZi89k4zx0TXtKsBpZYkTJJrYSf5wZi89k4zx0TXs:Jr9f5w99k4zxqwsB9r9f5w99k4zxqs
MD5:	EF599DD85E33FDCF8512FA47E8F025FC
SHA1:	7841E609F79A5CA5095C0B0B6CE4C3A64C516B3D
SHA-256:	8903D7B4433F3DFBA00A51EAF43D917C48782C94CD11087E9FD1F66B25E3BD46
SHA-512:	0676D0C6B535EC5B20F71DC86331DD1A23A9CF0F8C2E3C4F41D2B76C00088DE3562243102AAA059111DD08D4FD8FFB5E2718DEEF24FEAFC13C75ED70661A0B78
Malicious:	false
Reputation:	low
Preview:	3.h.t.t.p.s.:././.s.c.h.e.d.u.l.i.n.g...m.e.s.a.c.o.u.n.t.y.h.e.a.l.t.h...c.o.m./.f.a.v.i.c.o.n...i.c.o......PNG........IHDR... ... .....szz.....IDATx...?h.P..q9J....d8...).%..9:..D.p."R.C.AJ)NRD..tp:Dn8.B..("E.Jq..d..p.q.).(.t(E....<.\.th...I.....^^.K..;l..F....?.fv9...5.eG3r.=p.....Lc.y[7U.....v.....2x..a...~..x.@V.Y...mTR.UQ..B..+..h...K@..p.O2x.....A...L...>a^(....<....~.?..X.[l.'!...G.n...}.h....Z.x.l.E...........e...Q..E.4m.E}..........`.5\I`....p...!.e..1.0.m.`..$F..e.-a"a...q. .1Yg..>..Ph3.t..4.E\|...~.y. .U.M!..a...&..1.>)...P.. ....u~....3._8..#...A.....l....&.4...u..=2.F0b....K........S....-.[..]L........_...bg..E(3.....a..c..t.......\...=.`R.....iq..=... .....U.;....P..m[.~.2...........&..........a.....U.(..j....${6TL.....d.{.u...8...#.{"E..k....IEND.B`. ... .............T`......T`....c.h.t.t.p.s.:././.h.e.a.l.t.h...m.e.s.a.c.o.u.n.t.y...u.s./.w.p.-.c.o.n.t.e.n.t./.u.p.l.o.a.d.s./.2.0.1.7./.0.4./.c.r.o.p.p.e.d.-.M.C.P.H.-.L.o.g.o.-.T.a.g.-.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Homepage-buttons-12[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	8308
Entropy (8bit):	7.819071750128706
Encrypted:	false
SSDEEP:	192:JwG172VfsMYGhHmm2xsNZ1XUTzLUyNZRdL92yAAD4IL:JHysKtmm2tUyNZIyAQ4u
MD5:	179C2F2E66DA0EF1DC4AFFB3CB9765F5
SHA1:	BB0928D10B3B8519C3BE5B96AE800B313787E3A5
SHA-256:	23C8A1D0414FBDAE4DD86DCCB1BD73A487A5D6B393538A1FDA6E259938C3086D
SHA-512:	D47372260C3DD1489125E516F17E6BE45895B3003356935F5610F629A6976A593DCD0B9EAE8CD59B18832DE87AB9835942FFBFFFCBA0BBB9EEE10F86FE0703F6
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-12.png
Preview:	.PNG........IHDR...,...,.....y}.u....sRGB.........pHYs..........+......IDATx...g.eU........D.%`.DAP.$.d#.%J..............ADZ....6(A.QZQ[@@.V@...`...bf^<.b...n.p......}C......k...Z`ffffffffffffffffffffffffffffffffffffU.43;...$-)i.......MH..T8<;....I..^..<ff....rv&3..H.V.{_v63.WI.J.....y...........PV.4+;....m.De5.m.Y..e.0..I..?......_q.3..I:e...9....zH.7.YVc...nf=!iYI..YV.t`......2.......6..2..2.jI:r.Q....^..$.....j....W....D.>......K.....!i}I7.<...........$]RaQ.i...7.o.. iQI.....kz.mkz..ra.M..-.O...N......'......7......I..\D,...f.t.fJ...9..X?..$.o...!iCIW....e.C..\Xfs.t.........X....6p$.}..#.......o..M..~...M..L........^....N..CQR{0..?.h;......u....])FT.$.)....qv...,.$I.S..v.VN.S.%"...u.-.u...)^...X>9N.....Q7.........>...,...V...2k6IK..(j.......r=...Tl...EQm...IV..?e...GX.H...>...f.q..].7.C..e..bG.=(FR.~...m...>.6.v..\|..8m.yv..y..j'.].^...-.......C..#,..`!...%..5Ru...^v.....2.6............e6.I.....I.99N..j..sX6.AI}...\R.[8"fg...GX6....e#....upa.IZ

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Homepage-buttons-19[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5769
Entropy (8bit):	7.748241791130183
Encrypted:	false
SSDEEP:	96:wUyLeOXGy7C1wr1L+KSQ8rCVP38eapEDV7mDXMN4igFXvetTuIuzkaqxUWNAoLts:wUyLBl7CGrd+KS7ENgDcii4gTuIuz8hK
MD5:	DD83F818332F1D5539ADFD59156C7938
SHA1:	CA2435836A810C5017A5E927BB40959E2C5FFEFD
SHA-256:	7D5607080D69751094DC6603AF443ABF50E24407B44D1253D34CF01885F4C8D9
SHA-512:	2B3442C96BAA68F0F51E0FA1930F4C483A8FC808528E2F3A7DACC01AD91E700039AE34A1B13E76F4EB6CD58F3AEE595B3B7776C256E9499071033B83A811597C
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-19.png
Preview:	.PNG........IHDR...,...,.....y}.u....sRGB.........pHYs..........+......IDATx....q[7....;.=J..+...3...r..+.\...$U`..S....d..+8...LK...{....d..l(.^................................................................R. Gfv,.....=.t....4w..;B..df..0....kfG....FTX...L.../5.4...:...^.h......%.=.K/...J.s.n....%f...)..S...3P......B..#....k>....@`maf'.....N>.f...>.....3...&.8..\|.]S}.e.........h....LCk.~U_I...&.OV.....m.@"fv1.....;.;...syef?...73{xJ.....d..e..2.%c.'C\|}..0......0...^fv....Z@.fvdf..2.^.e.....q..H....?.of.....;,..N........s.S.m..cB./....r.)......".?./.............?+..}X...R])N[...w.O"..s.m...?..P...].e..z,.M.'.$.>.....9w.m.qd.5,..p...4~..\.$.s..}Qa. tT.H.M=.L..V....H8.;.t.z,..u.]....@`.(,.R}.....H=..5..X....\....f...5"..V...b<.......'.W..J=.Df...6.tF`%.v..4.... .......G.SI....T.7.3):..J....?....1n.2.ub.H.B\...a._....\...n...4....v@...z.u.Rj....:...h...Z.4...}.g....jq?....Z..0...\|vxsA....S..E.cqpz...{.D.\|.t.<..S ..f.....#I.z..s..H..H......,.=..9

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Homepage-buttons-20[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9298
Entropy (8bit):	7.885961022513935
Encrypted:	false
SSDEEP:	192:xOuabv6i7ktEEuoUzxGRsMTGfJNAk1NBkoQ8DkimPR4cSAD4IW:o1PBloOxms8CNAk1NBLXW1SQ47
MD5:	69D22EFA1D9E0DCFF213C5DAACC812EE
SHA1:	29330E4CB69C451D71DDE39FA361C43320C417F8
SHA-256:	0C49BAF98E95653B167B366F6F706FEBF8A1C14C211C9E0E88F367BB76A9888F
SHA-512:	6F390DEFC687A2B7494BBFEB2B811D19413EB3B286A64BDF76564129A09D10DC36B98112A4C7B1EB74EA6321A7035B23512BFF79F0D23762A48C7CCD1B072E5A
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-20.png
Preview:	.PNG........IHDR...,...,.....y}.u....sRGB.........pHYs..........+.....yIDATx..Ar.Hs._.1^...^..[/.'\|..Dx.....6.s.R' ...N@...N@...N@r...".G.........}..;.o..h.!3.U. ..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.!..B.E.{...H.......~..+.....W.\...B..{ 5!......o.,!Aj..!....Q.......[..0..@u.9...Q.... ...!L.D~~.!.=...i...~ ....L..G...Y.`.(T..J.Y!....Q....@........o$X.....9..Q..X....x..Je.....!.......S.M.....D.Q.^..#H..A.51.........0...!..9yi..I.C.5!H..R..\|.p!w...k.H....s...IL%E.$o......Q.U8Qd...Bd/_...".\|..y...1.bdu.6..{.s.q.u..D.V....H..\|.p.Bx.?....F.P.: ...i)V/..4c..O..~X.^H.\|JL.o..zvH^4]...(.h.].J5.. ..p..].:i!V...XD.h.n..c..6T..S.../...'.+........G.....(/z.........@r.(V....'>.].......+...j.H.8~....)..>Pb5 .......@r..+J.....6.@.....B.*x4.Xk...7..A..........D.....<R3..B_..E...+..->.$....RtQ..-. U#....p2..:./.z.R..!y..mTS.u@.t..c`.(M.u@...@..;..EWj.(.........-.!.].Z....j`h.v.D.......]..}i:..J...k...A....AQ..5..j@...G.+Q.l..T.1($/.b..>D]8......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Homepage-buttons-22[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9180
Entropy (8bit):	7.852466601732386
Encrypted:	false
SSDEEP:	192:XTSb3g/8sVWLqLsu5o4+AMW7yqIwz7pP65Cvn4FA4gNAD4Ig:z/vVWuLsu24HMW7hIgJzvn4F4NQ41
MD5:	7511DAB4A7C695EDCEEA5BCC20E83420
SHA1:	1722DD703CF635BAB3645E5928C9DF4DA2870274
SHA-256:	993751F996FFB7A52561C096195D94A7FB078CDBFD3BF47A121266DE6A3353B0
SHA-512:	062ECA21A1AE135DA8AB4D0A85006C6E1E356EB638D23B69A4950C7F1969D7F71729C05A057F14406E25686680F5AA462F398D69DA9BA1152F952A4FBFB18686
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-22.png
Preview:	.PNG........IHDR...,...,.....y}.u....sRGB.........pHYs..........+......IDATx...}.o......q..d+;...).....sN.pP\.P.....P.N....)J..A.q..u.(..CE.]......>.u.....j..^k..c.1.o}^./..o...s..w.9.x.........................................................................................................`......r./..S.....L...........-p.?...;.t.f.@.[..k$,.W..... ........q......A.....[.........%.c-..&U,6...,.S$...m....eY..IzZ.b....&G...&..Q...D..>m-.aY..'(..e....8..[.)w...n..M0`........b..1.....rI...X.f.6..0I.K.Y..I.KZ..qc.h.....C.b.....".3...>.:......8.xp...`...-.&..b.`...7'..B...q.V..5.`.D..t[....1..D_.uyO.6...4A..R..f..p@./.8....n.t.Q....t[.&.pd./l.7..*.nI....M._.-f...J./l.;...W&h..K..l...'...q#.'W..O...z..`. ..I.eMai...(.g...l.......;:n...e...l.q.-H...\|YSZ.<....&A....ue.y.....Zb.'.K:....]$....WF....l.?$.].5....Q......5&..]:.9..OHj.D.xw.`la.n.c....q....xX........#.........z1.\|...{...j..........5.`GU..}..........$">.".[...k...m........'A.fNXcj..fW..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Homepage-buttons-4-1[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	10704
Entropy (8bit):	7.866384782812336
Encrypted:	false
SSDEEP:	192:UgffuqYrT0vJrID71Ubesr2nU71fvozFKblnEo8KSGAD4IX:H2q2T0Wf9srdtswERGQ46
MD5:	CDF560FEF8E46D67712737C5C1198EA1
SHA1:	AE08F3ED7C4446985351A7D1E3DCA855A826D806
SHA-256:	EE0CA072D4024AD7423FF319FB6470E17CFAEC813EF0637AD1E20A291FEF7A70
SHA-512:	53D53376AEBA90F68AB756D8C49AC621F631FA3A827CF0F57024318D1941F732CAA4C57A73C2C1CF7094E03140A2CF7D9C8DEB066F9F7EAEACC14323076C53DB
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-4-1.png
Preview:	.PNG........IHDR...,...,.....y}.u....sRGB.........pHYs..........+.... .IDATx...y..U....!..@.......Uv..vPA...Q.WQT........ATFT..Qq...p....dq.!l.@.B....I:...>eU....z..~....I.sWw.].9.>.............................................................................................................................................R........m$.....Iz.k\|..{%...)%........j..I.K:V...6.4F..I....8..HZ.HZS%.N..SJ/6)l3k.@.F.{.W..P.?:...\|,......_7..2..0...h......`..]$...U.,.4G...JzP...T.M$mib..Z.....%]".......Y...l...L....k.}.......><....'...'..`A..;<.2....m..T..=.\|...Xm..?.8...0........Q..cfCTNV..W..r"....p.@.U.u.......V\k..M`l=.cfC....3peU...0.A.\.xk..[...k6.f6.....C....{#.;<...XY.x..R#.kf...2...1.8....u...K.......u}3.$.wU...&V......y..be.f`.f.af-....[1..."'.....s<..\|...1........aY..l..q....q.....Tt\fV `G`ZN.s..I..Q..........W..;....%M..8M..b...%........"i.B#jCNX.2....U...D.e)....#h.......%...U.Z.o):.zs.V.6E"XI.lI.....t...%..t..V.-.......Z.6...$.W).....Z>.a...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOiCnqEu92Fr1Mu51QrEz4dKQ[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 30840, version 1.1
Category:	downloaded
Size (bytes):	30840
Entropy (8bit):	7.98362951381607
Encrypted:	false
SSDEEP:	768:MftxBNHF2qvXXb4w8uLPz+0dYP16270I11rVkqFvdY7yU:Wt7NHwqvUw8a7T2P16G0I3ZjvS
MD5:	EC54DC9CFE0770918AAB018EB3384D04
SHA1:	44A550176D0259466440C9A33C6E1DC1C41E8509
SHA-256:	B465B335882AB7DC9DA712B57DDB67859F8C6D4AEFFE65AAE86A203AD41DFE09
SHA-512:	C6491CC6BA999D1B085C8CD25D59C05FFD74FB5176F9025D1E20668E88102AD7A57219094E348E93309E33E08BAADB463FD90D6CF485804B6A8B7F1EABB7C95A
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOiCnqEu92Fr1Mu51QrEz4dKQ.woff
Preview:	wOFF......xx.......d........................GDEF.......]...\|...~GPOS.......j..../..YGSUB...`...Y...bk.ewOS/2.......M...`t.!'cmap...........hW.u.cvt .......H...H.2..fpgm...$...3...._...gasp...X............glyf...d..\B..."...~hdmx..n............head..oP...6...6.\|.hhea..o....#...$.}..hmtx..o...........{oloca..s\...[...t..>.maxp..v.... ... ....name..v......... G= post..w........ .a.dprep..w.........+6.x...........El.6...sC{.P.A...Lx.."...?....%.om#...Xq.8W\..7....~....I.y.S......V..8..I.&...x.l...\A.E....W.m.m.....e.4fm...FN....T.>.i.].=d....1y..r..4u<.q._. @c.M.OJ@A....."........ZFM...._....h..._..)^;\kK..Zu.n..fk..Y..`k. q..&..^.2..o-.....o../...y..xg...7..L...[.}.2.c..%F }....X.........5......4.%..(AIJQ..T..U.FujR.:.>.hEk..Nt....Io...lg.g8.y.p.{<...y.S.......y.[>.EH.d.L.,.\.<.\|."....*....j.....Z..:..zj.n.^.~.....a.....Q..1.........Z.....m.].}:..:..:..:.S:.3:.s:..+...cY..q..1..m........m.fcm...mw2Q..'......N.[..[..N....f.Iy....U.uW.W...p+.W

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOjCnqEu92Fr1Mu51TLBCc0CsI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 31664, version 1.1
Category:	downloaded
Size (bytes):	31664
Entropy (8bit):	7.983624482432713
Encrypted:	false
SSDEEP:	768:mBkDjqV1P4TEi9l55h9A+8Nwl135SWKAClUSnNXqVy:m71rEJA+8WEmCn
MD5:	F1D0E01B1C5790314AA444FAFCEE913D
SHA1:	BFCC15A4B519E53F33F0EB0A7E3F0C632274EA89
SHA-256:	3191DEBC779F3EDCA5D98FD179CD5955E2255E39CCA4B8CB0A2A0B2363F21F5A
SHA-512:	34DB267A944031E030812F5BEE86D3C1CEF30B4368A9A616C1AF66E96FDCC2A1FBD3ED0F60C58E727F5363E34016582C2053BA5708C6D6AF7456C983C73204AB
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TLBCc0CsI.woff
Preview:	wOFF......{.................................GDEF.......]...\|...~GPOS............C..%GSUB.......X...bk.eqOS/2.......N...`v.!.cmap...L.......hW.u.cvt .......Z...Z...=fpgm...x...3......#.gasp................glyf......^.......6.hdmx..q.........)...head..rH...6...6.G.Whhea..r....#...$.H..hmtx..r.........:e.Aloca..vd...W...t/.Z.maxp..y.... ... ....name..y...........>.post..z........ .a.dprep..z........8...Cx...........El.6...sC{.P.A...Lx.."...?....%.om#...Xq.8W\..7....~....I.y.S......V..8..I.&...x.d..G.A....l...+P,V..@...IV...7............`....>G .1....`....`.9W...mI..VW...lN^=.......0.Y. .L.%..Iz.1.X`.].U.M.wmt)."jt.{....-......].._.c...T..i...Yr(..MVj=.5.m.....mU.B. ..l..9?U.K...u..jL.4..........A.Mx.......G.p.G.<.8.....m.6..6.J...b..KW.=x...w...../ $,*!%-#..........o`dljnaiemckg....L.<#.......m.....m...YK...p...'...D..%Z.DI..H.%[.<...(S.J.Zu.5h.Y.Vm:t..g..Q.&L.2m.9...X.a.=...:v..k...{...w.>}..O9=.I.D..~....k.m.m....mpm.....~.GM.F7.._fVv...~.He.dL.L..K.......d.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOjCnqEu92Fr1Mu51TzBic0CsI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 30908, version 1.1
Category:	downloaded
Size (bytes):	30908
Entropy (8bit):	7.984619773361106
Encrypted:	false
SSDEEP:	768:bBkIh4PO78mSI+qKr/tocwqA4xfC/Em8K8bzkCSJV:bH6tj8EmpIzg
MD5:	D10759B089C9F63453C01485AF6E549C
SHA1:	5D7BF0F5AC0A12C4B6D634EAE28EB4DE2C4BB7A4
SHA-256:	B3F820572F0EF8DD86BCF0DEF65194AE5F72F424B5E086908B49DC1B51A65EB5
SHA-512:	F2F4D5CC3A87F697F1392C7D1FE26569E34D39E5709A1C7FE797DC0027C62AC20D15207F1545C6BB5A14D82AD4B327DFEB2161D33924E35572647BF6EC4BEBE4
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TzBic0CsI.woff
Preview:	wOFF......x.................................GDEF.......]...\|...~GPOS............C..%GSUB.......X...bk.eqOS/2.......N...`u.!.cmap...L.......hW.u.cvt .......J...J..,ofpgm...h...3....c...gasp................glyf......\......3O.hdmx..n.............head..oX...6...6...`hhea..o....#...$...ohmtx..o.........).>.loca..sp..._...t.a.~maxp..v.... ... ....name..v......... .=$post..w........ .a.dprep..w.........9..Bx...........El.6...sC{.P.A...Lx.."...?....%.om#...Xq.8W\..7....~....I.y.S......V..8..I.&...x.d..G.A....l...+P,V..@...IV...7............`....>G .1....`....`.9W...mI..VW...lN^=.......0.Y. .L.%..Iz.1.X`.].U.M.wmt)."jt.{....-......].._.c...T..i...Yr(..MVj=.5.m.....mU.B. ..l..9?U.K...u..jL.4..........A.Mx.......G.p.G.<.8.....m.6..6.J...b..KW.=x...w...../ $,*!%-#..........o`dljnaiemckg....L.<#.......m.....m...YK...p...'...D..%Z.DI..H.%[.<...(S.J.Zu.5h.Y.Vm:t..g..Q.&L.2m.9...X.a.=...:v..k...{...w.>}..O9=.I.D..~....k.m.m....mpm.....~.GM.F7.._fVv...~.He.dL.L..K.......d.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOkCnqEu92Fr1MmgVxGIzQ[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 28936, version 1.1
Category:	downloaded
Size (bytes):	28936
Entropy (8bit):	7.981041546201341
Encrypted:	false
SSDEEP:	768:iftWekgsmibj3l3fLgwYoHGJWuQ8E+xWdADu/6KZG:8tmjlswO4uQEWADug
MD5:	9588E2362B4A501C0A0A204FFC043E3D
SHA1:	63DC06B068E57F5B74EC33877C47ACD6FE82B7AB
SHA-256:	3DC799C582D54B6449AE3CD49FC98A686511E73ADBDE9DEDED60B608313F6A0D
SHA-512:	70F05AC046272E1465CA60BB3619DE38BA271165F6D0619617CFE8A46C7149182C1FE15004513CE910067C4D6A2C5097816C351DF657F574C5DED2A7DC7ADD21
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1MmgVxGIzQ.woff
Preview:	wOFF......q.................................GDEF.......]...\|...~GPOS.......j..../..YGSUB...`...Y...bk.ewOS/2.......N...`t.!{cmap...........hW.u.cvt .......H...H.2..fpgm...$...3...._...gasp...X............glyf...d..T........hdmx..g`...........head..h....6...6.G..hhea..h<... ...$...,hmtx..h\..........loca..k....Y...t1(Z.maxp..oT... ... ....name..ot.......x..9.post..pH....... .m.dprep..p\........+6.x...........El.6...sC{.P.A...Lx.."...?....%.om#...Xq.8W\..7....~....I.y.S......V..8..I.&...x.l...\A.E....W.m.m.....e.4fm...FN....T.>.i.].=d....1y..r..4u<.q._. @c.M.OJ@A....."........ZFM...._....h..._..)^;\kK..Zu.n..fk..Y..`k. q..&..^.2..o-.....o../...y..xg...7..L...[.}.2.c..%F }....X.........5......4.%..(AIJQ..T..U.FujR.:.>.hEk..Nt....Io...lg.g8.y.p.{<...y.S.......y.[>.EH.d.L.,.\.<.\|."....*....j.....Z..:..zj.n.^.~.....a.....Q..1.........Z.....m.].}:..:..:..:.S:.3:.s:..+...cY..q..1..m........m.fcm...mw2Q..'......N.[..[..N....f.Iy....U.uW.W...p+.W

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOkCnqEu92Fr1Mu51xGIzQ[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 31092, version 1.1
Category:	downloaded
Size (bytes):	31092
Entropy (8bit):	7.983700662065834
Encrypted:	false
SSDEEP:	768:BftFnLS6zymdO449UFFXPEk3VTOh/7hgNXt71F:xtj2MeCFXPwh/7hUXnF
MD5:	C36A51C52597B394BF7967203DA46176
SHA1:	EC9D0472AB1D60D41CEBF4A8F2CF058C3F640BB4
SHA-256:	B3FF8E0214DCB46651BF3A6C69EAE9AE00447AD164721528E351CB487E642C00
SHA-512:	EAFDD6F0F3EF342FE564238C514ABF5A989F8F513B3FFB04DC1CDD3F2E7E0BC776BCEC2E45AB0269DC87153A357F6E1B9BAA238AF709153985C66DB483B9D074
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOkCnqEu92Fr1Mu51xGIzQ.woff
Preview:	wOFF......yt...............................GDEF.......]...\|...~GPOS.......j..../..YGSUB...`...X...bk.eqOS/2.......M...`t.!Rcmap...........hW.u.cvt .......R...R..-.fpgm...,...4....s...gasp...`............glyf...l..\.....K,.9hdmx..oX............head..o....6...6...ehhea..p4...#...$...Ghmtx..pX.........Ua<loca..t....X...tt..`maxp..wp... ... ....name..w...........:.post..xh....... .a.dprep..x........D..].x...........El.6...sC{.P.A...Lx.."...?....%.om#...Xq.8W\..7....~....I.y.S......V..8..I.&...x.l...\A.E....W.m.m.....e.4fm...FN....T.>.i.].=d....1y..r..4u<.q._. @c.M.OJ@A....."........ZFM...._....h..._..)^;\kK..Zu.n..fk..Y..`k. q..&..^.2..o-.....o../...y..xg...7..L...[.}.2.c..%F }....X.........5......4.%..(AIJQ..T..U.FujR.:.>.hEk..Nt....Io...lg.g8.y.p.{<...y.S.......y.[>.EH.d.L.,.\.<.\|."....*....j.....Z..:..zj.n.^.~.....a.....Q..1.........Z.....m.].}:..:..:..:.S:.3:.s:..+...cY..q..1..m........m.fcm...mw2Q..'......N.[..[..N....f.Iy....U.uW.W...p+.W

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmSU5fChc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 29108, version 1.1
Category:	downloaded
Size (bytes):	29108
Entropy (8bit):	7.980664916556132
Encrypted:	false
SSDEEP:	384:FVpZX5LFbn3VjS7BmJENgyH8trLa+D6H5QPtflQ98aIXGRPycb6ZaB6NcoDxTrHF:fftFDUF8Fm+Dg+aIItOZaB6Oo9TrHF
MD5:	F4B08B5A857EF12352AAF0EBC1316460
SHA1:	C6ACB393223ADA5B5F4E48D7493ECE10379E6925
SHA-256:	214FEBC7384B786913AD658DD1D3EC63036C5C5BBC0BD23993EF2026BB8414AC
SHA-512:	D58CE14F8DF796CE92F0C964B89FB7FC1745EC1062A6C1B194FFA4117BC64938477F25B39BAD09E9242651A4D6C6329230E7536C42EA19B6890CECA49721CABD
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fChc-.woff
Preview:	wOFF......q.................................GDEF.......]...\|...~GPOS.......j..../..YGSUB...`...X...bk.eqOS/2.......N...`tN!.cmap...........hW.u.cvt .......X...X/...fpgm...0...4......".gasp...d............glyf...p..U=...l.#.Ohdmx..g.............head..hT...6...6.Y.ihhea..h.... ...$...Bhmtx..h..........?..loca..lx...V...t...{maxp..o.... ... ...\name..o........\|..9.post..p........ .m.dprep..p........:z/.Wx...........El.6...sC{.P.A...Lx.."...?....%.om#...Xq.8W\..7....~....I.y.S......V..8..I.&...x.l...\A.E....W.m.m.....e.4fm...FN....T.>.i.].=d....1y..r..4u<.q._. @c.M.OJ@A....."........ZFM...._....h..._..)^;\kK..Zu.n..fk..Y..`k. q..&..^.2..o-.....o../...y..xg...7..L...[.}.2.c..%F }....X.........5......4.%..(AIJQ..T..U.FujR.:.>.hEk..Nt....Io...lg.g8.y.p.{<...y.S.......y.[>.EH.d.L.,.\.<.\|."....*....j.....Z..:..zj.n.^.~.....a.....Q..1.........Z.....m.].}:..:..:..:.S:.3:.s:..+...cY..q..1..m........m.fcm...mw2Q..'......N.[..[..N....f.Iy....U.uW.W...p+.W

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmWUlfBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20356, version 1.1
Category:	downloaded
Size (bytes):	20356
Entropy (8bit):	7.972919215442608
Encrypted:	false
SSDEEP:	384:of+dt1ebKR28EPpAXxR5wthZZv4B8Te/h4+ctr5NH9NwZaUp4VsEgm:of+P1eeRcU8Hqdy+UHHbEw/
MD5:	ADCDE98F1D584DE52060AD7B16373DA3
SHA1:	0A9B76D81989A7A45336EBD7B48ED25803F344B9
SHA-256:	806EA46C426AF8FC24E5CF42A210228739696933D36299EB28AEE64F69FC71F1
SHA-512:	7B1D6CC0D841A9E5EFEC540387BC5F9B47E07A21FDC3DC4CE029BB0E3C74664BBC9F1BCCFD8FB575B595C2CC1FD16925C533E062C4C82EEE0C310FFD2B4C2927
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc-.woff
Preview:	wOFF......O.................................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......Q...`u...cmap...\..........W.cvt ...T...H...H+~..fpgm.......3...._...gasp................glyf......;...k....hdmx..H....m....!$..head..H....6...6...\hhea..I,.......$.&..hmtx..IL...y.....XF.loca..K.........`.C.maxp..M.... ... .(..name..M........~..9.post..N........ .m.dprep..N........)v60x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.\|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O\|.U:...\|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H\|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S...........h ..$.k.'Hy.I.ze..4z.-T.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\MCPH-Logo-Tag-Transparent[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 974 x 286, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	21568
Entropy (8bit):	7.885923420876767
Encrypted:	false
SSDEEP:	384:TjX9QYCQms7aRsX0Wyhy4fYcw92uXI81tnaFnNiQM+YBqUerajXx8c:TjtQYms73kWyhyVcwxIuZwnNpFqqlk8c
MD5:	44E795E38DEAAC51EEA15D22CC46EEEB
SHA1:	AAECA4C9545B2091AAA998D3597065C698BF1619
SHA-256:	9965AF5B3A7C26E4C94CA9E255725084738995E94D83968DA775B3B584CF78A7
SHA-512:	F7BEE58FC493415EAEC2695FCBE728BB0867E08DB46602CD93760460831A733C1CF3AD6E066682F88B1C26A32B1081C47BB2F6279707072E434DAAFA5C2CF25D
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent.png
Preview:	.PNG........IHDR.............[.L^....pHYs...#...#.x.?v....tEXtSoftware.Adobe ImageReadyq.e<..S.IDATx..=.$Y..w.e@.c.j.....c.......U4..5.Q..$..=...........Q c..b..]..@.Xg'K.x........i%..8U'g....F..............{..~......7.......P._(.........3.........................p.......@8....... ..................g........3....... ..................g........3.........................p.......@8....... ..................p.......@8....... ..................g........3.......d.."......2..4}........I...f.{........K(y.....p.....R...9P....y6b...g...".w..~..........}.d....,........ ..j.........J(....e.V..6..;j........`#.W..+..gG....V!..n.....@8.7bY..J..D4..... ...eD4..... .!#.....>g.Hc.U@o8.......p.y...KJ..w.c.............y.vd.[].q)[.w....X...E.X.#...b.<..&}.4/{,...........k}.:.,.:.U...CDj....g.r.N.........p........&.........@E..y.........3.......9.A-3..}.W.......@8...P.r.`.7.^...A9.V.C..j.G..\e......p......J@*.+......UK..{..~T....................P..V!.j.B&(B.........n.....;..-2.[.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\init_embed[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	238278
Entropy (8bit):	5.5321248133409044
Encrypted:	false
SSDEEP:	3072:agvKtn4QrkwpXLKcjfyakNJjNZZEIkmoVVJXVj4:aozwpbKkqakrNsIkmoVVJXp4
MD5:	F188B1839C44D3903DD8BEA0ED2C8B71
SHA1:	8862956723B458DCE1CBD094CB5F6D1624A0E2F0
SHA-256:	BC07FAF27161802195D819A4EA2EAFF5EC338AF4F860EA81D28EC98A8F334816
SHA-512:	B8CD49B2D3820AB421996A209AFE54C1CA4E31EDB80F94FD473D314ECADC8DE7DA7311DAFFCD9977C61E00F8EA12D48E6EEA8AA48D198DDD59641345D89EBF66
Malicious:	false
Reputation:	low
IE Cache URL:	https://maps.gstatic.com/maps-api-v3/embed/js/44/6/init_embed.js
Preview:	(function() {'use strict';/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.function aa(){return function(){}}function ba(a){return function(){return this[a]}}var r;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ha=fa(this);function v(a,b){if(b)a:{var c=ha;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.v("Symbol",function(a){function b(e){if(this instanceof

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\main[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	4103
Entropy (8bit):	5.3995129482808935
Encrypted:	false
SSDEEP:	96:RBJabc3cCahrQN0JxlehAJdQcQRExN5rPjfm6u2MytmV+:R2bC7apiaxleh0dQ3sLfm6u2Tm4
MD5:	D0E381701A854D4A26ECBA5B9ABACF79
SHA1:	328CB186ACE416F048DBE07C71D77155DC9A4C52
SHA-256:	80F35659D030651EA3ACC6D6E97475B42EAA60D5700E83F9623CF90904D42CEC
SHA-512:	7A82A459018D243A7D0402A8D840CB688A3EB362FFD7EB264DA1A92A917BD1F41DB4FD246715381089427D764A306CDC967DD7B025C1D666C56A2C9240DFBE5D
Malicious:	false
Reputation:	low
IE Cache URL:	https://translate.googleapis.com/translate_static/js/element/main.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var c="Translate",e=this\|\|self;function f(a,m){a=a.split(".");var b=e;a[0]in b\|\|"undefined"==typeof b.execScript\|\|b.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===m?b[d]&&b[d]!==Object.prototype[d]?b=b[d]:b=b[d]={}:b[d]=m}var g=/^[\w+/_-]+[=]{0,2}$/,h=null;function k(a){return(a=a.querySelector&&a.querySelector("script[nonce]"))&&(a=a.nonce\|\|a.getAttribute("nonce"))&&g.test(a)?a:""}function l(a){return a};var n={0:c,1:"Cancel",2:"Close",3:function(a){return"Google has automatically translated this page to: "+a},4:function(a){return"Translated to: "+a},5:"Error: The server could not complete your request. Try again later.",6:"Learn more",7:function(a){return"Powered by "+a},8:c,9:"Translation in progress",10:function(a){return"Translate this page to: "+(a+" using Google Translate?")},11:function(a){return"View this page in: "+a},12:"Show original",13:"The conten

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\openhand_8_8[1].bmp Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	MS Windows cursor resource - 1 icon, 32x32, 2 colors, hotspot @8x8
Category:	downloaded
Size (bytes):	326
Entropy (8bit):	2.5620714588910247
Encrypted:	false
SSDEEP:	6:Gl/0puls6M94pTiI+mBURd8EOJlZa8BBL:C0pqs6M94pTJyOZ77
MD5:	FEFF9159F56CB2069041D660B484EB07
SHA1:	0D0A08CF25A258511957F357B89D3908F3C5E6E3
SHA-256:	7342F390B12F636D14E25F698FC5E38CF6240994DC0C07FEFBBB4E78EC4D03C7
SHA-512:	F850277F48AC14FA363265469776E6F7F07F7DD743AA1D1AD7CF2329EEE6D323DA3422CF6BAAC066C84ECD24800A02088053EF3FC0488D170E7FC942AC8FFA99
Malicious:	false
Reputation:	low
IE Cache URL:	https://maps.gstatic.com/mapfiles/openhand_8_8.cur
Preview:	...... ......0.......(... ...@...............................................................................................................................?...w...g...............................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\overlay[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	3667
Entropy (8bit):	5.234856643838167
Encrypted:	false
SSDEEP:	96:rtrVSez0bTiCwSeyz6okEnxWzJ8ff3VC9J1n:xrVdz0CCco6oNniJ8f/VC9J1
MD5:	133DDC9C0D29A39EDFD600BD9551C6B5
SHA1:	4CB7CAB4DDE4CAAA6064B4DB176D45B1D37E8F5E
SHA-256:	47457172AAF234330254CB0116A6278A712CBC16D125227BBBA7EE3F9DA4A680
SHA-512:	18376CCFD678AF2D4471F13267588633012485453545119CAB7FEEBAF247A0D21A64EAEEC3D5140944949D85149B51B94C24E5EDB78DB41628B38A44FCA051C4
Malicious:	false
Reputation:	low
IE Cache URL:	https://maps.googleapis.com/maps-api-v3/api/js/44/6/overlay.js
Preview:	google.maps.__gjsload__('overlay', function(_){var Zy=function(a){this.g=a},$y=function(){},az=function(a){a.Fh=a.Fh\|\|new $y;return a.Fh},bz=function(a){this.Ga=new _.pi(function(){var b=a.Fh;if(a.getPanes()){if(a.getProjection()){if(!b.Rg&&a.onAdd)a.onAdd();b.Rg=!0;a.draw()}}else{if(b.Rg)if(a.onRemove)a.onRemove();else a.remove();b.Rg=!1}},0)},cz=function(a,b){function c(){return _.qi(e.Ga)}var d=az(a),e=d.jg;e\|\|(e=d.jg=new bz(a));_.A(d.Ea\|\|[],_.K.removeListener);var f=d.Ka=d.Ka\|\|new _.Vu,g=b.__gm;f.bindTo("zoom",g);f.bindTo("offset",g);f.bindTo("center",.g,"projectionCenterQ");f.bindTo("projection",b);f.bindTo("projectionTopLeft",g);f=d.Pj=d.Pj\|\|new Zy(f);f.bindTo("zoom",g);f.bindTo("offset",g);f.bindTo("projection",b);f.bindTo("projectionTopLeft",g);a.bindTo("projection",f,"outProjection");a.bindTo("panes",g);d.Ea=[_.K.addListener(a,"panes_changed",c),_.K.addListener(g,"zoom_changed",c),_.K.addListener(g,"offset_changed",c),_.K.addListener(b,"projection_changed",c),_.K.addListener(g

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\pxiByp8kv8JHgFVrLGT9Z1JlEw[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 14268, version 1.1
Category:	downloaded
Size (bytes):	14268
Entropy (8bit):	7.964596869956641
Encrypted:	false
SSDEEP:	384:vlnbOTOAicv48wqsF7Te1CzJACuLOJ2OSSOOrv:vhbJfcvX92aAzJHuKQNSvb
MD5:	D9189CDE576D3C9FC9A7B7F73339DD3B
SHA1:	C116A6D1D8CAEA34458187E1A10B20DA47AA7EC9
SHA-256:	B21B8FBA2A0716185821E936385DE04BFE21CFD4993EB31E3DF21D00D0BDBA5E
SHA-512:	1A51AF9F87B335E2B1AC64930168ECEE70204398E10F9B64AEC9A83946594C3FCA1B4D0827E4014CDE883661AB4A839FDBAF061FCD5F429B4E83F4F87CCF5666
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1JlEw.woff
Preview:	wOFF......7.......`x........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...N...`ZO..cmap...........xK.sglyf.........LXQh..head..-d...6...6..$ghhea..-.... ...$.T.-hmtx..-........\|..>@loca..0t........\.pfmaxp..3.... ... ...&name..3<........%.A_post..4 ........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`a.f...............................g..?....%Q.....RX....&...v.).......K..x.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.Y.\|.G....!d........e."..$.-3.(S...\Sf.$.....RnsW.r_..]rI..^.oV..$=...vg>....T0...W.,%.B.0j....".....K....F3R.Wa../<r....5..8p.?.X./[.>\Z.0../@.b..Ai. ...S.@8D.MK.H:.....Y...3h:(6V..e1!!tZ....z.d0j..y.&...:-D.s.[.].X.....-v....i....7.Z..C.%.Jk.y......vL..IX.Z..NE._.x..>h.....,?.F..J

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\pxiDyp8kv8JHgFVrJJLm21lVGdeI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 15768, version 1.1
Category:	downloaded
Size (bytes):	15768
Entropy (8bit):	7.971740400310118
Encrypted:	false
SSDEEP:	384:5HwvCJ/FCcfLeJffvQZbJlwIqYA8MXcRbYhkbj:5QvgFIJfXutl6XcRbYC
MD5:	E4B07B0A38E32347CBA5E2C24578F018
SHA1:	85F468AD6BF5ABF861CB48F42463814C22344E35
SHA-256:	F1920042C43F57810124EB0D2E9F443F7F6EAC742DD47F69B910732C7A63B7E1
SHA-512:	8496158B4C354CFDE6C791F68554EE005C8A9D936C67C2E1C38EB30ACC47BBE304315C04AD654CB543CFCC47CF2DE528F5F3DBE9D3DA9DC0C3D40D05A0F4AEC1
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLm21lVGdeI.woff
Preview:	wOFF......=.......hH........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...P...`Y...cmap...........xK.sglyf......0X..S.....head..3....6...6..(.hhea..3L...#...$...+hmtx..3p.......\|.37loca..6D.........U.maxp..8.... ... ...Pname..9.........-?E.post..9.........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`a.e.a`e``.b......D3.1.1.1.3......3 ...7..F..%Q.....RX....&.....)....a.._x.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...*P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.\|Z.@....EV.."`..(.QVX.....+j.].)..^.'.{o.$y.{....k.+..v....- g.y.`.......of$..x.O.q.$.D.!!..B..i.FM2z$..z.}.I.].....>..;\|......._....8....P(.}I.....yD+.V)s(..RhIx+h..Q.%i..I3.Be.J......P[.352.P.?5..u:}.65...'.^..dn.......7.\z.>......,.-m.tM...i.%:..i..%...t.m.i.qv. \|./...\%..A:.}\|.~.Z.D.w

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\pxiEyp8kv8JHgFVrJJnedA[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 14520, version 1.1
Category:	downloaded
Size (bytes):	14520
Entropy (8bit):	7.970902656582869
Encrypted:	false
SSDEEP:	384:WcJoAIaHXVYlHGh2h/1x1+h5V3e6skJRuxDUykPvMYouHT/okVgv:WMoATulHG6/mV/skJWDU1P0Zu0ku
MD5:	9997FB28E5E39C1B8EAA0C5A0A3ACE5F
SHA1:	0563157A95394D35F55B1CBD90CF50C0E106BD7D
SHA-256:	69FEA018934E081011515C36F8AD80F4C936FAD046F068B6D0A03EF65AC6CBC4
SHA-512:	45C2671F1050184C7400D42655893F0D49111E958721E091199346344810CC30B020C0348111EB6A0911C5C735EFECB49134F545804F5D4885DE165E2BFF8C98
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJnedA.woff
Preview:	wOFF......8.......`.........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...M...`Y..cmap...........xK.sglyf......+...LX....head...X...6...6..$ahhea....... ...$.u.]hmtx...........\|..>.loca..1p........`.tHmaxp..4.... ... ...,name..48........(.C.post..5.........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`a.f....................=.\|....3 ...7.....J.,R..1...3.+00L..1.0..R..,.......x.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.\|Y.\|...{IB.(..6Z...0...!@..$.!nMR.l]_.W_...Z_....o]..o.-.w..Z.....+.....{.......?N.8.J.R(J .H.D..(../T...l"..=~.c...v.;...Z...^(.b.r70B}........t.....R.T ...tQ,.T3*.TJ...s.hV\.4O.......2..jh+....8....<.....W+......6,..+.n...Y..U3...J....6v....i.:.0....e..S...kl!J....edJ.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\pxiGyp8kv8JHgFVrJJLufntG[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 15660, version 1.1
Category:	downloaded
Size (bytes):	15660
Entropy (8bit):	7.970571305950903
Encrypted:	false
SSDEEP:	384:crwg7RXRZad67R+vSFruWNkbQfaW4wO+FElf20v2UYOzugFj:c8g7RKd6m6eAEd++vGaf
MD5:	B168BD8922598812674E6177C949250B
SHA1:	7F974BB5AD4FFBBB49D481BCFBE4418F1A6BDD01
SHA-256:	AE1ADC84D59F1FBEEED39519C1CE97823635EAFAF3EA679985B1047ABB22428A
SHA-512:	C5263E525F9B46311784C3E7EDF65EC9AA1668436628B7012952D52EFF1AF7C65AF9013CB93E7D7D42500CF08688FD0F47DEB9600D44B2486F8F525AE390B91F
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiGyp8kv8JHgFVrJJLufntG.woff
Preview:	wOFF......=,......g.........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...P...`Y..cmap...........xK.sglyf....../...S...head..2....6...6..(.hhea..2....#...$.g..hmtx..3........\|.f0Nloca..5............7maxp..8.... ... ...Fname..8.........'\BWpost..9.........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`a.a...........3.7.f.c.c0b.`......3 ...7..F..%Q.....RX....&..T.v.).....D..x.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...*P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.Z.@...{..Q:.vE.,.H.....wP.^.4YML.e.f.$.{..K.}_...[_.[^...?3 .l...d 3....s.7....z.?F....."BJ.r.\....a@rJi..{....<t.......W.>.....eq..x....~.....<.>.4..n ..TQ.....VZ.6.NGZ.v.....(A.J...`.&..b..............j.[.,..u<.....[.=.Z....X.`.z.g.Y.iH[[ak."....4.w.>...+-M..M.....D..y.R...#>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\style.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	51433
Entropy (8bit):	4.950848998116943
Encrypted:	false
SSDEEP:	384:FLBjc7HBZDO/KRUb4XMXib+d+AwlVHI+vg7Y3K0dXtNXTXlx:d8XMXib+d+AwlxI+vg7uJ/TVx
MD5:	27F5295CCF3AD9E0E85DCAC543630288
SHA1:	19810723999BADC836ECA3DEE977B4DE1BBCA8ED
SHA-256:	5C2288CA7B324881FAAE5E368EB4D69457E2784E042E868DE335D3827BB90981
SHA-512:	FFA38A60E417B21083ED1A26301E0CE8AF712939D31FE1FC1CB3931844D9B0CAC8F998C6437FCEDADEA2A86A66BA286025A5FE1D9A411B057D12A357C68AA2B3
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-includes/css/dist/block-library/style.min.css?ver=5.6.1
Preview:	:root{--wp-admin-theme-color:#007cba;--wp-admin-theme-color-darker-10:#006ba1;--wp-admin-theme-color-darker-20:#005a87}#start-resizable-editor-section{display:none}.wp-block-audio figcaption{margin-top:.5em;margin-bottom:1em}.wp-block-audio audio{width:100%;min-width:300px}.wp-block-button__link{color:#fff;background-color:#32373c;border:none;border-radius:1.55em;box-shadow:none;cursor:pointer;display:inline-block;font-size:1.125em;padding:.667em 1.333em;text-align:center;text-decoration:none;overflow-wrap:break-word}.wp-block-button__link:active,.wp-block-button__link:focus,.wp-block-button__link:hover,.wp-block-button__link:visited{color:#fff}.wp-block-button__link.aligncenter{text-align:center}.wp-block-button__link.alignright{text-align:right}.wp-block-button.is-style-squared,.wp-block-button__link.wp-block-button.is-style-squared{border-radius:0}.wp-block-button.no-border-radius,.wp-block-button__link.no-border-radius{border-radius:0!important}.is-style-outline>.wp-block-button__l

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	823431
Entropy (8bit):	4.841119355562392
Encrypted:	false
SSDEEP:	24576:npe7+ihMhQ9B87p1RN4NnB4Dzy0WHFgEcgXrMf28aVurwA4EszVSlIfU3vdM6LpY:nVihMhQ9B87p1RN4NnB4Dzy0WHFgEcg5
MD5:	1C575EC1023D17E414E2141E42C88099
SHA1:	A04130F590F25DD6EC1A1991A2B1BE82A82A933E
SHA-256:	C3BCBF4642DB7AEF90F15228C1E4EFB417A23EC81CE79F0F7E5EDFEFD4228044
SHA-512:	2D6202599CFB3BED06B0B74C2FBDA0D93FDC0726D49655AAEFA866D87B5265127B62653228D0F22B3994DDA9229A01BFA387A18B5B857B49AFCEEBC6CE7DC7FA
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/themes/Divi/style.css?ver=4.9.0
Preview:	/!.Theme Name: Divi.Theme URI: http://www.elegantthemes.com/gallery/divi/.Version: 4.9.0.Description: Smart. Flexible. Beautiful. Divi is the most powerful theme in our collection..Author: Elegant Themes.Author URI: http://www.elegantthemes.com.Tags: responsive-layout, one-column, two-columns, three-columns, four-columns, left-sidebar, right-sidebar, custom-background, custom-colors, featured-images, full-width-template, post-formats, rtl-language-support, theme-options, threaded-comments, translation-ready.License: GNU General Public License v2.License URI: http://www.gnu.org/licenses/gpl-2.0.html./../*! This minified app bundle contains open source software from several third party developers. Please review CREDITS.md in the root directory or LICENSE.md in the current directory for complete licensing, copyright and patent information. This file and the included code may not be redistributed without the attributions listed in LICENSE.md, including associate copyright notices and lic

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\tablepress-combined.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	5721
Entropy (8bit):	5.5402705466901745
Encrypted:	false
SSDEEP:	96:G5aOb5pxD2FuQThnQKA0yVqU26qGa1NjyOi0zjtoZpr1wWTsUkSzQ54T3w5p3X8Z:+nD6uQG21sZHr1JI7HD9xxHQ
MD5:	148B4ED524102FC7D2875B8A635FC0F5
SHA1:	16BE2DFC490CB52A722DEB4434C5F9DE1B503AD5
SHA-256:	F415CE21E29AC2C078D6F3FE5EDB492897979178DE698978DF10A3616AEF3FBB
SHA-512:	4B0905E21B203399CB33957F86F1482C4539CB19EAD6DCA7E4227196F57EC7FF35F8710A88134ED1C8B80C87F16783FCDFFB978961A9FEC0AEB848BA6B750D0E
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/tablepress-combined.min.css?ver=3
Preview:	@font-face{font-family:TablePress;src:url(data:application/font-woff2;charset=utf-8;base64,d09GMgABAAAAAAPUAA0AAAAACZAAAAN+AAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP0ZGVE0cGh4GYACCUhEICoQIgnILFgABNgIkAygEIAWGcgeBARv6B8iuBzK53oAhKg2KWDsrezjalSefocfD9/uZ575PSbYEqJHAIdo6tMDGdCprFIHd+F9r+rZE46O2iHBJfoAuxwW0yfgKS8KGVFE4dHX1gPmgVhzwhcJbReQ9RWXcraeutbmNHE7T7B1sex8stfMfnkvv0XsgUZrYO1hirXme9TnUkBvQ22RGX50VAr48H54Cn9b8GD73edAAhjboBpIQ6kKOhCz7GA8V5HfzyeA6h0mnrFTJnPjxC7KCrl9caqIUg0EAYACGDBn6YGCxeIE+EkwANTWJX/brZpNfyE5o/7r9uPZjS4tESbCTExLCjxOEbxGi2dQeNEAXUMMlvADkqSV0IHXtkQXNOnI2ctJpRIPt8+HjNivx3rlQYA8FqGwdCxF2aZrdJluMnaqFvy+yngVKbBcn0fSOd1xTpnW4HTkptV8Gi2kvCeUHC0BD+D0VKMIqXniZPJyPya9D7gT6DvUpwJER6avgKDsOfW9jU+YGc/ng6MhA3VSar3NdtvrD9WHZurKVKYOi0RwlY9500YSuWDE084F+jMinu4sTudD5yBTTozA9Horpmb+M3TwIBHempnzdpu1/raWypX0JND/ki4p71CQQlFqnAvkijABrVFIq5BdNJbFncoBOF03/h3IINPQRBxJCYDoAOnkRIDR0w0BSmYiBzDinAuQ6eROg0DEGY6DUiEUYqKyILwFq2qS9GKhrpFsykdeFLmDjknYG4jKbNeNyQ1zhCoP840pdYiqu8jTW4mp6pMXH1HVJp8wRmHmQKTKiUOBVSMHrlKuBl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\translateelement[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	18724
Entropy (8bit):	5.022952956702334
Encrypted:	false
SSDEEP:	384:Y6/FpzOTH+pUwFQQFzosq6yzGy60wQHZAOcUcmMt0wGq6K:Y4FxskUwFQdcUcmMp
MD5:	15AB5DFC566A9A19F6E89A72B7819E43
SHA1:	064AAC1E8BC5A26C5986E40659BC328157EC3B53
SHA-256:	5D0A6E3BC914DB376BF187C380750B197C317E1BF40FAB9AD959AD5FACD8F9ED
SHA-512:	408F7005E58DA83DF13FF42AA8A9CA24A8A1850C35B82B9DC38F5FABFF3DB63DA5B8A6A7491647D34DBE8D358247DE819892A7712D4BB9D4C3BD3AFEB24FEC8A
Malicious:	false
Reputation:	low
IE Cache URL:	https://translate.googleapis.com/translate_static/css/translateelement.css
Preview:	/* Copyright 2021 Google Inc. All Rights Reserved. /..goog-te-banner-frame{left:0px;top:0px;height:39px;width:100%;z-index:10000001;position:fixed;border:none;border-bottom:1px solid #6b90da;margin:0;-moz-box-shadow:0 0 8px 1px #999999;-webkit-box-shadow:0 0 8px 1px #999999;box-shadow:0 0 8px 1px #999999;_position:absolute}.goog-te-menu-frame{z-index:10000002;position:fixed;border:none;-moz-box-shadow:0 3px 8px 2px #999999;-webkit-box-shadow:0 3px 8px 2px #999999;box-shadow:0 3px 8px 2px #999999;_position:absolute}.goog-te-ftab-frame{z-index:10000000;border:none;margin:0}.goog-te-gadget{font-family:arial;font-size:11px;color:#666;white-space:nowrap}.goog-te-gadget img{vertical-align:middle;border:none}.goog-te-gadget-simple{background-color:#fff;border-left:1px solid #d5d5d5;border-top:1px solid #9b9b9b;border-bottom:1px solid #e8e8e8;border-right:1px solid #d5d5d5;font-size:10pt;display:inline-block;padding-top:1px;padding-bottom:2px;cursor:pointer;zoom:1;display:inline}.goog-te-gad

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\vt[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	9989
Entropy (8bit):	7.896134661490816
Encrypted:	false
SSDEEP:	192:iD6V18a09J968h1fSOkfMLKkZR0voWbfiugYquI0GQem7+P8qMsb9VZt:IrJ9n1fdp2wR056ugYquIYeb8qMsVt
MD5:	4B7F9F6AEA141FCB493028CF9C352B33
SHA1:	5129A30323A5A569467276C546C24CE3144A1527
SHA-256:	20EB951AE3EC86ADADAD6B7689ADE6272E852615A4A69E35C040C667C57ACF3C
SHA-512:	269E263B1E8BD0D7972BF7557E97043208CE3FA8A7A53FBACA4E84422EDF214A4C01D25D2B6AD219C022AC173921EC8968F7A6F1E5616D45C209D87FC3C24E76
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/maps/vt?pb=!1m5!1m4!1i15!2i6509!3i12514!4i256!2m3!1e0!2sm!3i546272096!2m37!1e2!2sspotlight!5i1!8m33!1m2!12m1!20e1!2m6!1s0x0%3A0x541ada6509ab0292!2sMesa+County+Health+Department!4m2!3d39.0786595!4d-108.5042582!5e0!11e11!13m14!2sa!14b1!18m7!5b0!6b0!9b1!12b1!16b0!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sUS!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=75510
Preview:	.PNG........IHDR.............k.XT....pHYs.................PLTE..................................................................kv{....}.....Tnz...?~...^.m..0.. x...v...e.................S.L..&!IDATx......:....-=............R.H.v....@.OdY.%...`......._..o.>@...Z......hS.M.Y....c..?..q..$A%...<.B$......^....qD.....Sk...1.........i..a{<NV.......-...,:..1~....1..wy..z.~I..=$.........^w....o..'B.....J..l.......fg..g....FYw...OD.....@..(z.I7;.K..`.?.~w.?.nxY.B0./...."Tm.?..[tl..o.....@X..YT.HP..M.....w#....o..o..o..o..o..o..o..o..o..o..o..o.$.P.......c..S(T..cJ...)..\..B.'.'.E..#I_..,.x.m....z_GN.Ir.M....Rm....o..&._G...v..D.."F..B...../q...8........x...Q....X."[.Z.....I.}~...#..r.".dm....S&.#.Dx.n..q...H.....;F-q..I..").,...w...v.a......!.....g.....J.H....3.../~..!l.<..W..h..yo..2~AzF7.o5...........!.........'.>..[.`....6....?...Om....Tb...u.I.e.W..P..@>......^...5..`X.4j.P9..4.q5b.m..<....E.G....'R,M\|?..W.*.e.Tl.b!.G..V.r...q.e....b...Q.q.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\vt[2].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	12353
Entropy (8bit):	7.902991461636623
Encrypted:	false
SSDEEP:	192:odJg0KaA75FSFLAsa9thgMZZNFxEi5oHQ5ZRnmeVdi5qDxVQncnNo9YVc:8hA752LAsa9ZtEgoHQ5ZRmeVdtDxVXo9
MD5:	5CF47E2C1618BEC4CD01B3A879D8FFB6
SHA1:	23BE355933B07E632132270DCB328950E3381851
SHA-256:	24AAFF69745EF9CBD67D05D8C713AAA74A7C94F08A02779F3C7EA1CDA47B15F0
SHA-512:	70E5A73EA2323655AE04FEE9FA4BD411518E05533BA07EAB9023D32D0494FD6D1B6C877D5CDC44D21FF2B019AC969F3C7E0D80B3B15D0E742D38854BF5123B26
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/maps/vt?pb=!1m5!1m4!1i15!2i6507!3i12513!4i256!2m3!1e0!2sm!3i546272120!2m37!1e2!2sspotlight!5i1!8m33!1m2!12m1!20e1!2m6!1s0x0%3A0x541ada6509ab0292!2sMesa+County+Health+Department!4m2!3d39.0786595!4d-108.5042582!5e0!11e11!13m14!2sa!14b1!18m7!5b0!6b0!9b1!12b1!16b0!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sUS!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=12979
Preview:	.PNG........IHDR.............k.XT....pHYs.................PLTE...........................................................................kv{....................T...kf.......NJ)\|....# n..x...s.......1.E..7..Tnz.......C5...._W.../?IDATx....{.......$w;==}f.....{@J..e.q..=.kw....m..@....x%y..k...d./...3....r...G..s.0)nBbdR,)...x..p.......'C/....>.1'.7f%..m.ox^?.n.K...V}.^^6...>y+%.^.1.q..8..^d....F. .. \|y.ZQ.?5..~...}.7..'..<..].I....VD..F...x..j...@...z......~.y......H=.w..j?\...q./.........# Q_.. ....iH.%.a..T..:..v..3.M..O..45..P.......5.__jw..IG.E.H.R..a...!..7...>.e..k<!.l..`...af...u.....U....u.....1H..{.@..OU(uLd.LuJ....O.i.....'.{..a/......j3...Ou.y.%.26....D.yy...}..Hw..=.jb../_..2.g.q...j........A.E....#....h..........!.DgX.......z.P}.....Q.S9.........M.h....6..Y....Uk^..r.sj.....2M......e..Y...@.........V.k...\|..h..F`.KHjF@u[.<..;B...!L.n.........YM...a.k....b..$....~..7.R#a..a. Xt.E.........6......k2>.l....m.AS..`.&A..t.j.w..'D`...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\vt[3].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	12155
Entropy (8bit):	7.895749065902722
Encrypted:	false
SSDEEP:	192:B29fhSDN4SNalB2o+tOytF1p0ytaVTwalsQA/5Vu:BHN4SYl6tdtF1pnt2TNsQm5Vu
MD5:	5CE99200DEE768EA51DB6C7D8B2797DB
SHA1:	834CAC09B2479F6FD8177E7868B6775390A00F93
SHA-256:	A51116A1B2522674E68D10611CABB521A35329CB2C83844CC01EA0551B4B69D0
SHA-512:	8DE09349B05DE67D10CC0565AA9FFE8D93FE9A14D15FFFD86C273122B6A4A9F948420DB9F334A17E9E2B52FFA7F8AD6C9E48D57072706A325ED8E02FCAADB6F3
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/maps/vt?pb=!1m5!1m4!1i15!2i6506!3i12514!4i256!2m3!1e0!2sm!3i546272120!2m37!1e2!2sspotlight!5i1!8m33!1m2!12m1!20e1!2m6!1s0x0%3A0x541ada6509ab0292!2sMesa+County+Health+Department!4m2!3d39.0786595!4d-108.5042582!5e0!11e11!13m14!2sa!14b1!18m7!5b0!6b0!9b1!12b1!16b0!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sUS!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=17752
Preview:	.PNG........IHDR.............k.XT....pHYs.................PLTE............................................................................................(\|...kv{......s.......\|.....R..q.....6..D...........~..u.......Fb.....v.x;...v.l<.}.H.Tnz..l.C.?..........x....e.m........T.......r:.f....+IDATx....w.:... ..........~...3.3.`..q.l.~.{.q..y4]....N...w..+.l{.dls7._i+...@0..u&.#........ ......N6..j.4... .........L....`..".dv%..'.`......Mo......_3:....4...}p........@0....B..!x".b........`^.#?.%..\|v.....NF..{../...W........m..$.>..q............3...x)..R..^.+%.dY.M.......p.....K<.....\....HP.y.m........cL..K. .......a.Pi.>..G..V..Q..vu.3...!c.).....s.....V....3j.4..#fkx..\|.f;.....]A..9.#........o2.v=nz.M.....]..{]..T..'....b.~.!..+...[...s6d.{...b..F5..y........_...$.. ................V.A......]/...O......3~9s.fp..0..g.ao...1#)`5........;5..RTjB. s..B....;$.....H@ .5\|.....?n....x.......,*..d.8C)."...........-.. .].x.o[.?

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\vt[4].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	13078
Entropy (8bit):	7.9036719377536615
Encrypted:	false
SSDEEP:	192:RgjM76dVi7EuWCWMzAI/f40llgTDxUNrhpIr7hJmFTD9H8KkpSUEiq8szkmJl:D7Oi7EuWuR340TgaOmhxhY/EiBsTv
MD5:	8252F9C14B0AD3F1AF1B2A7F4631A28D
SHA1:	96C88D2A4C1D3E4D45DE8AE6F45927E8C9786C19
SHA-256:	55BD5C58CF51FF8C576E43CA374C5DC20468DEE2AEC992DBBBF56CBEEB68860D
SHA-512:	8859C9F96D5BE4748072DC4CC6CA7869524CFEB34D450D018FAB6FD9F03E761D854C1DB5C98BA8AEC03F68E09155BBD8E421B80C3E0EDDCA92368B8687F6B89D
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/maps/vt?pb=!1m5!1m4!1i15!2i6508!3i12512!4i256!2m3!1e0!2sm!3i546272000!2m37!1e2!2sspotlight!5i1!8m33!1m2!12m1!20e1!2m6!1s0x0%3A0x541ada6509ab0292!2sMesa+County+Health+Department!4m2!3d39.0786595!4d-108.5042582!5e0!11e11!13m14!2sa!14b1!18m7!5b0!6b0!9b1!12b1!16b0!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sUS!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=14040
Preview:	.PNG........IHDR.............k.XT....pHYs.................PLTE............................................................................................Tnz...~.._w..........q..i..t..T....8...N.f.........7..(\|..s....x.....kv{...m..2.IDATx....v.....E]]...I.O.y.'.?H.H.\.Lv.....#~b.A...>.8....\..Y..^....CO.6..s...%.'.Q..-....%...E.y....t:.X..8k\.g<....n/......T.2...I..aX....e..5../.........x.'...........F..]..M#!../...7Hl#..l....m....XpsA.T....i.S...r.c..>..m7ka...0..m....g..p.....rn....pK.c 0^.z.V........ -X..).:Q...5.1.s.....eY.....Z..g..O[.6.B.@....4.}.tM&...>....x...pp"..}.?.'...#.J.c.t..<....!. ...0v.....j.U..s-.......$.F..}t.`.....B.j..~6Z.z..6.....g..<..<..`....j...x:.."..<.f.I....o.x.......qn..}.......D.a. .^.....9=n.x.\..k@.k....@.........Nh..N..j.4*....#....7L.4b.>..AU.B.A.m...x..y....&w...>..C..$a..X.X.=....p ..S...t..b..)S..e.....!.A...z.X.'p...R8<o..n:Vg..Q@.u.p..=.X......{...L...}.E..JX..l.....p.....p....p-\|.v....5......z.......y.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\vt[5].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	7852
Entropy (8bit):	7.854703553850602
Encrypted:	false
SSDEEP:	192:VsTHTJl4pXfSJvG36q7hbAQywv9Gzbb9h8TJCiPKG89tMCO+:VsrT7sXvr7NzhKhwJfKv3MCZ
MD5:	204891B5F27AAC4B145960BFC89A719F
SHA1:	5DCAACF4E71AAE50593FBAED6E289ED271BE0FA6
SHA-256:	A7449A0D7B4442C0008C9DA8E996512A01F1F00B011C2E22E08710A688CDD24E
SHA-512:	6BB0F510ACFDF17E858069AAB58501001D7E74DFD80A7BE6227F2E7EDFAD76413BFE77200B31FA39CE9BD18BEA2C71305C4CE125A93F34629EC4AC502851ABAB
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/maps/vt?pb=!1m5!1m4!1i15!2i6509!3i12512!4i256!2m3!1e0!2sm!3i546272000!2m37!1e2!2sspotlight!5i1!8m33!1m2!12m1!20e1!2m6!1s0x0%3A0x541ada6509ab0292!2sMesa+County+Health+Department!4m2!3d39.0786595!4d-108.5042582!5e0!11e11!13m14!2sa!14b1!18m7!5b0!6b0!9b1!12b1!16b0!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sUS!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=42113
Preview:	.PNG........IHDR.............k.XT....pHYs................HPLTE.......................................................S.....s.kv{...`....IDATx....b............;2......d.<.3m..}.dm....In...z..&I.....sc..r.r..a.. .`,j..&-._.Iv.\o_..?....m...g.Xi...... p.(u.zk.k.\...n.z..JhS[k.N...(._J.E.h\....[..n......O...WU&.P.P.r.../.....V..15...^..\G...2.`...L.....Z.US.zk.Q.$...!emJ...$...~JAb .>.!.Qs.e..\..e....L.]m..i..F.[..T.T..l..t.ahs.W.47.....(.6....Z..$?...5...$.:.8..WO.".n...IB...H]ya})...x..T.....'A.d.t...I....t..>hR5`.j..E...}..A.).&.D.r.$A(...T...2c.Z..o!...$..\|+`p.Uet^U3;...b.?.S"..yQW........<.wu!u...Y.../#...W6...R.......4\|..[.g.U.yX...B...5l.....o..)"K..d..X.]Q......A.`..............B!../.....T.o.T.1.L....`l..r...@.L...BD...T...P.....I%ZZ.l..18t../..6PQ..r....4....l .s.c.7G.......$......p._.)j.w. .+.+...E.."....(._W...'$t.z.m...@M..*..!.%..W.y..N....F@"._.5b..}@u.@.A).R.....q9:Q......e......Yc.2]..3.g6&>........Z>...L.....J.#.....,-&.D.....B0..k.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\wp-emoji-release.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	14229
Entropy (8bit):	4.959165424851354
Encrypted:	false
SSDEEP:	384:inJ5kNuPTbUUh31//bEP+XgA3FqC2effJmp3:iJ5aUUUh31//YWXgA7ffC3
MD5:	EAA8641BCDA2371F4024A71FBB67DE3B
SHA1:	0E46C39D3821683C856605A82254115F9A6A7792
SHA-256:	0C5F584D1EA2C3313DC8C55824C2A572D3CF2EAE87C5CA62A58E598AEC9DDB5C
SHA-512:	82B6B84D0A7A28D6A8B013EE41EEF27E1DF8C1FCA396DFB4ED6D01249E12479230CB2D3683A56EB80651D22046C74506D194FA34B05E2A8AD8A08AE297F79AEB
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-includes/js/wp-emoji-release.min.js?ver=5.6.1
Preview:	/! This file is auto-generated /.// Source: wp-includes/js/twemoji.min.js.var twemoji=function(){"use strict";var f={base:"https://twemoji.maxcdn.com/v/13.0.1/",ext:".png",size:"72x72",className:"emoji",convert:{fromCodePoint:function(d){d="string"==typeof d?parseInt(d,16):d;if(d<65536)return a(d);return a(55296+((d-=65536)>>10),56320+(1023&d))},toCodePoint:i},onerror:function(){this.parentNode&&this.parentNode.replaceChild(g(this.alt,!1),this)},parse:function(d,u){u&&"function"!=typeof u\|\|(u={callback:u});return("string"==typeof d?function(d,b){return o(d,function(d){var u,f,c=d,e=x(d),a=b.callback(e,b);if(e&&a){for(f in c="<img ".concat('class="',b.className,'" ','draggable="false" ','alt="',d,'"',' src="',a,'"'),u=b.attributes(d,e))u.hasOwnProperty(f)&&0!==f.indexOf("on")&&-1===c.indexOf(" "+f+"=")&&(c=c.concat(" ",f,'="',u[f].replace(t,n),'"'));c=c.concat("/>")}return c})}:function(d,u){var f,c,e,a,b,t,n,r,o,i,s,l=function d(u,f){var c,e,a=u.childNodes,b=a.length;for(;b--;)c=a[b]

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\wp_head[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	1944
Entropy (8bit):	4.803283266105072
Encrypted:	false
SSDEEP:	48:iYu89uypndGejdGegK57VLmaXeTo9jg4Od:LG2m3d
MD5:	87F6BA7D7110CEFE022FEA58BB438581
SHA1:	CB2135F04AA9D51496EE7DF990AE1E4E0FB9F154
SHA-256:	D027BC83D86FA35E7813C581F84A55991BEC89F3C320D672F3B6309D046758D5
SHA-512:	8FAC94AAFFECE56042349E5BBACA4A71015FE029212182570337C31F43868A6F3C255FB84B4ABC27B6DD0FE35959ABDE7507C73CA2D58B03E0095BA1826C9017
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/uploads/wtfdivi/wp_head.css?ver=1607306625
Preview:	@media only screen and (min-width:981px){.et_header_style_left #et_top_search{position:absolute !important;right:0}.et_header_style_left #et-top-navigation{padding-right:40px !important}.et_header_style_centered #et_top_search{position:absolute !important;right:-20px;top:10px}.et_header_style_centered #et-top-navigation{padding-right:0 !important}}.et_header_style_left .mobile_menu_bar{display:inline-block !important}@media only screen and (max-width:980px){.et_header_style_left .mobile_nav::before,.et_header_style_slide #et-top-navigation:before,.et_header_style_fullscreen #et-top-navigation:before{content:'Menu';vertical-align:top;line-height:2.2em}}@media only screen and (min-width:981px){.et_header_style_slide #et-top-navigation:before,.et_header_style_fullscreen #et-top-navigation:before{content:'Menu';vertical-align:top;line-height:2.2em}}.et_mobile_menu li a{font-size:16px !important}@media only screen and (max-width:980px){#et-top-navigation span.mobile_menu_bar:before,#et-top-

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20464, version 1.1
Category:	downloaded
Size (bytes):	20464
Entropy (8bit):	7.969622511404751
Encrypted:	false
SSDEEP:	384:edA/1eSg82dg1kGeF2BFDEE+/adkuouo34TjkWqTExYOYg/c1iuHotcO:ey/1eSnLkGeWFQECadcLIc/TEfYr1RO
MD5:	87284894879F5B1C229CB49C8FF6DECC
SHA1:	FB1BD3BAF122D5D350EB387F0536C20DA71F09DF
SHA-256:	BA98F991D002C6BFAAF7B874652FFDCDE9261A86925DB87DF3ED2861EA080ADF
SHA-512:	663BA95BBBC6F7E65D7B1293E4A044C9111438A03B16664FC38A2B2F2C1A4CE96991C847B36691388AB322525A83DB2724CB4D1B9BF0440727F0B5CA7073AB8C
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc-.woff
Preview:	wOFF......O........D........................GDEF.......G...d....GPOS.............~..GSUB.......'......r.OS/2.......Q...`t...cmap...\..........W.cvt ...T...\...\1..Kfpgm.......2......$.gasp................glyf......;...l..(.4hdmx..H....l....."..head..I<...6...6...rhhea..It.......$....hmtx..I....x.....gO.loca..L........._.C\|maxp..M.... ... .(..name..N...........:.post..N........ .m.dprep..O........S...)x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x....dK...{....?..F?.\|.~.m...ms.{.Z..;......U.]7s......\.=D.=.7...>....x...D..O\|.U:...\|o..3.x.j.r"B.............../.)x$.'"j.....1LGmaGxQxG....~.:'.A..hd.z,.k..KO.....^.}H\|#z_.O......R..A...9..A..!.(./..."..:.Iq1.r..s..r.7r.7s..q.wr....nz..]...2..d4c..c....d....T.1...d....\....,c9k.g..Yv.#O."%...... ...t"uM..%.......j.#^.....}\c.q.i...<jy.D...C.01.2.r.....V..z.W.7b..L.S.41]..kUs.X/6..b.........(..(...K..{.^..'........`#./..B......N+p.m`...].lQ....Drg.M..Kx.^.S.*..........h ..$.k.'Hy.I.ze..4z.-T.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmSU5fBBc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20348, version 1.1
Category:	downloaded
Size (bytes):	20348
Entropy (8bit):	7.971548837012925
Encrypted:	false
SSDEEP:	384:sSRPUR1eEsGitLcRtdt6S1PvpjwY9O1V6LTFY88fFFEagMR3SAFNE/A:saP+1eBX4Rtdt6EJjwY9O1V6Pm82lR39
MD5:	B00849E00F4C2331CDDD8FFB44A6720B
SHA1:	5B7820FEC8F9810E291E1EB98764979830ED6621
SHA-256:	76B05400FFF9DA5B43862E3713099E3913916A629560265ED24B19D031227CBF
SHA-512:	64F2BB1D16525CB5435CC3AA253D83669C321D68695CDF14218EEE43B5347DD6BC67B23D6F5E359971B1FFA72857C2C9DCEC0370535F12EDC20AF42CF41CF661
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc-.woff
Preview:	wOFF......O\|................................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......P...`t6..cmap...$..........W.cvt .......X...X/...fpgm...t...4......".gasp................glyf......;...lxRn..hdmx..Hl...l........head..H....6...6.Y.ihhea..I........$....hmtx..I0.........._Gloca..K.........k.N.maxp..M.... ... .(.\name..M........\|..9.post..N........ .m.dprep..N........:z/.Wx...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x\|D...ct.Kx..H@b.3..l..#u.....L......^..4.....rP..{.......Q...JT.:Xu>..T./>...oq...........~..@.....lq../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.\|.....n........PHaE...J...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOlCnqEu92Fr1MmYUtfChc-[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 29072, version 1.1
Category:	downloaded
Size (bytes):	29072
Entropy (8bit):	7.983483723329373
Encrypted:	false
SSDEEP:	768:zBkSckqqHihi/W8xpEkPDtRcQMop6MON1/61gy/3:z6hiegEk9hpeaSK
MD5:	51DB4691B982B906D8CD9DE2E2C230FD
SHA1:	9FBB71013E9852B17F7AC20772BBCF06B5378F31
SHA-256:	EB9DC5F435B586C2A882005BA681B31C537230E937C2C2F22F644F118412EF3A
SHA-512:	5B1D36D71EECEB38E8FB45AEC54C04727CD5544DD063603945769F2ED94C9A8741EA957487F6CD1EFBABBB0E37923AAB76E4178F66FE3230229111E7B61464BF
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmYUtfChc-.woff
Preview:	wOFF......q................................GDEF.......]...\|...~GPOS............C..%GSUB.......X...bk.eqOS/2.......N...`v.!.cmap...L.......hW.u.cvt .......Z...Z...=fpgm...x...3......#.gasp................glyf......T.....?...hdmx..g........./"..head..h8...6...6...Rhhea..hp... ...$.]..hmtx..h.........aa^.loca..lT...V...tJ.r.maxp..o.... ... ....name..o........\|..9.post..p........ .m.dprep..p........8...Cx...........El.6...sC{.P.A...Lx.."...?....%.om#...Xq.8W\..7....~....I.y.S......V..8..I.&...x.d..G.A....l...+P,V..@...IV...7............`....>G .1....`....`.9W...mI..VW...lN^=.......0.Y. .L.%..Iz.1.X`.].U.M.wmt)."jt.{....-......].._.c...T..i...Yr(..MVj=.5.m.....mU.B. ..l..9?U.K...u..jL.4..........A.Mx.......G.p.G.<.8.....m.6..6.J...b..KW.=x...w...../ $,*!%-#..........o`dljnaiemckg....L.<#.......m.....m...YK...p...'...D..%Z.DI..H.%[.<...(S.J.Zu.5h.Y.Vm:t..g..Q.&L.2m.9...X.a.=...:v..k...{...w.>}..O9=.I.D..~....k.m.m....mpm.....~.GM.F7.._fVv...~.He.dL.L..K.......d.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\KFOmCnqEu92Fr1Mu4mxM[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 20268, version 1.1
Category:	downloaded
Size (bytes):	20268
Entropy (8bit):	7.970212610239314
Encrypted:	false
SSDEEP:	384:LyfRPUY1e32pJd75q1DzPjsnouCrZsZtetWFNFfIP0cIWvdzNcrm:uJPb1em3dSPjKrZYtWntk0wvdzh
MD5:	60FA3C0614B8FB2F394FA29944C21540
SHA1:	42C8AE79841C592A26633F10EE9A26C75BCF9273
SHA-256:	C1DC87F99C7FF228806117D58F085C6C573057FA237228081802B7D8D3CF7684
SHA-512:	C921362A52F3187224849EB566E297E48842D121E88C33449A5C6C1193FD4842BBD3EF181D770ADE9707011EB6F4078947B8165FAD51C72C17F43B592439FFF4
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxM.woff
Preview:	wOFF......O,.......P........................GDEF.......G...d....GPOS................GSUB.......'......r.OS/2.......P...`t...cmap...$..........W.cvt .......T...T+...fpgm...p...5....w.`.gasp................glyf......;Q..lD..&0hdmx..H....n..... ..head..Hx...6...6.j.zhhea..H........$....hmtx..H....t......Xdloca..KD........BC%.maxp..M0... ... .(..name..MP.......t.U9.post..N ....... .m.dprep..N4.......I.f..x...1..P......PB..U.=l.@..B)..w.......Y.e.u.m.C.s...x.h.~R....R...A.J.x.l..h.a........l.m.6.1+.X....i...y....&...._..63..5....2>...x\|D...ct.Kx..H@b.3..l..#u.....L......^..4.....rP..{.......Q...JT.:Xu>..T./>...oq...........~..@.....lq../.... ..#..".&.8.H$..r...J)..jj...&..f.=.9..N9.....'F..8.4.....m...m...m.m..n..&.X..}....S.\|.....n........PHaE...J...4..MjJ.*..nW)..rn3'/.....ks5zY5c...Mgg.5..p..rR{c...p..t\.8.c=..p...X.(.......7....=.........!...H ........(.0...(.q.JT?.b..z].'T...m..vNi.....t....:P.R..H....t.........&?.:.j.51+.S.":j.SK'I.^....}S.i.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\analytics[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	47332
Entropy (8bit):	5.518633523108405
Encrypted:	false
SSDEEP:	768:UyC36rcBLbfsl5XqYoyPndHTkoWY3SoavVVy2WiCgYUD0FEw0stZb:UyDAZfY5hVdHTwY3SoIjw0sD
MD5:	6A10EB2BB5C90414980729F4F96FFBDA
SHA1:	8BBBD5948255549E4B691B614AA3177DEA9AF1B7
SHA-256:	0F3BE44690AE9914AE3E47B7752E1BDEA316F09938E9094F99E0DE19CCD8987A
SHA-512:	5A505CBAAEEAB8961AA0DE94767F76A09B6F03E60EB0C72954B85EC0392EE1CE383D2088939A314D3175AB24B7A69390C841CFE0237C1D1C40966B43F22AE929
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var n=this\|\|self,p=function(a,b){a=a.split(".");var c=n;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},r=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var t=/^(?:(?:https?\|mailto\|ftp):\|[^:/?#]*(?:[/?#]\|$))/i;var v=window,x=document,y=function(a,b){x.addEventListener?x.addEventListener(a,b,!1):x.attachEvent&&x.attachEvent("on"+a,b)};var z={},A=function(){z.TAGGING=z.TAGGING\|\|[];z.TAGGING[1]=!0};var B=/:[0-9]+$/,C=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},F=function(a,b){b&&(b=String(b).toLowerCase());if("p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\blankshield.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	1910
Entropy (8bit):	5.137218997140188
Encrypted:	false
SSDEEP:	48:R+G7Gb54BiOIgmFpCBf6OfIyk5g0+y2XGw+3q3sxNrj4VD/:R+H44vFplyK+xkaYrj4l/
MD5:	48BC9E9D8BEB4A741F8A1A120B02D928
SHA1:	50BB3A7EC50F899DBCB158810FB36CE43FA0EAAE
SHA-256:	DDE3C511EC41476049936D42EC7EB5FE292454BC990D42684B4250926A50C1AA
SHA-512:	B1FFB9AA95D1887977A48849E38A5B79BA66D8CA83F3D6EE13E329A2BB3E890511D48F3505F46004F1DEB1215B717A3744B92C1BD2A90597A6703DFE9B090A34
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/plugins/better-wp-security/core/modules/wordpress-tweaks/js/blankshield/blankshield.min.js?ver=4121
Preview:	/*. blankshield - Prevent reverse tabnabbing phishing attacks caused by _blank. . @version 0.6.0. * @link https://github.com/danielstjules/blankshield. * @author Daniel St. Jules <danielst.jules@gmail.com>. * @license MIT. */.!function(e){"use strict";function n(e){if("undefined"==typeof e.length)o(e,"click",t);else if("string"!=typeof e&&!(e instanceof String))for(var n=0;n<e.length;n++)o(e[n],"click",t)}function t(e){var t,o,i,d;return e=e\|\|window.event,t=e.currentTarget\|\|e.srcElement,i=t.getAttribute("href"),i&&(d=e.ctrlKey\|\|e.shiftKey\|\|e.metaKey,o=t.getAttribute("target"),d\|\|o&&!r(o))?(n.open(i),e.preventDefault?e.preventDefault():e.returnValue=!1,!1):void 0}function o(e,n,t){var o,i;return e.addEventListener?e.addEventListener(n,t,!1):(o="on"+n,e.attachEvent?e.attachEvent(o,t):e[o]?(i=e[o],e[o]=function(){t(),i()}):e[o]=t,void 0)}function i(e,n,t){var o,i,r,d,u;return o=document.createElement("iframe"),o.style.display="none",document.body.appendChild(o),i=o.conte

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\common[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1360
Entropy (8bit):	4.944300057947054
Encrypted:	false
SSDEEP:	24:26etXyrZKPFsPOqKbEFaOQAOsrnh+KGwgaO9+aO6GWc6ihCsyO6edgQGAauNWaGM:aXnds/r1nh+Kngv+k/cTh0edL3jEMupi
MD5:	82B34A0F20682B94458A89521A92C7CA
SHA1:	CD97BDD72C8F7CA65A37EA7D78FF71580633169A
SHA-256:	C05EE8FAC93FDE19412046A913B9AECD86210ABA6B72CFF7C94E01170DD11E3B
SHA-512:	DF8292CF42883FD65320FDB0A7C731F38BD7ADF4BD8F9D7E90DE3F1F3FE927FFC6CC28267825E2F7F20B8F2E50CB7E2712CA6DF43CA74CC672A094913121ABC0
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/themes/Divi/core/admin/js/common.js?ver=4.9.0
Preview:	(function($){..$(document).ready( function(){...var user_agent = navigator.userAgent;...var is_opera_edge;...var browser = user_agent.match(/(opera\|chrome\|safari\|firefox\|msie\|trident(?=\/))/i) \|\| [];...var browser_name = '';...var browser_class = '';....if ( /trident/i.test( browser[0] ) ) {....browser_name = 'ie';...} else if ( browser[0] === 'Chrome' ) {....is_opera_edge = user_agent.match(/\b(OPR\|Edge)/);.....if ( is_opera_edge !== null ) {.....browser_name = is_opera_edge[0].replace('OPR', 'opera');....}...}....// use navigator.appName as browser name if we were unable to get it from user_agent...if ( '' === browser_name ) {....if ('standalone' in window.navigator && !window.navigator.standalone) {.....browser_name = 'uiwebview';....} else {.....browser_name = browser[0] && '' !== browser[0] ? browser[0] : navigator.appName;....}...}....browser_name = browser_name.toLowerCase();....// convert browser name to class. Some classes do not match the browser name...switch( browser_name )

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\cropped-MCPH-Logo-Tag-Transparent-32x32[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	702
Entropy (8bit):	7.627728133277769
Encrypted:	false
SSDEEP:	12:6v/7i96A2TZ/qtK3qKtdd7yDSqeIZgNeWJrQkln4Pus8qYa3b+7pDo9dq5Vazx0f:WA2TJJa4ByZSf5Qe/s0aiDo9k4zx0wMJ
MD5:	C06CD8560ED66B10B2AAE0D64EA56109
SHA1:	87F1F68F04DF632E00A98674A2324496E5D72B02
SHA-256:	2701A33425FF762CCA32273D0A359C0B1486A16323E8225F584C99204557A60B
SHA-512:	25BCCD75C062F9E1BA5A55A66F6784848B1F61BBA2F9E1CBB25478A56584809211FCFC6A6BA3576CD88F69F48BC4CF4C887F1BBD6D4F860FF98431C0239C9E15
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/uploads/2017/04/cropped-MCPH-Logo-Tag-Transparent-32x32.png
Preview:	.PNG........IHDR... ... .....szz.....IDATx...?h.P..q9J....d8...).%..9:..D.p."R.C.AJ)NRD..tp:Dn8.B..("E.Jq..d..p.q.).(.t(E....<.\.th...I.....^^.K..;l..F....?.fv9...5.eG3r.=p.....Lc.y[7U.....v.....2x..a...~..x.@V.Y...mTR.UQ..B..+..h...K@..p.O2x.....A...L...>a^(....<....~.?..X.[l.'!...G.n...}.h....Z.x.l.E...........e...Q..E.4m.E}..........`.5\I`....p...!.e..1.0.m.`..$F..e.-a"a...q. .1Yg..>..Ph3.t..4.E\|...~.y. .U.M!..a...&..1.>)...P.. ....u~....3._8..#...A.....l....&.4...u..=2.F0b....K........S....-.[..]L........_...bg..E(3.....a..c..t.......\...=.`R.....iq..=... .....U.;....P..m[.~.2...........&..........a.....U.(..j....${6TL.....d.{.u...8...#.{"E..k....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	12754
Entropy (8bit):	5.2691367793094965
Encrypted:	false
SSDEEP:	384:zex6AAVK6R382BOMhLCE63v3NyEUD+RRnAvIkZbwT4ucOJF:5vavdf66RAvIkZbwT
MD5:	900EB151A81307F70DA8CDE5129F4BE9
SHA1:	7F09E2C1CF5C10CD780E64CD035760C04360B64D
SHA-256:	6152CAE6F61CAA9B77A19E6090098C8F5192B87E79BBBC39E9CD18A968793877
SHA-512:	0013EDEA891EDE4F360D0470692B1F41FE7E37496669C3DB2B4C57781E1C1EED8BB5EEAF3C49E90D6E3FF2B75E310CFE5D21B47FD16EDF1E3201DF317C56F8EE
Malicious:	false
Reputation:	low
Preview:	@font-face {. font-family: 'Merriweather';. font-style: italic;. font-weight: 300;. font-display: swap;. src: url(https://fonts.gstatic.com/s/merriweather/v22/u-4l0qyriQwlOrhSvowK_l5-eR7lXff2jvo.woff) format('woff');.}.@font-face {. font-family: 'Merriweather';. font-style: italic;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/merriweather/v22/u-4m0qyriQwlOrhSvowK_l5-eRZAf-Q.woff) format('woff');.}.@font-face {. font-family: 'Merriweather';. font-style: italic;. font-weight: 700;. font-display: swap;. src: url(https://fonts.gstatic.com/s/merriweather/v22/u-4l0qyriQwlOrhSvowK_l5-eR71Wvf2jvo.woff) format('woff');.}.@font-face {. font-family: 'Merriweather';. font-style: italic;. font-weight: 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/merriweather/v22/u-4l0qyriQwlOrhSvowK_l5-eR7NWPf2jvo.woff) format('woff');.}.@font-face {. font-family: 'Merriweather';. font-style: normal;. font-weight: 300;. font-display: swap;.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\custom.unified[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	495945
Entropy (8bit):	5.2946316242662075
Encrypted:	false
SSDEEP:	6144:jEuC7oxYUFtWYgD+M1E3dq/r4rgUw94sLkM6isx4fAd3eEMM1ZqVJYw1:wuOoaUs1Mw9lLkM6isefk3eEMM1YT
MD5:	D8225E3AF6F253051AF094D3C53F2CEE
SHA1:	ABA2774FF1CF50C1865B4B4F04C6E63B9788A540
SHA-256:	A4B15B5110DABDEE8DD604A4C5C784CF0B38FE61D5A2241A8282E418A2178454
SHA-512:	4FC09EB38E59C76F1CE93DB068E21CC391AA1CC4D21F4746CF2FBAEF81129D190850D2763AD8D55AF7201A7E8E746C96405A782E866601CAEDDBBB242E36E31D
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/themes/Divi/js/custom.unified.js?ver=4.9.0
Preview:	/! This minified app bundle contains open source software from several third party developers. Please review CREDITS.md in the root directory or LICENSE.md in the current directory for complete licensing, copyright and patent information. This file and the included code may not be redistributed without the attributions listed in LICENSE.md, including associate copyright notices and licensing information. /./! For license information please see custom.unified.js.LICENSE.txt /.!function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)\|\|Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)r

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\embed[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, UTF-8 Unicode text, with very long lines
Category:	dropped
Size (bytes):	4143
Entropy (8bit):	5.4972202536016415
Encrypted:	false
SSDEEP:	96:yMDJX7GEmL3gAYOgImL3IL3o5b66bzSkKkQvqeek:ygJyLUIG88R66bWkKqeN
MD5:	09CDFEB1C48C509EA63D44128E0F3D74
SHA1:	46FBE2AC32A5175D7DA1A06240565EA4B7C67982
SHA-256:	65AD7321A86F5E46A32A8CD38F2831CCD895DD45304A189D46D1855A89D9D45F
SHA-512:	015D99B87E0158F65090BF2AA36FFFC5D93679D10996ACAB3D698332A72DD8D178822AF6469AB49C927678F6415381613F2F1F1FD457C19F5265319C48005B2B
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE html>.<html>. <head>. <style type="text/css">. html, body, #mapDiv {. height: 100%;. margin: 0;. padding: 0;. }. </style>. </head>. <body>. <div id="mapDiv"></div>. . <script nonce="0kT9cr1NbCjIZPyg9Xngaw==">. function onEmbedLoad() {. initEmbed([null,null,null,null,null,[[[2,"spotlight",null,null,null,null,null,[[null,null,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1]],["0x0:0x541ada6509ab0292","Mesa County Health Department",null,[null,null,39.0786595,-108.5042582],0],null,null,null,null,null,null,null,null,11,null,[null,"a",null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,[null,null,null,null,0,0,null,null,1,null,null,1,null,null,null,0,null,null,null,1,1],null,null,null,[null,null,null,null,null,2,3,2]],null,null,null,null,null,[12,14,29,37,30,61,70]]]]],null,["en","us"],[null,null,null,"/ma

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\en[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	2316
Entropy (8bit):	4.46089869993953
Encrypted:	false
SSDEEP:	48:v8x5sxVJHiLAr1jHQeTBgk4e8Xdj5q5xPfsM:7JCLwFpWtlqzP0M
MD5:	431DF002BA958CA1A38E9F8195A79178
SHA1:	E7506F2702B0E02F259681134E33B1893028C677
SHA-256:	5D0E7B65B386205561AEC29E239A42545FB4E57F00AC59F8F31AD4E2560971F5
SHA-512:	BE6B2639953388C47C9B242016A474864BDDC38041DBFABA35BB248FA5518D2949A09744934D94DA9E59A2FF3D4B1DA5C01307EC62A35A97D1F0FF982FF5DA59
Malicious:	false
Reputation:	low
IE Cache URL:	https://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.html
Preview:	<!DOCTYPE html>.<html lang=en-US>.<meta charset="utf-8" />..<head>. <title>. Drive Thru Flu Clinic Instructions. </title>. <style>. body {. max-width: 800px;. margin: auto. }.. h1 {. background-color: #444444;. font-size: 36px;. color: #ffffff;. text-align: left;. font-family: Montserrat;. font-weight: 400;. font-style: normal;. padding: 8px;. }.. a#logo>img {. width: 300px;. }.. .warning {. color: red;. font-weight: bold;. }. </style>.</head>..<body>. <div class="logo">. <a id="logo" href="https://health.mesacounty.us" title="Mesa County Public Health">. <img src="https://health.mesacounty.us/wp-content/uploads/2017/04/MCPH-Logo-Tag-Transparent.png". alt="MCPH Logo - Tag Transparent">. </a>. </div>. <h1>. Covid Vacc

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\entity11[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 70 x 210, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4765
Entropy (8bit):	7.914349551855348
Encrypted:	false
SSDEEP:	96:C5raGXbfz6dbVDMp6GRoL2Ycy1EPAqI2I5aO6BLQZfYJq5K5Ic0u5NI3iE:mraAbL6NVD++aAqI2I5LDAJq5eIfuXi/
MD5:	9A942045EC3F115DAE872C3BE6B3A047
SHA1:	AF88E5C73E9D34C671A7ED099C0628C249DFD9E2
SHA-256:	EA80D10D991B201E42309C3FC535F9ABE17F5F37E4128A69E41E05B233DFB223
SHA-512:	7F5FA48CEE78FE5C887A8EB9C69076D03D6DD9B2B05E29CA4A0F7C48146064D4F94E9B0301910CBE6929B99121E99C2B309F2EEB564BDAE2F7E29259ABD66CDA
Malicious:	false
Reputation:	low
IE Cache URL:	https://maps.gstatic.com/mapfiles/embed/images/entity11.png
Preview:	.PNG........IHDR...F...............dIDATx...utT.....K.HZ&......"W..n.e....?..........8$xm.H.PA..@3..~.........ae....Ygr...og.$}rU4{j..&...v.0....D...-.........e} j.]...y.:`..\........QF........e$.1:`.-.QF.......T.<G.x.S.T.~.<G.x.S.T.~.<G.x.S...s$......>^1G..K......s$.......^1....Q....'..%..8.v.@a<.......R..;..8#...C[jQc...g$:.vhK-j.0a..p.2P..a<...e....x.3.%.@Qc.......(..h.7(.G...Tc.uC..z.S.]V.j..n.r].q..0.V.:.9..^......SiE..S......SiE..S...4Lk.D...D..~....Z+L....H.ZaB\.=..B..s..%.u.p...0.a...lWL..\jEI.u.p..E...0#.0/.)..+.Ki.3...R.&.....Da.?L4^..wA<..=.E.S^^~(..D.S..\w0.d .`...a..%...L..@....'....n...0U...$D<..-..Ei.R.-.2}.I.S.\|..bH../Z....%!J.\|..bV../Z....%!..\|.....-....;.cq...F..9..c......\..p.u.d..........\|.8q<.DH.".nwT@.T..WDwT@.T......ys+..\|...d..@,E..Fag. ;1...a.v...S.7.....F..]=\..VC{...=.Oza5.Gk.;.}'.K.k..dO..u...v..=9>n.1.#.."){r.~b.k.me....nn.o+.....(....Y....w$.....=......s*t.NKG...".bX..+.uK...B;L....P/....\|B-v.X.....8!.......8

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\google4[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 66 x 26, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2073
Entropy (8bit):	7.887345927885427
Encrypted:	false
SSDEEP:	48:n5PQwjM4/f0RJHhwEEIHAY+tYlcMECyx/R08K9mu9WQtc:5oEGJHlE8DcDmqQtc
MD5:	1AE05AD3B3C8E112E4734B2C0228E3CE
SHA1:	30C2CB03A841178FFEE8AA65B1000A556F22638B
SHA-256:	721FB9398629AE4AC2169B208A651F09A7D5E5A370323FCF8891428ACC94A4EA
SHA-512:	445456C3450129EA6517ACC53958FC3496CC9238278ED6DD0C82C2981E903DCA43E9A4D57D98D77BAAD30FD9EB248A9097F4EAECC3E8B24BB07DEA26D190A483
Malicious:	false
Reputation:	low
IE Cache URL:	https://maps.gstatic.com/mapfiles/embed/images/google4.png
Preview:	.PNG........IHDR...B............r....IDATx..X.x$...m..WW.^_.m.F...\.v..X.L{:y...o^...}.z.._u..:u.....}..._cc.......u}1!.....i.........".d..z.5...h.#e..=...y...;.....Y...2..O.?.."`..j5aT6... 7.\|D..q..xpz.1..g.V...... DJYQ.:7....\|3B....l.K./......m.J'...n.J..e9g..8D=..w....X.....&wjl......>A.....\.Td........EY_.;..s......D.I13.q.C..a...8.h......S....g./..f.`.W.?./..j......j5.!..B /.lSy_B'.+X.,....................lAs\$e#y/1.V.........1>...f.,.. `.!B.D.E+,........=.l....5-Q..M.3.O..*.E.^.W..U..m.35K.;.?\....'".,M.kjf@......bq..A9r C.rq;....=...$..g....hr\.W>`(...~.V.4x.3m......<..%....d.a;.......O52..r....." .u......jvP.K..5=_Z.....p..{..P.x.............5.T.8...Q....KJ.A....f....J.n..J.8..g.....]....zU.:....vq..,. "@..pd.....N.S...^....M.SJ..}r...1T....X!.,.........m.V.._,...\|...G.....8. D.X..C...hx.E5. .....#.F.. .....#.8..xE..H"..?..5..).E....y0h..Wt-..S;................x.....\...K....-...-.i.....O..7..Rc.cX..0@m4..X>j..c!

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\js[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	98983
Entropy (8bit):	5.521546813548626
Encrypted:	false
SSDEEP:	1536:JBcT08H+6z0oH+HfJtaSHSU2ROXMU9Kj22tWvhORO9xoliW1K9MJKPyft3FA3SIm:JGT0q+6z0Xt/ethq0isnxN
MD5:	06F016DB1B7D40D6CA07098DC633FD08
SHA1:	3A113B6A639678FFB6E264E1ABF5844BCE1E2343
SHA-256:	6DD363984C95625DFE99789BC406E4DA1F9CF81F26D1D0B502034D380A9485EA
SHA-512:	1C64697DD5410C2E35EC7E32D7D468F5303CD7ADABC7AD863AF63DD33222634DC4FD6FE691CF4CC522517C940E2C4582F6B1BD275BE22AFBFC3F98BEA0F3D883
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.googletagmanager.com/gtag/js?id=UA-76351459-1
Preview:	.// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"1",. . "macros":[{. "function":"__e". },{. "function":"__cid". }],. "tags":[{. "function":"__rep",. "once_per_event":true,. "vtp_containerId":["macro",1],. "tag_id":1. }],. "predicates":[{. "function":"_eq",. "arg0":["macro",0],. "arg1":"gtm.js". }],. "rules":[. [["if",0],["add",0]]].},."runtime":[].....};../.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var aa,ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ca=function(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:ba(a)}},da="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b},fa;.if("function"==typeof Object.setPrototypeOf)fa=Object.setPrototypeOf;else{var ha;a:{var ia={a:!0},ma={};

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\js[2].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	dropped
Size (bytes):	133578
Entropy (8bit):	5.46372334193662
Encrypted:	false
SSDEEP:	3072:14XR0gDxN70BR8266yoIf6ms3nwKMbPSCDQo63:14XR0gDxoRyopnwKMWcU
MD5:	15F5E84643A885FC936CD3517E3566FE
SHA1:	A9CB2A11F453E6732088C13F160BA1209A11C41B
SHA-256:	3B67707AEB6BD767EF08D4980BFBD01C176A07A4E25189C229D4CB029EE75942
SHA-512:	30CA58A2718FE04AB1D21E812F188926D121BEBC21D2A77FC3478A81DD75229CFB485B7C2EA88D2BA9B0133358B2DA0E514F518C1286AE4845B42D931043673F
Malicious:	false
Reputation:	low
Preview:	..window.google = window.google \|\| {};.google.maps = google.maps \|\| {};.(function() {. . var modules = google.maps.modules = {};. google.maps.__gjsload__ = function(name, text) {. modules[name] = text;. };. . google.maps.Load = function(apiLoad) {. delete google.maps.Load;. apiLoad([0.009999999776482582,[null,[["https://khms0.googleapis.com/kh?v=894\u0026hl=en\u0026","https://khms1.googleapis.com/kh?v=894\u0026hl=en\u0026"],null,null,null,1,"894",["https://khms0.google.com/kh?v=894\u0026hl=en\u0026","https://khms1.google.com/kh?v=894\u0026hl=en\u0026"]],null,null,null,null,[["https://cbks0.googleapis.com/cbk?","https://cbks1.googleapis.com/cbk?"]],[["https://khms0.googleapis.com/kh?v=128\u0026hl=en\u0026","https://khms1.googleapis.com/kh?v=128\u0026hl=en\u0026"],null,null,null,null,"128",["https://khms0.google.com/kh?v=128\u0026hl=en\u0026","https://khms1.google.com/kh?v=128\u0026hl=en\u0026"]]],["en","US",null,0,null,null,"https://maps.gstatic.com/mapfiles/",null,"https

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\kh[1].jpg Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, frames 3
Category:	downloaded
Size (bytes):	21693
Entropy (8bit):	7.9655181940659565
Encrypted:	false
SSDEEP:	384:+QD0iIem77cnqVH5L+n1Fa3HgvfU4zGayXJbgaJ33BhA/tR48n3bua96bCMITUMJ:+MINXcqnL+jCHgvfJ3gBuL33BM3MdvnX
MD5:	92354DFA74F678067B61724BD93038F5
SHA1:	0603BB8C39C38A37ED1B0F8B0B9B81D6F03F31EE
SHA-256:	5C8B4254FA090A534E0201E42CFFE12F1865BBEA1BA1C92DCF05C0CEAE111CB9
SHA-512:	2178F15DDE112F72B90CBB077CEAE935953A8B414FD3283050AF3D5165CBD9EF55D0668511DE151F30AC8B53FC457FD0570C024756A0680081A0717EE43310F6
Malicious:	false
Reputation:	low
IE Cache URL:	https://khms0.googleapis.com/kh?v=894&hl=en&x=406&y=782&z=11
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....Z......!,.9.....c.+wU.9.x.RY..t.....;x.......@.S0;W8....?:....r.2.O..j..&..;..WO."{.EH...&D(H.<g..&.o...L.-....s....W.i\|.dCP..(...\|....G.....I.3.......>.<..s.tR5.6.....(xSnT..:q.}),..Z....I"D.o.+..pp0.....k;}U..eX.X..v...Gbs..T.S.zT.o....4.h.9.03.g..5 fd+a}..u+r.O....d..=.[..2...e...#.E.....g.G'...O.i....].._.D+...\|z..4.SY:....FE..$......d.....qq

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\map[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	56394
Entropy (8bit):	5.410140575709556
Encrypted:	false
SSDEEP:	768:8YAoyprpxRpDCXLyjNgEMgsFUY55oNBrZt3MUT+lCywzonfEV9Yuxh+o2fRew:5D5sNgEbsam5onZ9q8V9M3f8w
MD5:	2EBB11062A46D8296EB50566CD69691F
SHA1:	DC0D4A1BD49F01E9F979A8B1F35AD45B7DC7C9D3
SHA-256:	997EA2539286FB3A48DA55F768411C2FB448A2786845E834A7B416238292E99A
SHA-512:	42FF5EC6C489AB0B03BB455DB00DB0373FE01146C7E273E07C577097339B77C0166C35669602A2A6637CBA4B236A6C608E5C595686080B1D122914662D3D409E
Malicious:	false
Reputation:	low
IE Cache URL:	https://maps.googleapis.com/maps-api-v3/api/js/44/6/map.js
Preview:	google.maps.__gjsload__('map', function(_){var nw=function(){var a=_.Pd();return _.wc(a,16)},ow=function(a,b){b=_.Uf(b);var c=a.Sa,d=b.Sa;return(d.isEmpty()?!0:d.g>=c.g&&d.i<=c.i)&&_.Nf(a.La,b.La)},pw=function(a){for(var b=_.Cc(a,0),c=[],d=0;d<b;d++)c.push(a.getUrl(d));return c},qw=function(a,b){a=pw(new _.Id(a.j.N[7]));return _.xm(a,function(c){return c+"deg="+b+"&"})},rw=function(a,b){return b?(a=a.g[b])?_.Rm(a,11)?new _.dn(a.N[11]):null:null:null},sw=function(a,b){return b?(a=a.g[b])?_.E(a,2)\|\|null:null:null},tw=function(a,b){return b?.(a=a.g[b])?_.wc(a,4)\|\|0:0:0},uw=function(a,b){if(!b)return null;a=a.g[b];if(!a\|\|!_.Cc(a,10))return null;b=[];for(var c=0;c<_.Cc(a,10);c++)b.push(_.zc(a,10,c));return b},vw=function(a,b){for(var c=a.length,d="string"===typeof a?a.split(""):a,e=0;e<c;e++)if(e in d&&b.call(void 0,d[e],e,a))return e;return-1},ww=function(a,b,c){var d=a.Sa.g,e=a.Sa.i,f=a.La.g,g=a.La.i,h=a.toSpan(),k=h.lat();h=h.lng();_.Lf(a.La)&&(g+=360);d-=bk;e+=bk;f-=bh;g+=bh;c&&(a=M

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\mem5YaGs126MiZpBA-UN7rgOXOhv[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 25196, version 1.1
Category:	downloaded
Size (bytes):	25196
Entropy (8bit):	7.978136937801258
Encrypted:	false
SSDEEP:	768:2SWRQO0ZgJkbRkFpk1gcKt6bDlEyrbAvz:Rq0GJkVqpmgcKtGmmwz
MD5:	7F0BC4D2D95EB471662F447F10ACAD2E
SHA1:	715F71491858DC5F08F92C3B4A351F50CF87F4F4
SHA-256:	286D76FF24B7BB6BB959AD0F8DCCA3AD453932202D0570BFB0A0CB8B6248358E
SHA-512:	5AFCBBA85EB03AD0C64C4F4D355A0453B10B3DC6E5E266FE3FAB1FD0B2FEE74EDCFA3B03B27D96F85D58E8ED3BD80245A7E309FA9FFB4DCC1A1E44F8D23EA1E2
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOXOhv.woff
Preview:	wOFF......bl................................GDEF.......6...:.z..GPOS................GSUB............$5''OS/2...X...^...`..!.cmap.......6........cvt .......].....-..fpgm...P........s.ugasp................glyf......L6..~.A..head..U8...6...6.%I.hhea..Up... ...$.).Ghmtx..U........`d...loca..X........2.`y.maxp..[.... ... .#..name..[.........#.>.post..\.........y. .prep..a............kx.c`d``.a..&.v..F..FFWFW ....$=...d.c%..fl.......]r.2..................x.U....P.E.}.....5.\A.kX..k..\.....v.c.1.p...X8../....n.C...\.%...Z..u...\.p.}.1\....z.#.....)..KB8.~.9...]]...Rg.~.1xT.jH.....3........x.c`f.g......:....Q.B3_dHc...............A......5....1.A.A.._6..".-..L.....Ar,q.....3..6.I..x....]Q...o..........6..qm...~.....g..3..s. J...4o...>(......\|.76g;N.Ln....uFQM=..<6o.O......m.M.#...T..bE..4...M..29-..r.j..5......a...3....s.ge..y-sH1......&.c.r.jR[....k.ps.Tx. .h@_.>...Z.==....n.^.....k.....`......^...us\/..us]]...rM]}/.{.=.......R..Q.(.7.%.....Bx..<.0.F8. .G..Y.u...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\mem5YaGs126MiZpBA-UN8rsOXOhv[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 25684, version 1.1
Category:	downloaded
Size (bytes):	25684
Entropy (8bit):	7.980108489133185
Encrypted:	false
SSDEEP:	384:sO53pt1aIuhEXTlbQYC2ZclfmLS7wNO0NglP05zXSruDtfN9lEJcr472p9jm:75JaIiITpQYCnmtN5gP0FXSrM11tJm
MD5:	E0D4CCF8057DAA4F5A58E1FBD8038A80
SHA1:	ED15E37A95E9C380F74A4612F2FB5B5CF0F0B429
SHA-256:	6F4CD7829E0AB8267DAC9E610DB42E685C39674C45FBE7146CA107CAC41B80EC
SHA-512:	3E86D18B76B6609E132C0B3C14083CF7DF05C5848D888E852C99DEF5791CB66DF4AE22EEB4118AF4C67E24B8BC38CCA44C45DA99C5396E2780B840C6F314AEF8
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN8rsOXOhv.woff
Preview:	wOFF......dT................................GDEF.......6...:.z..GPOS................GSUB............$5''OS/2...X...^...`.."vcmap.......6........cvt .......g.....o.[fpgm...X........s.ugasp...............#glyf......M...~f...1head..V....6...6....hhea..V.... ...$....hmtx..W....6...`.tbloca..ZL.......2..yAmaxp..]d... ... .I..name..].........%.@cpost..^x........y. .prep..cD.......1..Sx.c`d``.a..&.v..F..FFWFW ....$=...d.c%..fl.......]r.2..................x.U....P.E.}.....5.\A.kX..k..\.....v.c.1.p...X8../....n.C...\.%...Z..u...\.p.}.1\....z.#.....)..KB8.~.9...]]...Rg.~.1xT.jH.....3........x.c`f.cV``e``..j...(.../2.11s01qs.1s.01.,``.g``..b.. 0t.vfp`P...M...C.G/S....\|..K..6 ...........x....]Q...o..........6..qm...~.....g..3..s. J...4o...>(......\|.76g;N.Ln....uFQM=..<6o.O......m.M.#...T..bE..4...M..29-..r.j..5......a...3....s.ge..y-sH1......&.c.r.jR[....k.p*s.Tx. .h@_.>...Z.==....n.^.....k.....`......^...us\/..us]]...rM]}/.{.=.......R..Q.(.7.%.....Bx..<.0.F8. .G..Y.u...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\mem5YaGs126MiZpBA-UN_r8OXOhv[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 25004, version 1.1
Category:	downloaded
Size (bytes):	25004
Entropy (8bit):	7.978903570057148
Encrypted:	false
SSDEEP:	384:NQHZMrOEzGv0FkfCvQIW/HCt7oQy/u2NSXAF7Q57vRTVOq1SQgnYfScZfSmB7Mjr:lrzzGMFgCvLnt8Zuh2Q5VUCRZOr
MD5:	D2C6A4B3918B50C5F1854BB9C5D1DE0E
SHA1:	8DE0F3B153BE6114D55DAC6E69CE7AEF9CC98DB2
SHA-256:	6D764A8FFCF6DB322C1F2FB36473FBA60135B7AB93BE5969120152C0538C5EE4
SHA-512:	FC4E9632C1A6764A4C817DD0FEFF5E1FA70160FDCA8918ECA3B04BD351762E4BB93D4CC8CB2465BA0474766A48B23007432C985991047CC1B30E7605B536DD44
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OXOhv.woff
Preview:	wOFF......a........D........................GDEF.......6...:.z..GPOS................GSUB............$5''OS/2...X...^...`}...cmap.......6........cvt .......]........fpgm...P........~a..gasp...............#glyf......KK..}`.4.ahead..TH...6...6..F.hhea..T.... ...$....hmtx..T........`....loca..W........22..Kmaxp..Z.... ... .X..name..Z........."c?Jpost..[.........y. .prep..`........:..]x.c`d``.a..&.v..F..FFWFW ....$=...d.c%..fl.......]r.2..................x.U....P.E.}.....5.\A.kX..k..\.....v.c.1.p...X8../....n.C...\.%...Z..u...\.p.}.1\....z.#.....)..KB8.~.9...]]...Rg.~.1xT.jH.....3........x.c`fig.a`e``..j...(.../2.1..`b.ffcfeabbY...........@`........./..?....^...... 9.{.m@J....u.....x....]Q...o..........6..qm...~.....g..3..s. J...4o...>(......\|.76g;N.Ln....uFQM=..<6o.O......m.M.#...T..bE..4...M..29-..r.j..5......a...3....s.ge..y-sH1......&.c.r.jR[....k.ps.Tx. .h@_.>...Z.==....n.^.....k.....`......^...us\/..us]]...rM]}/.{.=.......R..Q.(.7.%.....Bx..<.0.F8. .G..Y.u...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\mem5YaGs126MiZpBA-UNirkOXOhv[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 25196, version 1.1
Category:	downloaded
Size (bytes):	25196
Entropy (8bit):	7.977935659097291
Encrypted:	false
SSDEEP:	384:TQHZHaQUUcts7ZQvy7uTPjXIgoZuWe/0xaA8VjG++a79OLvWLhBHh+V12bxGTVgS:OaQUs7uqC3q7xaVVjGsI+4C4TLL
MD5:	8D1F96760CA156600E72D529483660A8
SHA1:	823C161B9EAA9D8E22D3C08CD4262B287FECAAC5
SHA-256:	556C8B5155EED68886AFA6F1E535F88FA70B2C090D935BA9AFFB300A34F76DE0
SHA-512:	1B2BDDF32CDE3351F6DD92E4F4B1AE4A665A581357974FAA83314145754E48C7EEE4A86A18C75ACF1FD102A7333249B7FAAC605C633AAC14905A1E387DF7C38B
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOXOhv.woff
Preview:	wOFF......bl.......d........................GDEF.......6...:.z..GPOS................GSUB............$5''OS/2...X...^...`.6..cmap.......6........cvt .......[.......4fpgm...L........~a..gasp................glyf......L...{...4.head..U....6...6...Mhhea..U@... ...$....hmtx..U`.......`..4loca..X\|.......2.%..maxp..[.... ... .&..name..[.........#.@Ppost..\.........y. .prep..al........x..nx.c`d``.a..&.v..F..FFWFW ....$=...d.c%..fl.......]r.2..................x.U....P.E.}.....5.\A.kX..k..\.....v.c.1.p...X8../....n.C...\.%...Z..u...\.p.}.1\....z.#.....)..KB8.~.9...]]...Rg.~.1xT.jH.....3........x.c`fy.......:....Q.B3_dHc...............A......5....1...A.._6..".-..L.....Ar,A.....3.......x....]Q...o..........6..qm...~.....g..3..s. J...4o...>(......\|.76g;N.Ln....uFQM=..<6o.O......m.M.#...T..bE..4...M..29-..r.j..5......a...3....s.ge..y-sH1......&.c.r.jR[....k.p*s.Tx. .h@_.>...Z.==....n.^.....k.....`......^...us\/..us]]...rM]}/.{.=.......R..Q.(.7.%.....Bx..<.0.F8. .G..Y.u...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\mem8YaGs126MiZpBA-UFW50d[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 24364, version 1.1
Category:	downloaded
Size (bytes):	24364
Entropy (8bit):	7.9780064341168915
Encrypted:	false
SSDEEP:	384:3QHZZt4XLVDTVvAN+dDVaBflEY45pxDJfYiDuRA2qbCsksxqHfE5fDB5Z1iEj9:c4XLbvAN8DkBlC5nDhYiDQ8bCshA/E5/
MD5:	B7B7C77B83E9D67F6756AA2716F35EBA
SHA1:	67FE3DC0A0C49F305D6B3BD63F4F8A10CEB6A38F
SHA-256:	191DBBA54729AA43F2C5C2F118971963758D7F0DF2CC2F28F91B86A03DEE83EC
SHA-512:	CA739EE8DFCFB8A060BC0BA10C246988DCBCE4024CEC24F5F37308048C96844C67724B033F68781E86A296DFC7468ED8E1667D930D9E8C70BE96F0D284ECCDBC
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFW50d.woff
Preview:	wOFF......_,................................GDEF.......6...:.z..GPOS................GSUB............$5''OS/2...X...^...`~f..cmap.......6........cvt .......Y.....M..fpgm...L........~a..gasp...............#glyf......H...v.6C..head..Q....6...6..cphhea..R.... ...$...hhmtx..R,.......`...loca..UD.......2..maxp..X`... ... .1..name..X.........&:A.post..Yp........y. .prep..^<........C...x.c`d``.a..&.v..F..FFWFW ....$=...d.c%..fl.......]r.2..................x.U....P.E.}.....5.\A.kX..k..\.....v.c.1.p...X8../....n.C...\.%...Z..u...\.p.}.1\....z.#.....)..KB8.~.9...]]...Rg.~.1xT.jH.....3........x.c`f..8.....u..1...<.f................e...>...7.k0...c.3......l..D.Z8z.".....X<X..)..f.......x....]Q...o..........6..qm...~.....g..3..s. J...4o...>(......\|.76g;N.Ln....uFQM=..<6o.O......m.M.#...T..bE..4...M..29-..r.j..5......a...3....s.ge..y-sH1......&.c.r.jR[....k.ps.Tx. .h@_.>...Z.==....n.^.....k.....`......^...us\/..us]]...rM]}/.{.=.......R..Q.(.7.%.....Bx..<.0.F8. .G..Y.u...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\memnYaGs126MiZpBA-UFUKXGUdhlIqU[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 23696, version 1.1
Category:	downloaded
Size (bytes):	23696
Entropy (8bit):	7.977626564930921
Encrypted:	false
SSDEEP:	384:DQHZQdEnMkNiOQLSv3tOvqvyGEsROJHsjPT20jtypXYGM5i4mai7ONJAHMr3QgyG:9EMWZ9OvWE8OJMj7pRypXYGMA4Li6NyY
MD5:	E8426BC313D8A020B1B09FBF454D4E6F
SHA1:	CDF72E94C4250642C484A5074C31AF5F06363F11
SHA-256:	7D69495B59B68B69F927D4BEFBABA04AC6379F229FBCB5A36A01BCA4DED1B138
SHA-512:	3536F3AEE35A28AE33DB90DCE10E839C785ADEDC79D06355373892FA89315B34F5C7913AF4B3E00396520B912FF05072190C897F0A3FE0B66CFEFDD87CE1DE49
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKXGUdhlIqU.woff
Preview:	wOFF......\.................................GDEF.......6...:.z..GPOS................GSUB............$5''OS/2...X...]...`.@.rcmap.......6........cvt .......^........fpgm...P........~a..gasp................glyf......F...o.....head..O....6...6..zghhea..OH...#...$.{..hmtx..Ol...(...`.._.loca..R........2%4..maxp..U.... ... .=..name..U.........,.G.post..V.........y. .prep..[.........x..%x.c`d``.a..&.v..F..FFWFW ....$=...d.c%..fl.......]r.2..................x.U....P.E.}.....5.\A.kX..k..\.....v.c.1.p...X8../....n.C...\.%...Z..u...\.p.}.1\....z.#.....)..KB8.~.9...]]...Rg.~.1xT.jH.....3........x.%.1.@0....[$V{;.D.@.6...I.V..S...A...C.U...f.P.__L.H.&:3"...2.n......=.s.H......<..E..=...x....]Q...o..........6..qm...~.....g..3..s. J...4o...>(......\|.76g;N.Ln....uFQM=..<6o.O......m.M.#...T..bE..4...M..29-..r.j..5......a...3....s.ge..y-sH1......&.c.r.jR[....k.ps.Tx. .h@_.>...Z.==....n.^.....k.....`......^...us\/..us]]...rM]}/.{.=.......R..Q.(.7.%.....Bx..<.0.F8. .G..Y.u...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\modules[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), modules family
Category:	downloaded
Size (bytes):	92564
Entropy (8bit):	6.337482280506063
Encrypted:	false
SSDEEP:	1536:L2S6qLRqKELiXMjCs7VDmGWALXJ8jzxJ9OIgr26F9BEFDTs8/M/OuWhX5j63QWI/:L2S6qLRqKELiXMjCs7VDmGWAN8H79OIL
MD5:	AB43C4E3E2452CB3FE13DA5C75F55886
SHA1:	1086B2F4F2A5FE091FBCDBCA916B44D18050C2C2
SHA-256:	B41620417E9D7F07D82BB5375A9B5310A147B9D835CAB02DF078CBB16B0CC1B1
SHA-512:	A657C4B70CE80EBFDD172BC225B871658D20F22FE6855AFE24B504A26AF7F2DA9ED3049B38DF92A8EA8CFB8F8FCB5CBD9CA27DCE59252AFABD579BD27D10B84F
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/themes/Divi/core/admin/fonts/modules.eot?
Preview:	.i...h............................LP........................[.x(....................m.o.d.u.l.e.s.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .2...4.....m.o.d.u.l.e.s................0OS/2...........`cmap..........dgasp............glyf4.v.......[.head.....],...6hhea.A....]d...$hmtxa.c...]....hloca...R..c....6maxp......g(... name.X....gH....post......h.... ...........................3...................................@.........@...@............... .................................H.............~...&........... .............. b.l..........................................79..................79..................79.......I.@...>.#..%265...2764/...'&"....0"1.....2?..... ...........................@...s...............................I.B...@.#..."...'&".....021....27>.?.64'&"...4&. ............................@...........................s........................0.1..2764/.!2654&#!764'&"..0.1......18.1..............s...............................................................(.....3!.....2?.>.7>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\pxiAyp8kv8JHgFVrJJLmE0tMMPQ[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 15216, version 1.1
Category:	downloaded
Size (bytes):	15216
Entropy (8bit):	7.970064151830399
Encrypted:	false
SSDEEP:	384:n3wWfigdP2YQ7WCfmJEWhmPigd8qCXyMyA4YrxQj:nAWfdPI7PeJH0agKqCXrY+4
MD5:	F7DAE62CA2331FA03AA9DE7B10285AE2
SHA1:	C9ADE3BF10124E7A118CFB7E1FE4D3D5EEB29AEE
SHA-256:	351AB6BB588653EA54E07FD7015ADB94C883B1120DEF9344FF2FC4BD9BD50924
SHA-512:	57FAC5D265DE3CD3418EF4F1A892473DDFE87C9E808CE1BC3FF132F5D83F6DAB8AF9D7CD2E93F3DA9A47A5A0B9436DE45DA2A4D8E486A1FDC270E5BC4E275278
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiAyp8kv8JHgFVrJJLmE0tMMPQ.woff
Preview:	wOFF......;p......h.........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...P...`YU..cmap...........xK.sglyf.......K..T\..head..1....6...6..(.hhea..1@...#...$....hmtx..1d.......\|.x8.loca..4............Jmaxp..6.... ... ...Sname..6.........,eD.post..7.........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`a.a...........3.7.f.c.c0bta..f.8`g@..!n.....J.,R..1...3.+00L..1.0..R..,....x.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.:.@...;..,-$.$.....D$..HIh.C.H.P..b.^...y..]..z..{...z.>.=6.7..E_.f..\|....f`4........2.L..g...hC6.+9....<....N..._>...w.....[...._.../c$+7.!...}.........M..jy....2gg..+SJ0.vw.=^.kM.l..b..j..I.Kkve.%wvVR.#.ggIn....1l^x<..%...g^8.=...h.EC.......?......McsaK0v.d8.Sp.p.../'..!N..r......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\pxiByp8kv8JHgFVrLDz8Z1JlEw[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 14440, version 1.1
Category:	downloaded
Size (bytes):	14440
Entropy (8bit):	7.968332971671172
Encrypted:	false
SSDEEP:	384:Ktos1OzU8kqkI4UboopBbtuhLy4T8wwa1RYf3uWbnv:KtLsPgUblE9MwVRU
MD5:	F668FB7223974CDC9EF24DE8970CB20C
SHA1:	D3E93964F93296CC98E36EED4F7EED1590715A15
SHA-256:	4B9F70B6F8FD4743DFC4BEC7B33589D1A20B59CCCF128B8BC6787E14699951C7
SHA-512:	1C26136D05C55E36ABF2E22B94D36880B239C3D4DF1BE26C6A6B641DBCD32ECA284F3EA9CADC532228B5C4625C043C650D891573CF5060442CD27A83CE743384
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1JlEw.woff
Preview:	wOFF......8h......`.........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...N...`Y...cmap...........xK.sglyf......+P..L..<6.head.......6...6..$Yhhea...D... ...$....hmtx...d.......\|.$?.loca..1$........m\..maxp..3.... ... ...1name..3.........&e?bpost..4.........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`a.a.a`e``.b.```...q.F...@......H.3.......(..E.),.L.....ArLJL{.........m..x.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.Z.`.G....V8..Yf[.-.E...,i..A1.v.p..6L....i.?w.<.K.2.Q{.4..p..K....Z...Jf...x.7..J.....(..F..Q.)]..Gr..B.b.J......3..=u..>u..)\|i...W.q.#...34.?.../R.)).....H..H....TZod.....)+...ii.b......J..3......J..8M....?...R..S.....b..L......Z.K....lz.O..M.yS]v...;1..%Rr...Wt....q.V-.. ..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\pxiByp8kv8JHgFVrLFj_Z1JlEw[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 14444, version 1.1
Category:	downloaded
Size (bytes):	14444
Entropy (8bit):	7.96519573724188
Encrypted:	false
SSDEEP:	384:J/63+/+j3BcTZy2GaY3Kd/6lYMyBkOAg6efv:J/63o+jWTshlYPVUe3
MD5:	1EAE064C135FD266E6254464FBE0E9D6
SHA1:	40FA4DFD7324E7B5711BCCAB40DFF5CDD3BA70FC
SHA-256:	5362FCBC2755B7C70C950D461453CDC8361905EC01AEE509B67F9819F520DFDE
SHA-512:	91626E6046C50B0AE8DB04E9FDDEDA330A9601AB0B2BD947BD2089527ED9D3A2ED82ED51C761E4C3BBF3559B9FB75F7B20F1FBD6938BA4E7267881FAB2CE5839
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLFj_Z1JlEw.woff
Preview:	wOFF......8l......ah........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...N...`Yl..cmap...........xK.sglyf......+K..M..t..head.......6...6..$Rhhea...@... ...$....hmtx...`.......\|.Y@.loca..1 .........'..maxp..3.... ... ...4name..3.........(vC.post..4.........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`ava.f`e``.b.```...q.F...@......H.3.......(..E.),.L.....ArLrL{.......i.E..x.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.Y.@[I..3.B.m!.$U <x..y$.........P....m......u..u.............K.M.,0.y#....\|3C.S.B..')..@M.&QI.%QJ.H..q$.KUb.7~....9..Ch.....r.9...........>....\|..L.".8A,.E....&.,.5Y..4M..4,KM.3..+..?3.J....h.....L..o.....E..E..zZ....u..M=....u...Gy^Q.....o.L..{..+..s...H...O..x.....F6i.L.[\.Vgu

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\pxiDyp8kv8JHgFVrJJLmv1pVGdeI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 15736, version 1.1
Category:	downloaded
Size (bytes):	15736
Entropy (8bit):	7.970712909166149
Encrypted:	false
SSDEEP:	384:hFwLwQaSPocnsh0fyMRGSUvQtBvZmutuH993bxHj:h+L1ocndNcQYtF
MD5:	A3BA6088B9CDFE78B2F95800E4EC0C4C
SHA1:	CE667E8A3CF41CA65481EFF98CF609AA17151613
SHA-256:	6E83E18B2166F6B9105C6EBBD751F7F69627AC2D45811ED77F59B43D5F2AE319
SHA-512:	E4B1C6B142D99BE078B2F8BEF49C278E63A2E623A292E56A523ED045720715AA0D6B8E2A706EA0BFC1755DE9693EADABC525C39AE7930285A303EDE9727510D3
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLmv1pVGdeI.woff
Preview:	wOFF......=x......hp........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...P...`Ym..cmap...........xK.sglyf......02..S.D.G.head..2....6...6.V(.hhea..3(...#...$...\hmtx..3L.......\|.5.loca..6 .........}..maxp..8.... ... ...Rname..8........1.I.post..9.........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`ava.f`e``.b......D3.1.1.1.2..3...3 ...7..F..%Q.....RX....&.....)....T..6x.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.z.\.....3.X...56:..0.X....5Q#.ML.[....y.}...-.Mn.....~...o...{f@...^t.......y.9.b.^..1.$$D.Ad..\-W#..d.HN.F....@.sgO?..4......c.-.p..E,.a...@.:.O......'.@pN...H(ZK....T9.Z-....i.j$.$[.....J.D.1..$......r\.p:.{N6....em..`._..x.;t.....=$...X.2nK.H..\..t.R....q.9W........*#s..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\pxiGyp8kv8JHgFVrLPTufntG[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 13840, version 1.1
Category:	downloaded
Size (bytes):	13840
Entropy (8bit):	7.965204569910529
Encrypted:	false
SSDEEP:	384:/BkxTcfFBXAeli5aIQFMUIn5SnESQDSlpMuJv:/Bk+fFBXfi5XqfESTpj
MD5:	5C1586DAB4A2EDD6E0679239819EFF21
SHA1:	F541A8FFA837B2B9AABADC4DD677B150A3100963
SHA-256:	6C13952BC0420E8F57E37485ED385CD54C2C42351540AC0479FE63E9B81021A9
SHA-512:	485EF181EAE133915107390F65E04B29BAAD1F5843CBD9E59DC0FFBC978AF58F9F79EE17B6A46A76ACCD3C7269D8AE427D65924ABDC696A06C4D9B4C2659738E
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiGyp8kv8JHgFVrLPTufntG.woff
Preview:	wOFF......6.......a.........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...N...`YT..cmap...........xK.sglyf......)0..M.1.,.head..+....6...6.,$Lhhea..,$... ...$....hmtx..,D.......\|.QAsloca.............}.Lmaxp..1t... ... ...6name..1.........$f@.post..2t........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`a.f....................]..........g..?....%Q.....RX....&..d...).......!..x.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...*P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.Y.\|.G.7.-...H.8...-.bZK2. 3..3..4tM{Xfr..v.\....K....cJs.j...J.....O.V........A..~..~.)P..B.(.!.^...Na1.J.6(.....'V....+.....\%.&..}.[. J?..........4..!..T..^....._.0e..<.ju[........V+d...xC.6e.iG....o......?.....3.S...;.0\|.l5..(sL.......c.9.4.....D...[-,;..o. ~....z.iG..V..,\|sn.....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\vt[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	11758
Entropy (8bit):	7.908539247688649
Encrypted:	false
SSDEEP:	192:7QVuHXIWAMSk5Tw93fC4ECEG385UUrkzT6A9kX/WwIsBaYBZd2gavLQ4ZODdINcQ:Eu3iDk5Tw93aMEG381bA6X/WwgZOD15W
MD5:	8A4B2B6793E7071EC7EF5D5C9F6FA451
SHA1:	9E7ED580B1C2365D0D81A28328805FBE702741B0
SHA-256:	4F9A996899647290268019ABE1F38C217ADBCE9340449512DF39F6114ACC8DCA
SHA-512:	54A3FF519A18E2E4CE26044E09F1D8D220552A0F8F6FCB29E75012EF66C6BD0BF3DBA3B7A41C943A6F87B9008F6A6276408702A2A3026C16565B3966EA8027A6
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/maps/vt?pb=!1m5!1m4!1i15!2i6509!3i12513!4i256!2m3!1e0!2sm!3i546272096!2m37!1e2!2sspotlight!5i1!8m33!1m2!12m1!20e1!2m6!1s0x0%3A0x541ada6509ab0292!2sMesa+County+Health+Department!4m2!3d39.0786595!4d-108.5042582!5e0!11e11!13m14!2sa!14b1!18m7!5b0!6b0!9b1!12b1!16b0!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sUS!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=42664
Preview:	.PNG........IHDR.............k.XT....pHYs.................PLTE..................................................................................x..Q.i..8Tnzm.......'.E......_w....5.QC.]........i....{....kv{.s........T....l.C..t..r4.S..e.......i..,.IDATx.......-.Xd6.........K..d;1...s.W...t.Q..R.JV..W.7...)>g".9.K..........b^.4....Ow.Sw..@....u..y..i..s.u%!P..y...<...y..?..)....!....$..5.]k. ..J......s...V`....b...(\|)..[n.....8FO.....I7.,_.A.D.K..3..w.U...z.07.{g.\6.y...T...BH.W...>HA...L./...y...2...Az...U.....,.a...0j....M.'..vi.......C.+.....K.rm5.Gbb.....zl_.2..2Z.]..p....4Xz...S.F../..Dx#o.L....!...#.....0\..b.4.A.<...@..}.h.)...j.6.0.?....Z.<O2;....y".&...x..E8..`....\|.d5.'.$9<.6..4..N.@.N.'.......A.F.d......'.'..l..@'.lf..0.......,.......U~....hh.........i(Vb8c..c.t0.F.d<..'l.........jRO...I...Y...sJ...3<+>j...f..-...#.I(.....+...2."...,.(...z"..U./.F}e.M....0V.......`...H..U...FK.d\.7...?#...d..5...r'2...o..<:H. 7]...>.R...;mW..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\vt[2].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	9545
Entropy (8bit):	7.891438744963053
Encrypted:	false
SSDEEP:	192:qgv0GJx9fchIwFQtFBv6liZjSpYPuU3UJZVxmXIgZH7tANHZ+HNvXrbCJBOg/uMC:qq0GJ4IwCvFZ2ifuZTmXI2H7tySPHEBQ
MD5:	AF5260112E98C8C5F39EF741B494A0EB
SHA1:	41B18F83FFC2BB843CBC21E0C699EF7541147E92
SHA-256:	65A08655988FA1D49C6D5CAFBC32DFFC05348BB7932C8DB81E93FDD09B991785
SHA-512:	92FDAB07B0A472F0E791307BFD37917F650FBB600155DF10CE0BB62A9EBC4832C17A6ABA8BADA4DA693B89206DD4F4046281231039D54A807CF6ED1DF6B65BB0
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/maps/vt?pb=!1m5!1m4!1i15!2i6509!3i12515!4i256!2m3!1e0!2sm!3i546272096!2m37!1e2!2sspotlight!5i1!8m33!1m2!12m1!20e1!2m6!1s0x0%3A0x541ada6509ab0292!2sMesa+County+Health+Department!4m2!3d39.0786595!4d-108.5042582!5e0!11e11!13m14!2sa!14b1!18m7!5b0!6b0!9b1!12b1!16b0!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sUS!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=108356
Preview:	.PNG........IHDR.............k.XT....pHYs................WPLTE................................................._w....i..Tnz~..x..................o..$.IDATx......:...X..5mf.... .q..I..r.n2n.....(...c....0&...?....{R.t.._d.>..#.J.x...T..T..!....W..\..dp?}".D&.O..(.J...!...tR..2TF.....j<..S.".;...\|1...y....<.O6O.T..!O5._.6.ijqH.y.^..Q.3$.\..@..du...-s%d.....(...ot......!V...?.....9....)....hJ.?..&.?.C!.4y.........M.......&c.._&...=v..1.?...w...jc.lvx.@h.....1..x......eu...2:.<Zu.M...G...Fkc)...K.D..."......P...HFu]E....)#.X.j..u.D.......S."sdG..a...fS...1........Q(.A....<.O.&AO.Dt.t^D..Y.W..]...ZT..Y$2.&..\|...o.Z&G.4...d.$..C(..mj.b.U.P.m...FJ.&.{..F8...+:"..b.....x].... ....C.X.# @aB.qQ....O...+Qc.&J.^GI.w...B......!..1e.wh.2..HUf.t...^.E...R..Se.AC]B..>A......S..;.......nht.G....:..9..qWq.........eM.5....&..-...D}.&.q>C.sS.........-8...z..m.sK.D.;.....h..L.*L.2.....x:Vf...9\........CS......qMu....\......g.9...j.7..2>....\|....]I.}A...(..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\vt[3].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	11744
Entropy (8bit):	7.885846038583438
Encrypted:	false
SSDEEP:	192:bUticVCf7MdEucfC57Bk9wHmoGzuZv/Ecvyfr/vvg9S9XaGLFAVG7x3Hi:AwckzMdsCrk9wr0u5/ED//9xLFKG71C
MD5:	BE722DAE85AE921B7C0670175FCE02CE
SHA1:	17471D8D9167AF12E127BAB0868A01DE8C6BC824
SHA-256:	2AB872D88B0C4B3902AF7991A8997B4DDC8643B9C17DB73E9E0C44140F29CDE8
SHA-512:	981FA9104458A650B0BFDB3E2B52FEA2B0DD44335DE54769838A974678E010268D3D596543C6BD3317AABECE3027A20391924031B1A9D466EB0DE8CCB3667A46
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/maps/vt?pb=!1m5!1m4!1i15!2i6506!3i12512!4i256!2m3!1e0!2sm!3i546272000!2m37!1e2!2sspotlight!5i1!8m33!1m2!12m1!20e1!2m6!1s0x0%3A0x541ada6509ab0292!2sMesa+County+Health+Department!4m2!3d39.0786595!4d-108.5042582!5e0!11e11!13m14!2sa!14b1!18m7!5b0!6b0!9b1!12b1!16b0!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sUS!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=88965
Preview:	.PNG........IHDR.............k.XT....pHYs.................PLTE..................................................................................s.......\|......(\|.............a..q.....D..6..u...?.}...`..M..kv{R......m..w................8...N.f..G._T............w...3..,.IDATx....v.8.............:}fv....@J..%%.l...g.cK.#~"A..AI.lI...q...?...k.^ ..."y..N)..C.$...4............Z.(...C...z..ik7...}.k..U.2.....8.....&...)..o\|8L..2.H...:....?..l..xk..P..W.U......@. j.m...bh..i.E#-B..gK..w.@.4.'......J...W.`kk.}..N.H..<.V..@.............:...W%.2.4........W...0).._.@...v..m....E- !.nW^1p.!.o.............;n........`m$.m..9.vE5.....X..{.SB..\3.....,.,.-.4u.M..gQ.H..@..`kw>....[@.....k3.z.R. tA.c..<......;~..I....H.g....2.C=.eww:.........U;..F]....]Ui..].^.2b.mW./..v.i{....A...k...+..........`...X....\|:9?...K.#I.)..L...7.1..".f....K...zo....X..... ...Qa.{..................@L.eA..-...)t..8./.8Bl~.....0....7......9.4.t5...m.....n...i.o[.............=I..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\vt[4].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	10493
Entropy (8bit):	7.909422970435121
Encrypted:	false
SSDEEP:	192:2xPHIuw0r/JHlpaG+o2/uosJgukAdCU3rT41j8gtGnmdAW1/R7PFoyQlfL+rzCfb:CHIuRF+o2GhJxtd93rTKjBtGnOtP2y0j
MD5:	BAA56A2A6ACA6DC191B036D351338A2A
SHA1:	C25208171E3B2701AA971E601CC2A6311A7C2326
SHA-256:	309296ECBE24FD084E3BCAD752706A0D9CBB1A8BE415FE6D5069A5676BCF3CDB
SHA-512:	8AD2E455FB16A7865EE36FE345E73A1F9B65861D5501FB8555E1212E13278BA811750E1DF67A5C7EDED3013318C43B1D13E417E1C717B50889ABC510A0D453CF
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/maps/vt?pb=!1m5!1m4!1i15!2i6506!3i12513!4i256!2m3!1e0!2sm!3i546272120!2m37!1e2!2sspotlight!5i1!8m33!1m2!12m1!20e1!2m6!1s0x0%3A0x541ada6509ab0292!2sMesa+County+Health+Department!4m2!3d39.0786595!4d-108.5042582!5e0!11e11!13m14!2sa!14b1!18m7!5b0!6b0!9b1!12b1!16b0!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sUS!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e0&client=google-maps-embed&token=115977
Preview:	.PNG........IHDR.............k.XT....pHYs.................PLTE.................................................................................kv{x.....u.....v................S..Tnz7...s....M..).>...(.IDATx....b.....0.N........._..`..K.$.\...c<....F.(.OG.p....v.pf..^l...J.z.\.5.y{.n....vL.si.A.s.yR..J.W.....9w..g...4.. qy......H.c{.Q....]>..............-............%I.'..K+.d.RaY..B...o..#...F.~8.F0F....?..`vGxb.3;..OD.V...as.0........[$vP.(j.O......d&.4...H..r;.2.Va.......0u...<....R..~x....Jc.............c...L.8.iEe.(X..ga.:..Z..=...8...m.....#...7L....<.....B..<....g.....?..;..c..#w.u..-..#..p..w.T.....'D.PY.K@pgH...z...._..X<..Z..E.U.@@......>....Fn....c.q..4.X.....s.?uhnL.[H..Y.]n..A.....M...y'.C..[S.d...ol...eN..$..u.. ...$.O....o........._w.eg...6.H..:.@...@.g{:.......s...n..n...f....z..;/.G9.+.'.g..+...}{.w....Ju.=..k.W=6. .(.c......2P.yG...."....;..5...u..h8...9.G....h.....2..%..`.....Z...LW3..S......R....n...W........%...J...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\wp-embed.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	1426
Entropy (8bit):	5.158381671009404
Encrypted:	false
SSDEEP:	24:Q77OUdqIoZ2zsben5WlLysyIOKI1mQqRhoj3v2rFEgRuLUMB9/RUCXXmC3+:Q7SUyEsyKystOKumTsOrFEmu7Bl6CX2P
MD5:	905225D5711B559D3092387D5FFBEDBD
SHA1:	6F6C39075263BAFB9E8C10F1B34A1A0F7EE03C9D
SHA-256:	5BE614BCE53F767993A5F5F14A6BADD6AAE6BF3AF7CBDBF4D31520DE49E27991
SHA-512:	5AD34CF11ACF45AE256B2641496BE13939CD5E0212810C43AB20CADBB313A1D99CB3A451148E160D80F1F952A8514480C2953BC6CA0C4697A466A01E1C3D5F8D
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-includes/js/wp-embed.min.js?ver=5.6.1
Preview:	/! This file is auto-generated /.!function(c,d){"use strict";var e=!1,n=!1;if(d.querySelector)if(c.addEventListener)e=!0;if(c.wp=c.wp\|\|{},!c.wp.receiveEmbedMessage)if(c.wp.receiveEmbedMessage=function(e){var t=e.data;if(t)if(t.secret\|\|t.message\|\|t.value)if(!/[^a-zA-Z0-9]/.test(t.secret)){for(var r,a,i,s=d.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),n=d.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),o=0;o<n.length;o++)n[o].style.display="none";for(o=0;o<s.length;o++)if(r=s[o],e.source===r.contentWindow){if(r.removeAttribute("style"),"height"===t.message){if(1e3<(i=parseInt(t.value,10)))i=1e3;else if(~~i<200)i=200;r.height=i}if("link"===t.message)if(a=d.createElement("a"),i=d.createElement("a"),a.href=r.getAttribute("src"),i.href=t.value,i.host===a.host)if(d.activeElement===r)c.top.location.href=t.value}}},e)c.addEventListener("message",c.wp.receiveEmbedMessage,!1),d.addEventListener("DOMContentLoaded",t,!1),c.addEventListener("load",t,!1);function t(){if(!n){n=!

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\wp_footer[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	289
Entropy (8bit):	5.2099562663681676
Encrypted:	false
SSDEEP:	6:z572U/vEOx5TLyorRoM5kRUJHHFXL5ziLn9Dj:z57285x5HFJkRUJHHFbZiT9Dj
MD5:	0B1559233CB39BCA9F8C0BBA583E0A96
SHA1:	4F816C6BD474659899E8EE2B0BD4483E577B471E
SHA-256:	F0FF378AC83B4F6486AE16E8C8FB79DCF6EE57A5604983D76CB6D617D390D4BA
SHA-512:	6BBC7A1288F2B1740360E68EE26955D6C2063F4C85FA73F1BBFF67A9E23E157171DDDE369532D3429004FC7E598E150C6C62235D5B27304BB53AD6B8BE77BCE0
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/uploads/wtfdivi/wp_footer.js?ver=1607306625
Preview:	jQuery(function($){$('#footer-info').html("© <span class=\"divibooster_year\"><\/span><script>jQuery(function($){$(\".divibooster_year\").text(new Date().getFullYear());});<\/script> <a href=\"https:\/\/health.mesacounty.us\">Mesa County Public Health<\/a> \| All Rights Reserved");});

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Homepage-buttons-17[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4502
Entropy (8bit):	7.563138941544484
Encrypted:	false
SSDEEP:	96:i6z9kK51XhW2yBT/uImaGpSQObC1Ol8qi7aqxUhNAoLtOVwVI/C:i6KMxHyR/RGMQuC108H4AD4IK
MD5:	EA2A30793270E0298534365683182592
SHA1:	7B369E59D025BFE5531DED7F3FA178F1580A8EB1
SHA-256:	3CB290B60555AB17C9E72FE73B851F2E5AB3985976B2E91B2DA845FF88DC7719
SHA-512:	8C30ACC06D2EC04FDE484334F9F3F34FE61EE684F1C5454DD85F2598D8DC6CE7063A9D42BCB617151A5A058F022A5AB6848412849F80EEDB4EEAA412492C26D1
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/uploads/Homepage-buttons-17.png
Preview:	.PNG........IHDR...,...,.....y}.u....sRGB.........pHYs..........+......IDATx...A..F.....7P....3Z..57.....n`....u....7.9........`&.g2#2IF...`...2"......L............................`G".!"~..O..!"^.....c.{..h..UD.....S..."".RJ.RJ...V...yW.N..'.s..r9..%V@....X.].+..b.tA.......... V@....X.]......v.3V..........#.xU{..y......}x.6...K.!V.....3-.....u.2....aS2c.>"..e..n........V.WTX]i.F...he..S._.....X.~....+X......%V...b5z.]DK.`es.j.....X......7.-...-...8...X....h.MDK.`ek.j4n...+XY.X...2Zb.+....<...X..Z..h>]DK.`e..j4...%V..Vc5._...+XY....h.....X...-..........+XY.A...7...X...b%Z.'V...b%ZI.`uw.j..X...\|_.[....x...^.4....<.....u....n=#.-.E.A.....>Z..6E..D.Awv.U.8Z.....>..92...M...he.....r.G.`J.A...=..D.2.....#ZpN.AW.q....he...}V..#Z0.y........h.)4s}D.RZ...e.....=s}D.".+..,O].<(......d..h.o..y.....1.....u.g.3.G...>V.x.F.....K.j4.h.%..d.X....h.O].-.p<@..p..J(z.....)Z...U#V..E.Z.r.j.j4.......b5..hAKZ.VK...I..%-D..X..&Z...j9V.9....F.z..h...-Y3Z=..D..1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\KFOjCnqEu92Fr1Mu51TjASc0CsI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 31600, version 1.1
Category:	downloaded
Size (bytes):	31600
Entropy (8bit):	7.982610639766637
Encrypted:	false
SSDEEP:	768:NftFExhSa6ohwEwjFEgU6L11nCG7tb/ze8ovrUVelY:Ftgf6ohdwj46J1jNC8ovrielY
MD5:	93981F85CC62DB28474C71AAD0E397DB
SHA1:	5A904AB9A5A7EC80A4298798CC73E0944C704B2A
SHA-256:	FCAE1058A1C5A0ABBE9279BF5AC2FFAEA71BA4A15E3C10FE4B6A4E3AD9C396CC
SHA-512:	146780FD446B5C650966FB2286449D78EA8B13709D2AC6091DDA0DDEB2A9E9EE61E3D1A4558A4FC04B7DE69E6E5CF6609F339E8E574C81291F883E8634D64289
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOjCnqEu92Fr1Mu51TjASc0CsI.woff
Preview:	wOFF......{p.......t........................GDEF.......]...\|...~GPOS.......j..../..YGSUB...`...X...bk.eqOS/2.......M...`tN!<cmap...........hW.u.cvt .......X...X/...fpgm...0...4......".gasp...d............glyf...p..^.........hdmx..qP...........head..q....6...6...mhhea..r,...#...$.../hmtx..rP.........nFloca..v ...W...t...8maxp..yx... ... ....name..y...........>.post..zt....... .a.dprep..z........?.1 .x...........El.6...sC{.P.A...Lx.."...?....%.om#...Xq.8W\..7....~....I.y.S......V..8..I.&...x.l...\A.E....W.m.m.....e.4fm...FN....T.>.i.].=d....1y..r..4u<.q._. @c.M.OJ@A....."........ZFM...._....h..._..)^;\kK..Zu.n..fk..Y..`k. q..&..^.2..o-.....o../...y..xg...7..L...[.}.2.c..%F }....X.........5......4.%..(AIJQ..T..U.FujR.:.>.hEk..Nt....Io...lg.g8.y.p.{<...y.S.......y.[>.EH.d.L.,.\.<.\|."....*....j.....Z..:..zj.n.^.~.....a.....Q..1.........Z.....m.].}:..:..:..:.S:.3:.s:..+...cY..q..1..m........m.fcm...mw2Q..'......N.[..[..N....f.Iy....U.uW.W...p+.W

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\KFOmCnqEu92Fr1Mu7GxM[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 29040, version 1.1
Category:	downloaded
Size (bytes):	29040
Entropy (8bit):	7.983373184701347
Encrypted:	false
SSDEEP:	768:xftFQRg/cIaiVnGlGt8krQMGTdtKXC+Xh0PAc:Btx/cfiVGldnMGTdQXtk
MD5:	D679A90608A65CC9394F67448CA2094A
SHA1:	C574D647BBF9412B82B0CDCB0E702A3A93FFD022
SHA-256:	E70A908BB6CFBF27AABB21FB5CA2EA8C5A5AC7EE5ABA23A70FBEEFE379AE5ADA
SHA-512:	EB1CE179A605DFDFBF7A4D36960036DAF348658040E73570A5775ECDDC1328E79F947FB83F9346195DF408F68614A5B5E177AC4DF4BA7DCFB6F77AD9FC8D83BD
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu7GxM.woff
Preview:	wOFF......qp................................GDEF.......]...\|...~GPOS.......j..../..YGSUB...`...X...bk.eqOS/2.......N...`t.!.cmap...........hW.u.cvt .......T...T+...fpgm...,...5....w.`.gasp...d............glyf...p..T....l..QChdmx..gX............head..g....6...6.j.zhhea..h4... ...$...Yhmtx..hT........)..eloca..l....]...t]...maxp..ot... ... ....name..o........t.U9.post..pd....... .m.dprep..px.......I.f..x...........El.6...sC{.P.A...Lx.."...?....%.om#...Xq.8W\..7....~....I.y.S......V..8..I.&...x.l...\A.E....W.m.m.....e.4fm...FN....T.>.i.].=d....1y..r..4u<.q._. @c.M.OJ@A....."........ZFM...._....h..._..)^;\kK..Zu.n..fk..Y..`k. q..&..^.2..o-.....o../...y..xg...7..L...[.}.2.c..%F }....X.........5......4.%..(AIJQ..T..U.FujR.:.>.hEk..Nt....Io...lg.g8.y.p.{<...y.S.......y.[>.EH.d.L.,.\.<.\|."....*....j.....Z..:..zj.n.^.~.....a.....Q..1.........Z.....m.].}:..:..:..:.S:.3:.s:..+...cY..q..1..m........m.fcm...mw2Q..'......N.[..[..N....f.Iy....U.uW.W...p+.W

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\dashicons.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	59010
Entropy (8bit):	6.03688965162806
Encrypted:	false
SSDEEP:	768:oey/Z24B3P3aXOhUzSv16CAyLquqSfurIdUMbs73KO08QSJ2BQH02CRqxMWs5FJq:ox/ZvB/qPWMiquqioMUXQSJYIMW+FJq
MD5:	D5E6CE5103B482FE0A2D355D003E9FFD
SHA1:	504E8BE39E6CF2BA66BF8D80F2C6200E5FE7E6A4
SHA-256:	8273F0538929EDE9599E3CFEA8142A252A7D0CB6DBACB230BF188490DDE79D4B
SHA-512:	D198D458C7FAC95FB443FE4FD6199148BFB33B78184EFA4D8D998768F38C7C7BFC3EF6F992B2593F45A5FD232E9229692309C955DAE7A7E020200723F59432D3
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-includes/css/dashicons.min.css?ver=5.6.1
Preview:	/! This file is auto-generated /.@font-face{font-family:dashicons;src:url(../fonts/dashicons.eot?99ac726223c749443b642ce33df8b800);src:url(../fonts/dashicons.eot?99ac726223c749443b642ce33df8b800#iefix) format("embedded-opentype"),url("data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAHvwAAsAAAAA3EgAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAAQAAAAFZAuk8lY21hcAAAAXwAAAk/AAAU9l+BPsxnbHlmAAAKvAAAYwIAAKlAcWTMRWhlYWQAAG3AAAAALwAAADYXkmaRaGhlYQAAbfAAAAAfAAAAJAQ3A0hobXR4AABuEAAAACUAAAVQpgT/9mxvY2EAAG44AAACqgAAAqps5EEYbWF4cAAAcOQAAAAfAAAAIAJvAKBuYW1lAABxBAAAATAAAAIiwytf8nBvc3QAAHI0AAAJvAAAEhojMlz2eJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2Bk/Mc4gYGVgYOBhzGNgYHBHUp/ZZBkaGFgYGJgZWbACgLSXFMYHD4yfHVnAnH1mBgZGIE0CDMAAI/zCGl4nN3Y93/eVRnG8c/9JE2bstLdQIF0N8x0t8w0pSMt0BZKS5ml7F32lrL3hlKmCxEQtzjAhQMRRcEJijhQQWV4vgNBGV4nl3+B/mbTd8+reeVJvuc859znvgL0A5pkO2nW3xcJ8qee02ej7/NNDOz7fHPTw/r/LnTo60ale4ooWov2orOYXXQXPWVr2V52lrPL3qq3WlmtqlZXx

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\element_main[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	downloaded
Size (bytes):	256226
Entropy (8bit):	5.4774099335172455
Encrypted:	false
SSDEEP:	3072:0Pp0vOR/B/WRPMgDQ1H3mmrbZ0FGxW2EvM02ed+Do29vqnyP5:0PpuORp2MbZ0FGI2E8edsD9vqyB
MD5:	1BA8F1D626C12BAE2734585A8B495EC9
SHA1:	0DCC95B169A5887D2ED27AA1BBF3A411FB547B15
SHA-256:	CA537B74A51C73D56A401EA7D361AD32F692558AB321B86A8FB0979F2927712C
SHA-512:	940C8ED49753BFCC3CD95B961AFD5B985EE3977FC107FECEF83C402CEA3B02F37E299F0456EB4F65299EB4A62C6CA48279B494F7180C678BC450854269F33720
Malicious:	false
Reputation:	low
IE Cache URL:	https://translate.googleapis.com/element/TE_20210224_00/e/js/element/element_main.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var aa='" style="background-image:url(',ba="-disabled",ca="-document.getElementById('",da="/translate_a/t",ea="/translate_suggestion?client=",fa='</button></div></div></td></tr><tr id="',ha='</span></td><td class="goog-te-banner-margin"></td><td nowrap><div class="goog-te-button"><div><button id="',ia='<head><meta http-equiv="Content-Type" content="text/html; charset=UTF8"><link rel="stylesheet" type="text/css" href="',ja="Component already rendered",g="DIV",ka="Edge",la="Google Website Translator",.ma="IFRAME",na="INPUT",oa="INTERNAL_SERVER_ERROR",pa="Not available",qa="Opera",ra="POST",sa="SPAN",ta="Symbol.iterator",ua="TEXTAREA",va="Unable to set parent component",wa="[goog.net.IframeIo] Unable to send, already active.",xa="about:invalid#zClosurez",ya="about:invalid#zSoyz",za="absolute",Aa="action",Ba="activedescendant",Ca="activity-form-container",Da="alt-edited",Ea="array",Fa="auto",Ga=

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\et-core-unified-290-16160952701986.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.0904940033246735
Encrypted:	false
SSDEEP:	3:97BO/HC0AUJgY+:OLx+
MD5:	083CC859CAA0FB8B611E3BC682965587
SHA1:	C1D322D3C8F469A99E7F1B9104E26123DC63A1E2
SHA-256:	67BD5D50A704F5EEEDF952467B073BB4E8C2E63FAE6BB7BF2DD154898CFF05EA
SHA-512:	6804926B73C105F2CFDC4585920FBE8B225F0ED452C55E77CE041CB5838318F8D5D9D5A2681D9E67FB4A09FB5CBF88FB0070AA5F3FFE72FE893725955AAC53C7
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/et-cache/290/et-core-unified-290-16160952701986.min.css
Preview:	.bottom-nav{float:none!important;text-align:center!important}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\et-core-unified-tb-229597-290-16160952701986.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	46776
Entropy (8bit):	4.856992012717706
Encrypted:	false
SSDEEP:	192:26F5f6GDM56miw5a2AEovfLeC6eOybvIEK+HbXi6OlAcqcbczc6mfLeC6eOybvI8:YvVAcqcbczcXYa7SXuiAQbuz
MD5:	543EC5ED887A4F1F5FEC3285355EEC4B
SHA1:	D22EDCD53F96F494F870CBFA52041D1CACFB595F
SHA-256:	A61C8645479BEA6EF2523490CEFC1BAA65B97CA5D842EF66E764E3629895A155
SHA-512:	7BCADFC1F82EABBABE6FEA7DDA4CD2B837B544D3851EB3AF483F2CBA21ED0C9BE922F6EF9A520ECF85F154787FFCA791E2253DDCFB318599F3DE30AFF8ADFDA4
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/et-cache/290/et-core-unified-tb-229597-290-16160952701986.min.css
Preview:	body,.et_pb_column_1_2 .et_quote_content blockquote cite,.et_pb_column_1_2 .et_link_content a.et_link_main_url,.et_pb_column_1_3 .et_quote_content blockquote cite,.et_pb_column_3_8 .et_quote_content blockquote cite,.et_pb_column_1_4 .et_quote_content blockquote cite,.et_pb_blog_grid .et_quote_content blockquote cite,.et_pb_column_1_3 .et_link_content a.et_link_main_url,.et_pb_column_3_8 .et_link_content a.et_link_main_url,.et_pb_column_1_4 .et_link_content a.et_link_main_url,.et_pb_blog_grid .et_link_content a.et_link_main_url,body .et_pb_bg_layout_light .et_pb_post p,body .et_pb_bg_layout_dark .et_pb_post p{font-size:16px}.et_pb_slide_content,.et_pb_best_value{font-size:18px}body{color:#303030}h1,h2,h3,h4,h5,h6{color:#0a0a0a}.woocommerce #respond input#submit,.woocommerce-page #respond input#submit,.woocommerce #content input.button,.woocommerce-page #content input.button,.woocommerce-message,.woocommerce-error,.woocommerce-info{background:#ea0029!important}#et_search_icon:hover,.mobi

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\f[1].txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	11285
Entropy (8bit):	4.862127910742484
Encrypted:	false
SSDEEP:	192:Z7G1mvyVfHtETFmXgGLhqd9R/e9mXBGu5Hsgz3XnT/GjcGHw:GmcVEKgMqdu9KBp5HsirGoJ
MD5:	8D418473686160C7205D19272017CDC7
SHA1:	A5571E4065AA5A61371989CAF09BA741C63DAA2E
SHA-256:	C6AF755E19BD9B7CE00C45FEF97FEABDB77C38E15934D886462204DFD9B6554E
SHA-512:	CCA2B9F5F57B7A4274B1352639C3202BA41926929DA71F78C8127351E79A8A47FC87253B603F1DB19A91A2B1E5BD979CEFB82475D3F220A0DF5BAE0587200132
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/maps/vt?pb=!1m4!1m3!1i15!2i6506!3i12512!1m4!1m3!1i15!2i6506!3i12513!1m4!1m3!1i15!2i6507!3i12512!1m4!1m3!1i15!2i6507!3i12513!1m4!1m3!1i15!2i6506!3i12514!1m4!1m3!1i15!2i6506!3i12515!1m4!1m3!1i15!2i6507!3i12514!1m4!1m3!1i15!2i6507!3i12515!1m4!1m3!1i15!2i6508!3i12512!1m4!1m3!1i15!2i6508!3i12513!1m4!1m3!1i15!2i6509!3i12512!1m4!1m3!1i15!2i6509!3i12513!2m3!1e0!2sm!3i546272120!2m37!1e2!2sspotlight!5i1!8m33!1m2!12m1!20e1!2m6!1s0x0%3A0x541ada6509ab0292!2sMesa+County+Health+Department!4m2!3d39.0786595!4d-108.5042582!5e0!11e11!13m14!2sa!14b1!18m7!5b0!6b0!9b1!12b1!16b0!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sUS!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e3!12m1!5b1&client=google-maps-embed&token=77152
Preview:	[{"id":"tuwvttvuwwtvtvt","zrange":[15,15],"layer":"spotlight-no-personal"},{"id":"tuwvttvuwwtvtvt","base":[426432000,820026368],"zrange":[15,15],"layer":"m@546272120","features":[{"id":"4073688252058134285","a":[0,0,426432000,820026368,426432000,820026368,426432000,820026368],"bb":[-11,-32,11,-1,-11,-32,11,-1,-11,-32,11,-1,-11,-32,11,-1,-67,-25,-10,-7],"c":"{\"1\":{\"title\":\"Safeway\"}}","io":[0,-16]},{"id":"8387746033496074421","a":[-11776,17408,426420224,820043776,426420224,820043776,426420224,820043776],"bb":[-11,-32,11,-1,-11,-32,11,-1,-11,-32,11,-1,-11,-32,11,-1,10,-25,80,-7],"c":"{\"1\":{\"title\":\"Graff Dairy\"}}","io":[0,-16]},{"id":"11092899193215586049","a":[-5120,-11776,426426880,820014592,426426880,820014592,426426880,820014592],"bb":[-11,-32,11,-1,-11,-32,11,-1,-11,-32,11,-1,-11,-32,11,-1,-81,-32,-10,-14,-109,-18,-10,0],"c":"{\"1\":{\"title\":\"LUCKY ME CONVENIENCE\"}}","io":[0,-16]},{"id":"3978298644856252349","a":[-52224,-10752],"bb":[-45,-9,46,9],"c":"{\"1\":{\"title

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\f[2].txt Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	3856
Entropy (8bit):	4.8245860289289695
Encrypted:	false
SSDEEP:	48:KNw1kLESLc4++EmF/YFYseYZKKztWXzoy4jPq39YICR/md3qLswn7lHyMV9dl:LkL3TIJecKKztWXzo1UdHwnRHdl
MD5:	2A2DEBC1E2CC8FB6D49D4193DF653ED6
SHA1:	B6017B70AFB4FD929885D8D972EB82FFA07EC954
SHA-256:	E2CE263EE035186FB76AAE97138E193C95EE20C1F4BFF30BD8291B42C2959B55
SHA-512:	71BEFA3C6C6B6BC61033105744B16D48D8728BBCDB4E214F16B135DF2A06BE15A774FD2A229E4150C1F3045F95B180022E93406ED3550CEC9CAB18DC4DC31623
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/maps/vt?pb=!1m4!1m3!1i15!2i6508!3i12514!1m4!1m3!1i15!2i6508!3i12515!1m4!1m3!1i15!2i6509!3i12514!1m4!1m3!1i15!2i6509!3i12515!2m3!1e0!2sm!3i546272120!2m37!1e2!2sspotlight!5i1!8m33!1m2!12m1!20e1!2m6!1s0x0%3A0x541ada6509ab0292!2sMesa+County+Health+Department!4m2!3d39.0786595!4d-108.5042582!5e0!11e11!13m14!2sa!14b1!18m7!5b0!6b0!9b1!12b1!16b0!20b1!21b1!22m3!6e2!7e3!8e2!19u12!19u14!19u29!19u37!19u30!19u61!19u70!3m12!2sen!3sUS!5e289!12m4!1e68!2m2!1sset!2sRoadmap!12m3!1e37!2m1!1ssmartmaps!4e3!12m1!5b1&client=google-maps-embed&token=51335
Preview:	[{"id":"tuwvttvuwwtvvut","zrange":[15,15],"layer":"spotlight-no-personal"},{"id":"tuwvttvuwwtvvut","base":[426488576,820119296],"zrange":[15,15],"layer":"m@546272120","features":[{"id":"6060396376069178002","a":[0,0],"bb":[13,-22,134,-4],"c":"{\"1\":{\"title\":\"Mesa County Health Department\"}}"},{"id":"11965660540479403546","a":[42496,12544,426531072,820131840,426531072,820131840,426531072,820131840],"bb":[-11,-32,11,-1,-11,-32,11,-1,-11,-32,11,-1,-11,-32,11,-1,-118,-49,25,-31],"c":"{\"1\":{\"title\":\"Jerry's Outdoor Sports\"}}","io":[0,-16]},{"id":"7622263284059276717","a":[113152,61440],"bb":[-141,-32,-10,-14],"c":"{\"1\":{\"title\":\"Jamies Curdelicious Cheescakes\"}}"}]},{"id":"tuwvttvuwwtvvuu","zrange":[15,15],"layer":"spotlight-no-personal"},{"id":"tuwvttvuwwtvvuu","base":[426556416,820226816],"zrange":[15,15],"layer":"m@546272120","features":[{"id":"0x87471e76786b0e53:0xde231cde65279325","a":[0,0],"bb":[-57,-9,57,10],"c":"{\"1\":{\"title\":\"Pear Park\"}}"},{"id":"88347174007

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\favicon[1].ico Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	702
Entropy (8bit):	7.627728133277769
Encrypted:	false
SSDEEP:	12:6v/7i96A2TZ/qtK3qKtdd7yDSqeIZgNeWJrQkln4Pus8qYa3b+7pDo9dq5Vazx0f:WA2TJJa4ByZSf5Qe/s0aiDo9k4zx0wMJ
MD5:	C06CD8560ED66B10B2AAE0D64EA56109
SHA1:	87F1F68F04DF632E00A98674A2324496E5D72B02
SHA-256:	2701A33425FF762CCA32273D0A359C0B1486A16323E8225F584C99204557A60B
SHA-512:	25BCCD75C062F9E1BA5A55A66F6784848B1F61BBA2F9E1CBB25478A56584809211FCFC6A6BA3576CD88F69F48BC4CF4C887F1BBD6D4F860FF98431C0239C9E15
Malicious:	false
Reputation:	low
IE Cache URL:	https://scheduling.mesacountyhealth.com/favicon.ico
Preview:	.PNG........IHDR... ... .....szz.....IDATx...?h.P..q9J....d8...).%..9:..D.p."R.C.AJ)NRD..tp:Dn8.B..("E.Jq..d..p.q.).(.t(E....<.\.th...I.....^^.K..;l..F....?.fv9...5.eG3r.=p.....Lc.y[7U.....v.....2x..a...~..x.@V.Y...mTR.UQ..B..+..h...K@..p.O2x.....A...L...>a^(....<....~.?..X.[l.'!...G.n...}.h....Z.x.l.E...........e...Q..E.4m.E}..........`.5\I`....p...!.e..1.0.m.`..$F..e.-a"a...q. .1Yg..>..Ph3.t..4.E\|...~.y. .U.M!..a...&..1.>)...P.. ....u~....3._8..#...A.....l....&.4...u..=2.F0b....K........S....-.[..]L........_...bg..E(3.....a..c..t.......\...=.`R.....iq..=... .....U.;....P..m[.~.2...........&..........a.....U.(..j....${6TL.....d.{.u...8...#.{"E..k....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	89496
Entropy (8bit):	5.289738088208255
Encrypted:	false
SSDEEP:	1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakU:AYh8eip3huuf6IidlrvakdtQ47GKE
MD5:	B6F7093369A0E8B83703914CE731B13C
SHA1:	D1889F5C173C2A4B20288F1F84758599AFD346EF
SHA-256:	60240D5A27EDE94FD35FEA44BD110B88C7D8CFC08127F032D13B0C622B8BE827
SHA-512:	D6AA7835D7B256B94DDD2F9D8DB84484F0413EBC502762C1BA21CBA7A392C6F550DB2418CDC8BD6D1DA6ED2CEA55BF22473C778493D416B1A1C38E6FFDB8C79D
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-includes/js/jquery/jquery.min.js?ver=3.5.1
Preview:	/! jQuery v3.5.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"o

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\mem6YaGs126MiZpBA-UFUK0Xdcs[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 23440, version 1.1
Category:	downloaded
Size (bytes):	23440
Entropy (8bit):	7.974338558531806
Encrypted:	false
SSDEEP:	384:LQHZPVwBwyLDziNir0XNCqfeNpBE5ZhEJf/h1hGU+v2Hr1hvRBg5zQG20a61S:8wBfZ08qfkpa7qJ91hZBgy2zs
MD5:	04E02DF10A43F5F01291D08B997110DB
SHA1:	3D09DB793B2AA2613DC3C327F80E2BCAF697E805
SHA-256:	D9CB6D7A378582398161B5593D6E5A0E12093F1C996C68C596A3A37DDBE00D24
SHA-512:	619210474BD1E737A9E041BCAC89B3A85F54D930EFC8E9CCFAD883BE84D9AFB4F24733C8591172C8D24838B178C4095A58127C300FB43C818AE588D2E1A75973
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/mem6YaGs126MiZpBA-UFUK0Xdcs.woff
Preview:	wOFF......[.................................GDEF.......6...:.z..GPOS................GSUB............$5''OS/2...X...]...`~u.=cmap.......6........cvt .......W........fpgm...H........~a..gasp...............#glyf......E;..o.F.Z.head..N0...6...6..z.hhea..Nh...#...$. ..hmtx..N........`..mjloca..Q........2(p.7maxp..T.... ... .1..name..T.........%`@.post..U.........y. .prep..Z.........T...x.c`d``.a..&.v..F..FFWFW ....$=...d.c%..fl.......]r.2..................x.U....P.E.}.....5.\A.kX..k..\.....v.c.1.p...X8../....n.C...\.%...Z..u...\.p.}.1\....z.#.....)..KB8.~.9...]]...Rg.~.1xT.jH.....3........x.c`f.f......:....Q.B3_dHcb```.fccfeabbY.......b.. 0t.vf`dP...M...C.G/S....\|.....6 .....G..;...x....]Q...o..........6..qm...~.....g..3..s. J...4o...>(......\|.76g;N.Ln....uFQM=..<6o.O......m.M.#...T..bE..4...M..29-..r.j..5......a...3....s.ge..y-sH1......&.c.r.jR[....k.ps.Tx. .h@_.>...Z.==....n.^.....k.....`......^...us\/..us]]...rM]}/.{.=.......R..Q.(.7.%.....Bx..<.0.F8. .G..Y.u...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\memnYaGs126MiZpBA-UFUKW-U9hlIqU[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 23868, version 1.1
Category:	downloaded
Size (bytes):	23868
Entropy (8bit):	7.979638985615689
Encrypted:	false
SSDEEP:	384:a9YHfFZFePSGOLmI/WzYJb0u5XG2pyuLku5UtnK4yj1CPVkasY8C/EU0a6k:N/F2s7uY2q22pyptjVkasvCcjzk
MD5:	AEFF9F0AF1A6193B84B19ECA87EA4880
SHA1:	EF93A075CEFCF2A9ADB8C5F47F6E4073070B9210
SHA-256:	A97D00D68E7A6805D042116D737E92690809443E87F08085FCA52F78C6FABCCF
SHA-512:	D57FD22A73F5BDE931CEA3BFA8F2ED0D66B46EF108CDF8A800DF184505A53101E2CFFF8F221C6E78EDA813B04073675A5BF8946A71E68D2270DD329AB4BA2811
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKW-U9hlIqU.woff
Preview:	wOFF......]<................................GDEF.......6...:.z..GPOS................GSUB............$5''OS/2...X...]...`..!.cmap.......6........cvt .......o........fpgm...`........s.ugasp...............#glyf......Fp..pn....head..O....6...6....hhea..O....#...$....hmtx..O....4...`I.=`loca..S........2_\BFmaxp..V0... ... .]..name..VP.........8Gtpost..WL........y. .prep..\ .......@..R.x.c`d``.a..&.v..F..FFWFW ....$=...d.c%..fl.......]r.2..................x.U....P.E.}.....5.\A.kX..k..\.....v.c.1.p...X8../....n.C...\.%...Z..u...\.p.}.1\....z.#.....)..KB8.~.9...]]...Rg.~.1xT.jH.....3........x.%..@0...?.%.N.OJ.s&pJ...:[h-.a.{..(\|....nw-..7...).L...'...T.M7..bz..~.)b........\......x....]Q...o..........6..qm...~.....g..3..s. J...4o...>(......\|.76g;N.Ln....uFQM=..<6o.O......m.M.#...T..bE..4...M..29-..r.j..5......a...3....s.ge..y-sH1......&.c.r.jR[....k.ps.Tx. .h@_.>...Z.==....n.^.....k.....`......^...us\/..us]]...rM]}/.{.=.......R..Q.(.7.%.....Bx..<.0.F8. .G..Y.u...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\memnYaGs126MiZpBA-UFUKWiUNhlIqU[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 23408, version 1.1
Category:	downloaded
Size (bytes):	23408
Entropy (8bit):	7.978409043250865
Encrypted:	false
SSDEEP:	384:j08SX8c0+xc6rxYT9FQkeKX1QG2BP2KFlVuaMYtsKqe3a9MMzjF5aSP2ZW0a6HZ:8Xf0++OqTTQgSFBP/lV+YOKKjMzHZ
MD5:	D7E0C8F45B667E66E0FA94D77D6B2F11
SHA1:	4A5442D59539782926397E807BA97441C55D66D1
SHA-256:	F461846EBDE06B126199AB1B219003C99009D9A40CAFDC0D3ABF86565B62E3E8
SHA-512:	E38C6D197138F9868A6B52E9BF463A3CBEF615CEDEDD78DDA54F385FE437C626699FCD75F66009AA8D83CF3E124F1BB1940A1896DDA5CF14C3AA99AB98AAC182
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWiUNhlIqU.woff
Preview:	wOFF......[p.......T........................GDEF.......6...:.z..GPOS................GSUB............$5''OS/2...X...]...`....cmap.......6........cvt .......b.....g.ifpgm...T........s.ugasp................glyf......E...pBEN$Zhead..N....6...6..{.hhea..N<...#...$....hmtx..N`.......`..PSloca..Q........2Il,+maxp..T.... ... ...name..T.........)/C.post..U.........y. .prep..Z............x.c`d``.a..&.v..F..FFWFW ....$=...d.c%..fl.......]r.2..................x.U....P.E.}.....5.\A.kX..k..\.....v.c.1.p...X8../....n.C...\.%...Z..u...\.p.}.1\....z.#.....)..KB8.~.9...]]...Rg.~.1xT.jH.....3........x.c`f9......u..1...<.f..................A.(.....@`......./..?....^...... 9.8.m@J....}......x....]Q...o..........6..qm...~.....g..3..s. J...4o...>(......\|.76g;N.Ln....uFQM=..<6o.O......m.M.#...T..bE..4...M..29-..r.j..5......a...3....s.ge..y-sH1......&.c.r.jR[....k.p*s.Tx. .h@_.>...Z.==....n.^.....k.....`......^...us\/..us]]...rM]}/.{.=.......R..Q.(.7.%.....Bx..<.0.F8. .G..Y.u...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\memnYaGs126MiZpBA-UFUKWyV9hlIqU[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 23520, version 1.1
Category:	downloaded
Size (bytes):	23520
Entropy (8bit):	7.975386943527894
Encrypted:	false
SSDEEP:	384:ZbQHZqpWCN460nc8SfOQNQEE5qkiEruS3ksB4sgqVF6/DpJPykba77vKlN80a6u:ZbT47cbfOQNQEEtiErdDSsJVS7C7TYzu
MD5:	30D2A28FBFCC4726F2C2DB9AAC45C702
SHA1:	E83E79783D8803444A215F78FE603D2A2CDF8972
SHA-256:	C8E3A41B0708CB6DFAB03178BEDEDCF12EDA48B48A9CF8CE682D9E5E9091C905
SHA-512:	37039AEF085D1B8A92FDD9BB0B7BA41E01FE8232A9747A8011E701E243C79D3E830BDEFB0BB9A6AAD7249B0F25835235199B46DFE5A12FE7E54867E8EBC882FD
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/opensans/v18/memnYaGs126MiZpBA-UFUKWyV9hlIqU.woff
Preview:	wOFF......[.................................GDEF.......6...:.z..GPOS................GSUB............$5''OS/2...X...]...`~...cmap.......6........cvt .......^.....M..fpgm...P........~a..gasp...............#glyf......EJ..m....head..NH...6...6./{.hhea..N....#...$....hmtx..N....>...`P.}.loca..Q........2H.+umaxp..T.... ... .H..name..U..........D9post..V.........y. .prep..Z........$...Jx.c`d``.a..&.v..F..FFWFW ....$=...d.c%..fl.......]r.2..................x.U....P.E.}.....5.\A.kX..k..\.....v.c.1.p...X8../....n.C...\.%...Z..u...\.p.}.1\....z.#.....)..KB8.~.9...]]...Rg.~.1xT.jH.....3........x.%..@P.@....O$Z._$"...SjL`...4La..A.4...+0..jp.^.B,.h..E..%0.9@.....Q..,.S................x....]Q...o..........6..qm...~.....g..3..s. J...4o...>(......\|.76g;N.Ln....uFQM=..<6o.O......m.M.#...T..bE..4...M..29-..r.j..5......a...3....s.ge..y-sH1......&.c.r.jR[....k.p*s.Tx. .h@_.>...Z.==....n.^.....k.....`......^...us\/..us]]...rM]}/.{.=.......R..Q.(.7.%.....Bx..<.0.F8. .G..Y.u...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\onion[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	25070
Entropy (8bit):	5.502923215254311
Encrypted:	false
SSDEEP:	768:+JO3KVpmgk/yQrbNv5cMf6dkE1nKQxNQS5AXBin:lv5IkXg
MD5:	E371C169FD90E72A5D5B0B2C12333797
SHA1:	53D85100EC98A867F045EB4988C1A362A733E2D8
SHA-256:	8D12608F17ED33277D320407E011E5ED1DC682B3770BB625F56C3AC99D49A244
SHA-512:	EECBAE247CF209EB25BC97923AA856E117A39CE8AC6539417B175E288DBC8DC2B6EEFC54AA34CB4934EC7510BD1EA60F99000A9B6AA940C5422E239D9C84A514
Malicious:	false
Reputation:	low
IE Cache URL:	https://maps.googleapis.com/maps-api-v3/api/js/44/6/onion.js
Preview:	google.maps.__gjsload__('onion', function(_){var bV,cV,dV,eV,gV,hV,iV,Jda,uV,vV,wV,xV,yV,zV,AV,BV,Kda,Lda,Mda,Oda,DV,FV,HV,IV,KV,NV,JV,LV,Qda,MV,OV,PV,RV,SV,Sda,Rda,TV,VV,WV,UV,XV,Uda,YV,Vda,ZV,Wda,$V,aW,cW,bW,dW,eW,Xda,Yda,fW,$da,Zda,iW,kW,lW,mW,aea,nW,bea,eea,fea,gea,dea,oW,hea,pW,jea,rW,qW,iea,kea,sW,cea,tW;bV=function(a){_.D(this,a,3)};cV=function(a){_.D(this,a,4)};dV=function(a){_.D(this,a,6)};eV=function(a){_.D(this,a,1)};gV=function(){fV\|\|(fV={V:"m",$:["dd"]});return fV};hV=function(a){_.D(this,a,2)};iV=function(a){_.D(this,a,16)};.Jda=function(a){var b=new _.mt;if(!jV){var c=jV={V:"mmss6emssss13m15bb"};if(!kV){var d=kV={V:"m"};lV\|\|(lV={V:"ssmssm"},lV.$=["dd",_.Lr()]);d.$=[lV]}d=kV;if(!mV){var e=mV={V:"mimmbmmm"};nV\|\|(nV={V:"m",$:["ii"]});var f=nV;var g=gV(),h=gV();if(!oV){var k=oV={V:"ebbSbbSeEmmibmsmeb"};pV\|\|(pV={V:"bbM",$:["i"]});var l=pV;qV\|\|(qV={V:"Eim",$:["ii"]});k.$=[l,"ii4eEb",qV,"eieie"]}k=oV;rV\|\|(rV={V:"M",$:["ii"]});l=rV;sV\|\|(sV={V:"2bb5bbbMbbb",$:["e"]});e.$=[f,g,h,k

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\pxiDyp8kv8JHgFVrJJLm111VGdeI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 15608, version 1.1
Category:	downloaded
Size (bytes):	15608
Entropy (8bit):	7.9681826874510975
Encrypted:	false
SSDEEP:	384:INiwMisyLP4f4MJT7cBCis8oJ7zYiQpLLHE/4dqpi0lj:IdMZfginYiQBHsz
MD5:	93BCFC957EAE34CFCCF2CF28D50F0081
SHA1:	23D72B5C61BF6F0D1384D2A2FB2DF43E86357686
SHA-256:	F04B88BC7DCAA60A1C15397D08D21E9775EC19AA5552AC9FA134A2BEBACB02A2
SHA-512:	538219844D5F00322B36881805082F587789A2BBFF1443D50D42808FA537BC8072FF15B1A59509F43A4EB893E5C45A2BBE874EBEB22401BD72D5437AE289C808
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLm111VGdeI.woff
Preview:	wOFF......<.......f.........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...P...`[...cmap...........xK.sglyf....../...R..^.head..2`...6...6.G).hhea..2....#...$...,hmtx..2........\|F...loca..5.........p...maxp..8H... ... ...0name..8h......."0.H.post..9X........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`a.`V``e``.b......D3.1.1.1.0..'...3 ...7..F..%Q.....RX....&......)....o..x.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.Y.x.......d5..jK.\d.Z.4wlp..).tL1..L...z..B..p/.Jb..{....K.y..wf.2N...*.3....s.J......R4%.R(9.JQj..\... 5..0.;^.n.o>......=......./.b<F...($.~.\...F)U.....C...O.1z....S.=n?...#y,...a\............E.8. ....s{......................8..i:..tF.N....X....f.d......]......._.pw.I.J+

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\pxiDyp8kv8JHgFVrJJLm81xVGdeI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 15260, version 1.1
Category:	downloaded
Size (bytes):	15260
Entropy (8bit):	7.970888547409282
Encrypted:	false
SSDEEP:	384:RHwaxUZLnNy+0lEtMXArztr1V/UCwN+Hgwc4gYOj:RQaxKNTZM85r1mFgHgwC/
MD5:	39E17083F4DE208DCD0E86A4247C69EC
SHA1:	7F81FCC188DA5E70CC885ECA82337FFB37D9A557
SHA-256:	11C5B8B903C5A19AE312B42204EE25B9FB10F2434639805AD682A373C0F6B11A
SHA-512:	EC1FAE2451A430CEBD8E55C8DFE19B0EA131FCA71B3B622A0DB6ECDC61757642FCEE4E226CB06877001F7BDFD79193B57910631365D1B6411DE47D59823E3398
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLm81xVGdeI.woff
Preview:	wOFF......;.......f.........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...P...`[..%cmap...........xK.sglyf.......R..Q.G..^head..1....6...6..).hhea..1H...#...$.e..hmtx..1l.......\|U7..loca..4L........k..Fmaxp..6.... ... .../name..7.........-.ERpost..7.........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`a.cna`e``.b......D3.1.1.1.1......3 ...7..F..%Q.....RX....&..L.N.)........x.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...*P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.y.\|.G....Jk..Y.j.l.%K.`..l......v.M/..8...#.'........j...K..z).......J2N..}...;.~..f(../....ESRJF)(5Ei9-.83.. -....+A.n....nC..v.m..M/....c1.#A........x.RQ.T%...z>..z..d4.&...S.y.?...B..?.....r..7.y?..}..H4R...<.v...eM.....2Og..k.G.6-..^F.4.....7..)U..O../3.&....n..9...... ...V.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\pxiDyp8kv8JHgFVrJJLmg1hVGdeI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 15376, version 1.1
Category:	downloaded
Size (bytes):	15376
Entropy (8bit):	7.971426820358507
Encrypted:	false
SSDEEP:	384:zVNw+vQ2qEBmgIwNY9YmRbiAUWte1VCxj6aUCwOr2EH1D3nh5YRhj:zg+vQtgIwmyqi27TUCwOr2onhiRB
MD5:	5CAC81257370F833F73E626309686AE7
SHA1:	EA1AC00C31B0B73FCD7393673B8C876647D02B28
SHA-256:	65D4B1948EE769659643FB14702DEB0B1AA0B01F37B96472AEBEF30D81BA4A10
SHA-512:	B92D483739B371175F3DABFA21C6B5EC70785F57893D8E29E963C4EC099BC61476D6648534BEBD9439A81076CBC063BB568EDD7CFB3CDF7A75445018086EE69D
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLmg1hVGdeI.woff
Preview:	wOFF......<.......g.........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...P...`ZP..cmap...........xK.sglyf..........S....head..1....6...6..(.hhea..1....#...$.A..hmtx..1........\|..-.loca..4..........F.zmaxp..7d... ... ...Cname..7..........AFNpost..8p........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`a.a...........3.7.f.c.c0b.b..6.8`g@..!n.....J.,R..1...3.+00L..1.3..R..,....=x.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.Z.\#I..Nh.DI.C....K.4$..`.$....`...23.0n.;......\|+..ng..n.V.o...[.s.".FNB{W..{.^5......?@.T.%..(.E)t...ii.E.F.2.k!...y.3....~....V.....@@.H.^....w."\|..H..``.:...aT...T..R.g00....y.}...N.h314.b.>.R.sL..4.B[..[.V.L.A...f..\...._.\|...k.[..Ao.....1.Ve./.c.g...h...K.1.^m.-..zF1>.mOLm......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\pxiDyp8kv8JHgFVrJJLmr19VGdeI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 15736, version 1.1
Category:	downloaded
Size (bytes):	15736
Entropy (8bit):	7.970894264111103
Encrypted:	false
SSDEEP:	384:kCwYox8kuWWru1qDWA85BFYHWid/cI1OmAC9j3dRctmZsX91xOX0Sj:kXYoGu1qDWA8fFYHWiO8LvLHctmZsX9e
MD5:	85446C127041A5B6C1E92FD87FB0D98E
SHA1:	EB943F9A0704DC626D92D5EA9516E119D691243E
SHA-256:	6B9655A7E7DC5D427FFCE93501976EC459A246F13AB2D749572263953EA9C22E
SHA-512:	C43C90CDFE1845B61161953CB7639B944FEBA0227084CE7489D096FEFCA69D071D707B77128260639D64C252FF913C31E2493C52DC468348857E1B284E35C49B
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLmr19VGdeI.woff
Preview:	wOFF......=x......g.........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...P...`Z...cmap...........xK.sglyf......0&..Sr\|R..head..2....6...6..(.hhea..3....#...$....hmtx..3@.......\|&.(.loca..6..........e.maxp..8.... ... ...?name..8........./.G.post..9.........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`aNb.``e``.b......D3.1.1.1.0..;..@...........$.".o.C.K>S....d.....^ .....{...x.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.Z.\.Y..{'..,2.4.HB.$.dH..<..8..KwK)m)u.Y......].OW?w_w/.wo2)e..{.7>..9...@...._.S.I..1.OH.B...NM.f .h3........'^=q.\t.........qo.B..\..Q......%D#.. .".6...9TJ.er9M...8..m2.E.H.P.5P....z..eD...4.A...f.Ca.h..f\..N ..&/..g.........23B.....e[.......,..x.Y..d6.?.........>.K...B"2e..m.1....(59

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\pxiDyp8kv8JHgFVrJJLmy15VGdeI[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 15508, version 1.1
Category:	downloaded
Size (bytes):	15508
Entropy (8bit):	7.966695917958531
Encrypted:	false
SSDEEP:	384:cOwEuVgXj7wvISEJ+GtypyWRuYTrM2gQzN+ISkphC1j12j:c7EuuXfSEJ+GtYyWRuErl+qphCF1c
MD5:	CF0EF6EEC0EDB57C79BF3DFE6101419F
SHA1:	904ED18B1161254FAB8F0ED4F9EF2E02930AB1E4
SHA-256:	A104E067C1A37C843AAB9CD9E5C91ADF68587151B5903E87D13433C3CAD1B793
SHA-512:	37F385204915A0F4A969B00F7A6219F5FB1A9D10E999FF7F12E87B9C43EE16BEAB4B6D336E03703B36535B850181FD213389B48CBA9AB289CDC308EA9A9BE44C
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/poppins/v15/pxiDyp8kv8JHgFVrJJLmy15VGdeI.woff
Preview:	wOFF......<.......f.........................GPOS....... ... DvLuGSUB...<.......0.H'kOS/2...l...P...`[$.3cmap...........xK.sglyf....../C..RP..EVhead..2....6...6..(.hhea..28...$...$...^hmtx..2\.......\|8.!.loca..5D............maxp..7.... ... ...?name..8.........,DDypost..8.........r.8.............DFLT................x.c`d``.b.a.c`vq..a.II-3b.....r.,.@..?.....<....x.c`a.b...........3.7.f.c.c0b.c....8`g@..!n......DY..-bHa.gV``...c.c:....X..9.Ix.T.3X@Q....v....%..7f.i.[...5{....:....o...o.>."...D...:...P....'..P."..fh..n......;\|Oh....4Ds..QB;..@.....E.@.$}.../..@..p.w..H....37.C....{4@S...z}Qg.Q.n..i..h..h..i..h......B>.+.2.@.?Y9I<.=.8v=v9~..C.z.e...y...........{.....u.....1...`.x.9.@..s.$.zz.@2.A .dH&.`.!T)..R."K...p.........%....]_w}u...z.o..?3I....s'....s.9..b.>._.u.$$D".BH.BN.iDkI...N..q).4.....x.}.#O<.__..".;....'\|....E..y.QL....R.I.S...ZE.}6s.D..h..Z%...m,#.0....fwao...x4..~....a..]_....#.... ...))n...0.S...X.^.I..jw...h.;7g,k.f.:5.........-Z.X.1S.Q..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\search_impl[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	2419
Entropy (8bit):	5.333824032608288
Encrypted:	false
SSDEEP:	48:aviRnuBb7QNypFH+xcSqkY8DQq/h07oLH+2e98mYJyqFlxOTDteev:a1BfQXbp77/ZTLzmEyC/OTQw
MD5:	07C8138A1E2802635448AFC4350469FF
SHA1:	27BE237B70A927EF4E7836ACB203C369F371B0F4
SHA-256:	955EEE529BDAFA8E452FF00427BBDF7D5452DBE5139B248751ECCB83F62C9B60
SHA-512:	8B4D624291AAB1650CAA2C111CC27EA2AF900CD76288B3B38AF2EF74B8F767E377F57418D23D80856CF11ECE3E39035BEEC6908EF2552B1DCD7FF0869AC86D04
Malicious:	false
Reputation:	low
IE Cache URL:	https://maps.googleapis.com/maps-api-v3/api/js/44/6/search_impl.js
Preview:	google.maps.__gjsload__('search_impl', function(_){var H$=function(a){_.D(this,a,4)},$la=function(a){var b=_.Oh;I$\|\|(I$={V:"sssM",$:["ss"]});return b.g(a.N,I$)},ama=function(a,b){a.N[0]=b},bma=function(a,b){a.N[2]=b},J$=function(a){_.D(this,a,3)},K$=function(){var a=_.hk,b=_.Pi;this.i=_.H;this.g=_.tm(_.ju,a,_.fv+"/maps/api/js/LayersService.GetFeature",b)},ema=function(a,b,c){var d=_.MK(new K$);c.lj=(0,_.y)(d.load,d);c.clickable=0!=a.get("clickable");_.GV(c,_.gW(b));var e=[];e.push(_.K.addListener(c,"click",(0,_.y)(cma,null,a)));_.A(["mouseover","mouseout",."mousemove"],function(f){e.push(_.K.addListener(c,f,(0,_.y)(dma,null,a,f)))});e.push(_.K.addListener(a,"clickable_changed",function(){a.g.clickable=0!=a.get("clickable")}));a.i=e},cma=function(a,b,c,d,e){var f=null;if(e&&(f={status:e.getStatus()},0==e.getStatus())){f.location=_.Rm(e,1)?new _.I(_.wc(e.getLocation(),0),_.wc(e.getLocation(),1)):null;f.fields={};for(var g=0,h=_.Cc(e,2);g<h;++g){var k=new _.uW(_.Bc(e,2,g));f.fields[k.getK

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	15655
Entropy (8bit):	4.717933299348096
Encrypted:	false
SSDEEP:	192:n/gfzhYVcP/mYowrvpaCADbP5uIVduVFzBK5qtsTIhIoBOFWxYiVQsjrmk7IxCSY:Ifz11ZADMI5UbNsux5
MD5:	FB6C9C5F71F64B2BEEE8A64D6238D835
SHA1:	9FCE557D749985AF121AAF82B3DB89852E78BCE2
SHA-256:	0BCCF2F0EE0B5313D9A177E92E195EEADB6C234EA1C811635CB132071B94AC2D
SHA-512:	C9D9D0FC4DEF5B8B98B1EB2CBD8B5FCEEF21884035DDFF7059C5C404840458DBBC7CBFBAF3D5665AF42D336F1A809222F869F3CFA7502A1101A0BDC9D4AD04B4
Malicious:	false
Reputation:	low
IE Cache URL:	https://health.mesacounty.us/wp-content/plugins/divi-booster/core/icons/socicon/style.css?ver=3.3.9
Preview:	[class^="socicon-"], [class=" socicon-"] {.. / use !important to prevent issues with browser extensions that change fonts /.. font-family: 'Socicon' !important;.. speak: none;.. font-style: normal;.. font-weight: normal;.. font-variant: normal;.. text-transform: none;.. line-height: 1;.... / Better Font Rendering =========== */.. -webkit-font-smoothing: antialiased;.. -moz-osx-font-smoothing: grayscale;..}.....socicon-eitaa:before {.. content: "\e97c";..}...socicon-soroush:before {.. content: "\e97d";..}...socicon-bale:before {.. content: "\e97e";..}...socicon-zazzle:before {.. content: "\e97b";..}...socicon-society6:before {.. content: "\e97a";..}...socicon-redbubble:before {.. content: "\e979";..}...socicon-avvo:before {.. content: "\e978";..}...socicon-stitcher:before {.. content: "\e977";..}...socicon-googlehangouts:before {.. content: "\e974";..}...socicon-dlive:before {.. content: "\e975";..}...socicon-vsco:before {.. content: "\e976";..}...socicon-flipb

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\translate_24dp[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	825
Entropy (8bit):	7.704648162446466
Encrypted:	false
SSDEEP:	24:ssHKYGXsIPtbm+dBUWkhweNeFb6wfO2GNzj/4vs:ssq/rldTDNd6wfoJ/5
MD5:	55FF382A8B09329E3230A1797EB8F5FD
SHA1:	026AE089006A674DA7DCC9BF6B986C5D59E75478
SHA-256:	1BB2279AED6BC1438D2B17A5FFCBAC9D37864582AEDEEEC8D301EAB162B2C213
SHA-512:	E787C75CD8F6796DE116FDBE0D7B8A3707BB09E02FE3D9F3FA15E5D783931023DBD62344D5178F547E401DBA160F0382A1204DB09EFB322273C7525E592EDD79
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.gstatic.com/images/branding/product/1x/translate_24dp.png
Preview:	.PNG........IHDR..............w=.....IDATx.....cY.Fk.c..a.m.\|e.m..c.6.3......k.b...9IU..!...7....GOF.Nc.........>..[.H.9.W.:..t{........c..../.=......o.._...s9Qs......?.P(.`0(...D.~?....Y.h.(..@....<......8.....\|..@.x..,...b.$....YQNt....U.t:3.._. .wQ..T..d...g..h...1.P..E..pA&..l.......G.L...t....CZ.x.D.....a#..F$.H...9...;od.L&E........P..0............C...2..o.a....S..Kq9:2z...!s..[..#......cV4`......8.P....i,?..!...}....A.ql..............K7H..\|......$.......59.g..`A.v..~.3....N...N..J..U...W..#......p...E.......%9Q.C..(F/l......1X.V1.p8.H..HK..r...a.-<}....,r...).6.G.7..m..V.1....5z,n..w..n......>.....^....i....fM....(.Z..&...1U..2..w?.<..z....9...%..d2.b..o..3\|..O...XQw.r6....&.<........;............1......y.ZQs.... .).Vk..j...E......r.i...8...[..~[.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\translate_24dp[2].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	1847
Entropy (8bit):	7.840750948954508
Encrypted:	false
SSDEEP:	48:0BUfsw9mAtN6tl4XZACwezLhPa0V7dHy+1pqWv33z:0iT8+6QJcmLddquz
MD5:	BFA09D19AEA98592C45CE0A814F0EB2C
SHA1:	5DB965A451D9B6B3A5156836182ABE8240D4A0DE
SHA-256:	5FE03BFD95A2D4E640ED7D04DCB08EF991C327A5AB6F6FDB9EB06E1EFC76AF30
SHA-512:	65FCB486B6E1120FE47897BCFE75E310AC72D23213A72754729EFE89E019A431E700202A879A94407F46277ADFAF3B03B5248775645555EB5F8698AA0FE4913B
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.gstatic.com/images/branding/product/2x/translate_24dp.png
Preview:	.PNG........IHDR...0...0.....W.......IDATx...s#I..{....Yf.C.L..h.0.;...f....0$..s^.I.V.JVT\....5./..'h.......G....5F'..z.%?.8...o4..zC.....v..#...5w.).Y...$.'..&x.b....m.....K...........M.#.......?..J......\Ha.\|...W.x...#...].......F.B%._.k.....P...3.g....\"0...H/...w..A.....{100..)LMMazz.W...I........M...&..F.$0$.B...w_. G........Ocff.!$. V.z{..,0.!.jq.y..K...D{..}..B............1......4...1x.".s7...........6.w.....;.v/F.&(..@.A...O.T.~......a%.w.(;. E..:..QW..^o@ty\;.b..b..%UH..I....Nw.X.C.F.(.'..B..F.m.8]^..!.,L..F.<+.p6f.=.u.c.]?.v._..5.....A.Dzy.....':Oy...zh......y.....`0..\|i..2.eUp`)?<.a8}yIr.....B!...1Dv.P..6.p..M.O7..Q.<.......-^.`0^...j..5h.G. ....R<S...h....y.Y.@`.@Aq.OB!.O....+4"+.T..31....f.xG,m.....~Q..o..}..~ .D......x..Q\.(o...R.6....@.<........./.^^1... ..!^L........e..a.'R^;._..o...U..Jd.V...L..F.R^r....]...>.F..Mj...3Q..W.)N4.(vx.q..Y.h.goEq.;.....y.....P3...hi............$..I.!...W..J.CL.OB.mq..gbR:.<..;..v;r...]..jd

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\u-440qyriQwlOrhSvowK_l5-ciZK[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 35696, version 1.1
Category:	downloaded
Size (bytes):	35696
Entropy (8bit):	7.986011105874064
Encrypted:	false
SSDEEP:	768:2WjhRIJYG9geaIgC8Ur9qS24F3f9NhwRZ6PoxET1PqfEYZ4Zn+u/0:2yeJ33vgoDF3frh+k0EYZ4Znv0
MD5:	757EFB349637CD90764BE5A359ACFB05
SHA1:	704672DBC2EF0040E47402312F88D4022B965A2C
SHA-256:	29787613DF0C91A5319324070310E4376B956CEB10EACCA23694EAE398902325
SHA-512:	808A171CD37B35FDD2F53FAC7DDDE3C8C9B7C9DC51E9C17529A34C5D67D73DAC42A4EBE32E3C00CEB430C28AAB1813221E7412AEBF83589CE7F34076056DC04B
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/merriweather/v22/u-440qyriQwlOrhSvowK_l5-ciZK.woff
Preview:	wOFF.......p.......d........................GDEF................GPOS....... ... DvLuGSUB...4.......dW.O.OS/2... ...Q...`U..Kcmap...t.......\|"$.$cvt ...L...8.....~.lfpgm.......F...mA..\|gasp................glyf......lt...t.ZT.head..{H...6...6.).7hhea..{.... ...$...}hmtx..{....G......?2loca..~............maxp....... ... .c.pname...........r:.Q.post..............Xprep............Z.,.x...CV...E..3..v.l..0l 7...^L\F.e....\.D...d.D$".$.b".b_J...........A..(c~.i?gb.%.._g....M.s...W..;.........~.P..P..W.OV..S./P./R..U.oV'..................DFLT................x.....a.D..m.6..m..X.Y.nl..b....>..].....$.sn.N.9.9.....O..-..2.....i..4.+....L/.S..d.).+Y:mi.....E.+..t.J..._.j..y...FpH...K>...QEk.=2(...(.dRB..Q...Z:..@6e....Dr(...('.K..tG9.<i........p<.yt.6M.......q....o\j\m.h.n.k<l<y...:....dL6.......kt.2zF.H..l....K..Q...FpH...\..(..T.......B..../D.<..x\.....-.}...H@./.ze.h..j.....0...m.&m...k.vj.v#...6.....03Y.n<...j.......:e.IgL..h'.:...u:jqv\.s...Q.G...:n%..>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\u-4n0qyriQwlOrhSvowK_l52_wFZVsf8[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 35124, version 1.1
Category:	downloaded
Size (bytes):	35124
Entropy (8bit):	7.984646212230088
Encrypted:	false
SSDEEP:	768:i+jhR+Gkf4sNyu12UC9gJSQMhzJ4QAKZLZY:iqTm4aC9C2hzeZKZ1Y
MD5:	8FBE046812578AFC217D615052CC8CF9
SHA1:	21378199CB13FDB8937228F8775F5355676B506E
SHA-256:	1D3236F871DF7555ECE8E87DB461FDEAF9BABD90B9248E81263FAAD532697008
SHA-512:	540B6D6333FE1055A18B34F980E6DA7D748C6EC7620215DFE92B6C428D81EFC59F88180E1A1FC953422796C528BC01546D0A70EF7B326F8F1CC999A5500AAC19
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l52_wFZVsf8.woff
Preview:	wOFF.......4................................GDEF................GPOS....... ... DvLuGSUB...4.......dW.O.OS/2... ...R...`W..`cmap...t.......\|"$.$cvt ...L...<.....a..fpgm.......F...mA..\|gasp................glyf......j...0..\Vhead..y....6...6.b.<hhea..y<... ...$....hmtx..y\...Q.....,hloca..\|............lmaxp....... ... .c.mname...........N5.M.post..............Xprep............Z.,.x...CV...E..3..v.l..0l 7...^L\F.e....\.D...d.D$".$.b".b_J...........A..(c~.i?gb.%.._g....M.s...W..;.........~.P..P..W.OV..S./P./R..U.oV'..................DFLT................x.....a.D..m.6..m..X.Y.nl..b....>..].....$.sn.N.9.9.....O..-..2.....i..4.+....L/.S..d.).+Y:mi.....E.+..t.J..._.j..y...FpH...K>...QEk.=2(...(.dRB..Q...Z:..@6e....Dr(...('.K..tG9.<i........p<.yt.6M.......q....o\j\m.h.n.k<l<y...:....dL6.......kt.2zF.H..l....K..Q...FpH...\..(..T.......B..../D.<..x\.....-.}...H@./.ze.h..j.....0...m.&m...k.vj.v#...6.....03Y.n<...j.......:e.IgL..h'.:...u:jqv\.s...Q.G...:n%..>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\u-4n0qyriQwlOrhSvowK_l52xwNZVsf8[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 35060, version 1.1
Category:	downloaded
Size (bytes):	35060
Entropy (8bit):	7.983867784944304
Encrypted:	false
SSDEEP:	768:YZjhRR3OLW7libZsOai+eTJl9Y0mLOiY1dowp+tBuUUzWmoqHQFym:YffOLWAbZr7+e1HY1LBYDoO+ju/Lo4Xm
MD5:	0F38CA9694AD5FD3D7D667037F32E203
SHA1:	3BA9464D3A4922B4B299F0BD08CF9F2F9DA92192
SHA-256:	7A1459FCC0C09F4C0B39322B77EDB17D9384C6F3AC4CC6FCB7E0A37968BB9416
SHA-512:	855F04B1E85F43600A731C358CC2F2900CA2E4FD3CB135C7D9A009AA17EF2D82927B96D0B2AFD7005EED16ABBB4BDAE9DA8E2815F6539782DCF2DD1AD18473FF
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/merriweather/v22/u-4n0qyriQwlOrhSvowK_l52xwNZVsf8.woff
Preview:	wOFF...............(........................GDEF................GPOS....... ... DvLuGSUB...4.......dW.O.OS/2... ...R...`W..8cmap...t.......\|"$.$cvt ...L...<........fpgm.......F...mA..\|gasp................glyf......i....N..Q.head..x....6...6.M.7hhea..y.... ...$....hmtx..y(...G......3.loca..\|p........z.J.maxp...d... ... .c.oname...........Z7.O.post..............Xprep...T........Z.,.x...CV...E..3..v.l..0l 7...^L\F.e....\.D...d.D$".$.b".b_J...........A..(c~.i?gb.%.._g....M.s...W..;.........~.P..P..W.OV..S./P./R..U.oV'..................DFLT................x.....a.D..m.6..m..X.Y.nl..b....>..].....$.sn.N.9.9.....O..-..2.....i..4.+....L/.S..d.).+Y:mi.....E.+..t.J..._.j..y...FpH...K>...QEk.=2(...(.dRB..Q...Z:..@6e....Dr(...('.K..tG9.<*i........p<.yt.6M.......q....o\j\m.h.n.k<l<y...:....dL6.......kt.2zF.H..l....K..Q...FpH...\..(..T.......B..../D.<..x\.....-.}...H@./.ze.h..j.....0...m.&m...k.vj.v#...6.....03Y.n<...j.......:e.IgL..h'.:...u:jqv\.s...Q.G...:n%..>

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 18, 2021 20:22:46.957295895 CET	49720	80	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:46.957957983 CET	49721	80	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:47.094749928 CET	80	49720	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:47.094772100 CET	80	49721	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:47.094866991 CET	49720	80	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:47.094904900 CET	49721	80	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:47.095480919 CET	49720	80	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:47.232086897 CET	80	49720	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:47.232434988 CET	80	49720	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:47.232544899 CET	49720	80	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:47.239443064 CET	49722	443	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:47.376127958 CET	443	49722	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:47.376274109 CET	49722	443	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:47.382685900 CET	49722	443	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:47.519318104 CET	443	49722	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:47.520662069 CET	443	49722	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:47.520693064 CET	443	49722	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:47.520708084 CET	443	49722	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:47.520735979 CET	49722	443	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:47.520767927 CET	49722	443	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:47.564332962 CET	49722	443	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:47.571966887 CET	49722	443	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:47.702944040 CET	443	49722	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:47.703027010 CET	49722	443	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:47.710752964 CET	443	49722	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:47.710772038 CET	443	49722	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:47.710891008 CET	49722	443	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:48.069463015 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.070468903 CET	49724	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.238164902 CET	443	49724	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.238504887 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.238527060 CET	49724	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.238569975 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.239068985 CET	49724	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.239658117 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.413149118 CET	443	49724	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.413186073 CET	443	49724	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.413311005 CET	49724	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.413736105 CET	443	49724	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.414134979 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.414207935 CET	49724	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.414349079 CET	443	49724	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.414977074 CET	443	49724	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.415021896 CET	443	49724	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.415045977 CET	49724	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.415853024 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.415879965 CET	49724	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.416444063 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.416524887 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.416681051 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.416980028 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.417002916 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.417037964 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.417057991 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.511746883 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.511835098 CET	49724	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.512514114 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.689860106 CET	443	49724	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.690116882 CET	49724	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.690176010 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.690294027 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.693957090 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.694103956 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.694458008 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.695045948 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.695132017 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.695632935 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.696204901 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.696295023 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.696762085 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.697242022 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.697324991 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.697933912 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.698033094 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.698451042 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.698530912 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.870793104 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.870934963 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.871023893 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.875873089 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.875958920 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.876416922 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.876533985 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.878269911 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.878689051 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.878818989 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.878886938 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.881517887 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.881555080 CET	443	49723	108.167.186.86	192.168.2.3
Mar 18, 2021 20:22:48.881635904 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:48.881671906 CET	49723	443	192.168.2.3	108.167.186.86
Mar 18, 2021 20:22:49.262707949 CET	49722	443	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:49.399944067 CET	443	49722	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:49.400082111 CET	49722	443	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:51.235713005 CET	80	49720	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:51.235794067 CET	49720	80	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:53.404109955 CET	443	49722	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:53.404140949 CET	443	49722	64.111.99.224	192.168.2.3
Mar 18, 2021 20:22:53.404278994 CET	49722	443	192.168.2.3	64.111.99.224
Mar 18, 2021 20:22:53.404333115 CET	49722	443	192.168.2.3	64.111.99.224

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 18, 2021 20:22:37.770288944 CET	64938	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:37.822432995 CET	53	64938	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:38.409625053 CET	60152	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:38.471889019 CET	53	60152	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:38.722981930 CET	57544	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:38.776076078 CET	53	57544	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:40.002974987 CET	55984	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:40.052203894 CET	53	55984	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:40.863559961 CET	64185	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:40.912940025 CET	53	64185	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:42.583549976 CET	65110	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:42.633219004 CET	53	65110	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:43.439527035 CET	58361	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:43.491728067 CET	53	58361	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:44.451632023 CET	63492	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:44.502521038 CET	53	63492	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:45.471338987 CET	60831	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:45.529335022 CET	53	60831	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:45.680727959 CET	60100	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:45.740000963 CET	53	60100	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:46.884418964 CET	53195	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:46.886660099 CET	50141	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:46.938841105 CET	53	50141	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:46.945736885 CET	53	53195	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:47.801317930 CET	53023	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:48.045627117 CET	53	53023	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:48.563149929 CET	49563	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:48.612548113 CET	53	49563	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:51.025506020 CET	51352	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:51.077790976 CET	53	51352	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:52.743165016 CET	59349	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:52.797247887 CET	53	59349	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:53.668116093 CET	57084	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:53.727747917 CET	53	57084	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:54.627840996 CET	58823	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:54.677192926 CET	53	58823	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:55.981312990 CET	57568	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:56.033683062 CET	53	57568	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:58.726986885 CET	50540	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:58.777782917 CET	53	50540	8.8.8.8	192.168.2.3
Mar 18, 2021 20:22:59.569299936 CET	54366	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:22:59.621764898 CET	53	54366	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:04.234491110 CET	53034	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:04.294491053 CET	53	53034	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:07.362411976 CET	57762	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:07.371957064 CET	55435	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:07.420213938 CET	53	57762	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:07.421422958 CET	53	55435	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:07.684566975 CET	50713	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:07.733901024 CET	53	50713	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:09.632404089 CET	56132	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:09.695617914 CET	53	56132	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:09.924798965 CET	58987	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:09.976856947 CET	53	58987	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:10.031030893 CET	56579	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:10.107115030 CET	53	56579	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:11.936743975 CET	60633	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:12.006088018 CET	53	60633	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:13.556842089 CET	61292	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:13.566988945 CET	63619	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:13.625061035 CET	53	61292	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:13.636032104 CET	53	63619	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:13.790357113 CET	64938	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:13.858911037 CET	53	64938	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:14.004786968 CET	61946	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:14.073443890 CET	53	61946	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:14.738576889 CET	64910	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:14.807777882 CET	53	64910	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:15.668536901 CET	52123	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:15.674179077 CET	56130	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:15.737122059 CET	53	56130	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:15.744743109 CET	53	52123	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:16.750924110 CET	56130	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:16.759788036 CET	56338	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:16.810816050 CET	53	56130	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:16.812139034 CET	53	56338	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:17.762300968 CET	56338	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:17.765710115 CET	56130	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:17.817964077 CET	53	56130	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:17.823112965 CET	53	56338	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:18.776757956 CET	56338	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:18.840260983 CET	53	56338	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:19.776726961 CET	56130	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:19.837157011 CET	53	56130	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:20.791949987 CET	56338	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:20.852497101 CET	53	56338	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:23.791788101 CET	56130	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:23.849698067 CET	53	56130	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:23.974972963 CET	59420	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:24.042917967 CET	53	59420	8.8.8.8	192.168.2.3
Mar 18, 2021 20:23:24.806643009 CET	56338	53	192.168.2.3	8.8.8.8
Mar 18, 2021 20:23:24.866899014 CET	53	56338	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Mar 18, 2021 20:22:46.884418964 CET	192.168.2.3	8.8.8.8	0xee6c	Standard query (0)	scheduling.mesacountyhealth.com	A (IP address)	IN (0x0001)
Mar 18, 2021 20:22:47.801317930 CET	192.168.2.3	8.8.8.8	0xaa1b	Standard query (0)	health.mesacounty.us	A (IP address)	IN (0x0001)
Mar 18, 2021 20:23:04.234491110 CET	192.168.2.3	8.8.8.8	0x82e0	Standard query (0)	scheduling.mesacountyhealth.com	A (IP address)	IN (0x0001)
Mar 18, 2021 20:23:13.566988945 CET	192.168.2.3	8.8.8.8	0xbfa4	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Mar 18, 2021 20:22:46.945736885 CET	8.8.8.8	192.168.2.3	0xee6c	No error (0)	scheduling.mesacountyhealth.com		64.111.99.224	A (IP address)	IN (0x0001)
Mar 18, 2021 20:22:48.045627117 CET	8.8.8.8	192.168.2.3	0xaa1b	No error (0)	health.mesacounty.us		108.167.186.86	A (IP address)	IN (0x0001)
Mar 18, 2021 20:23:04.294491053 CET	8.8.8.8	192.168.2.3	0x82e0	No error (0)	scheduling.mesacountyhealth.com		64.111.99.224	A (IP address)	IN (0x0001)
Mar 18, 2021 20:23:13.636032104 CET	8.8.8.8	192.168.2.3	0xbfa4	No error (0)	stats.g.doubleclick.net	stats.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Mar 18, 2021 20:23:13.636032104 CET	8.8.8.8	192.168.2.3	0xbfa4	No error (0)	stats.l.doubleclick.net		64.233.167.156	A (IP address)	IN (0x0001)
Mar 18, 2021 20:23:13.636032104 CET	8.8.8.8	192.168.2.3	0xbfa4	No error (0)	stats.l.doubleclick.net		64.233.167.157	A (IP address)	IN (0x0001)
Mar 18, 2021 20:23:13.636032104 CET	8.8.8.8	192.168.2.3	0xbfa4	No error (0)	stats.l.doubleclick.net		64.233.167.155	A (IP address)	IN (0x0001)
Mar 18, 2021 20:23:13.636032104 CET	8.8.8.8	192.168.2.3	0xbfa4	No error (0)	stats.l.doubleclick.net		64.233.167.154	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

scheduling.mesacountyhealth.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49720	64.111.99.224	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Mar 18, 2021 20:22:47.095480919 CET	1126	OUT	GET /public/covidInitialDose/instructions/en.html HTTP/1.1 Accept: text/html, application/xhtml+xml, image/jxr, / Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate Host: scheduling.mesacountyhealth.com Connection: Keep-Alive
Mar 18, 2021 20:22:47.232434988 CET	1127	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 18 Mar 2021 19:22:47 GMT Server: Apache/2.4.29 (Ubuntu) Location: https://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.html Content-Length: 292 Keep-Alive: timeout=4, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 64 75 6c 69 6e 67 2e 6d 65 73 61 63 6f 75 6e 74 79 68 65 61 6c 74 68 2e 63 6f 6d 2f 70 75 62 6c 69 63 2f 63 6f 76 69 64 49 6e 69 74 69 61 6c 44 6f 73 65 2f 69 6e 73 74 72 75 63 74 69 6f 6e 73 2f 65 6e 2e 68 74 6d 6c 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.html">here</a>.</p></body></html>

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Mar 18, 2021 20:22:47.520693064 CET	64.111.99.224	443	192.168.2.3	49722	CN=scheduling.mesacountyhealth.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sat Jan 23 11:16:46 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Fri Apr 23 12:16:46 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Mar 18, 2021 20:22:47.520693064 CET	64.111.99.224	443	192.168.2.3	49722	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		9e10692f1b7f78228b2d4e424db3a98c
Mar 18, 2021 20:22:48.415021896 CET	108.167.186.86	443	192.168.2.3	49724	CN=health.mesacounty.us CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Feb 04 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Thu May 06 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Mar 18, 2021 20:22:48.417002916 CET	108.167.186.86	443	192.168.2.3	49723	CN=health.mesacounty.us CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Feb 04 01:00:00 CET 2021 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Thu May 06 01:59:59 CEST 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Mar 18, 2021 20:23:04.576222897 CET	64.111.99.224	443	192.168.2.3	49733	CN=scheduling.mesacountyhealth.com CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sat Jan 23 11:16:46 CET 2021 Wed Oct 07 21:21:40 CEST 2020	Fri Apr 23 12:16:46 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
Mar 18, 2021 20:23:04.576222897 CET	64.111.99.224	443	192.168.2.3	49733	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		37f463bf4616ecd445d4a1937da06e19
Mar 18, 2021 20:23:13.764204025 CET	64.233.167.156	443	192.168.2.3	49761	CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Feb 23 16:36:52 CET 2021 Thu Jun 15 02:00:42 CEST 2017	Tue May 18 17:36:51 CEST 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Mar 18, 2021 20:23:13.764204025 CET	64.233.167.156	443	192.168.2.3	49761	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Mar 18, 2021 20:23:13.764250040 CET	64.233.167.156	443	192.168.2.3	49762	CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Feb 23 16:36:52 CET 2021 Thu Jun 15 02:00:42 CEST 2017	Tue May 18 17:36:51 CEST 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Mar 18, 2021 20:23:13.764250040 CET	64.233.167.156	443	192.168.2.3	49762	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 5980 Parent PID: 792

General

Start time:	20:22:44
Start date:	18/03/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff69b0b0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 5692 Parent PID: 5980

General

Start time:	20:22:45
Start date:	18/03/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5980 CREDAT:17410 /prefetch:2
Imagebase:	0x2d0000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report http://scheduling.mesacountyhealth.com/public/covidInitialDose/instructions/en.html

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 5980 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 5692 Parent PID: 5980

General

Disassembly