flash

COVID19open_closedPodsVACCINE_LETTER2B.docx

Status: finished
Submission Time: 16.02.2021 16:11:53
Clean

Comments

Tags

Details

  • Analysis ID:
    353581
  • API (Web) ID:
    609114
  • Analysis Started:
    16.02.2021 16:12:35
  • Analysis Finished:
    16.02.2021 16:29:11
  • MD5:
    e65769cca6ce8214adf674a8001d83b4
  • SHA1:
    d3800da27e0aa660f04da269b5392fb3f4c26eb5
  • SHA256:
    b0ecb837f4df662ff941ce2cdb64cea78b07c22b1e9ad0d328229aa9dd9f1996
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports
New

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

clean
0/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Potential for more IOCs and behavior

clean
1/100

IPs

IP Country Detection
199.192.8.2
United States

Domains

Name IP Detection
www.dhhs.state.nh.us
199.192.8.2
www.app-support.nh.gov
199.192.8.2
www.nh.gov
199.192.8.2
Click to see the 1 hidden entries
www.dhhs.nh.gov
0.0.0.0

URLs

Name Detection
https://shell.suite.office.com:1443
https://twitter.com/NHPubHealth
https://autodiscover-s.outlook.com/
Click to see the 97 hidden entries
https://www.dhhs.nh.gov/foryou/teens.htm
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
https://cdn.entity.
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
https://rpsticket.partnerservices.getmicrosoftkey.com
https://lookup.onenote.com/lookup/geolocation/v1
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
https://api.aadrm.com/
https://www.dhhs.nh.gov/foryou/women.htm
https://www.dhhs.nh.gov/foryou/seniors.htm
https://www.dhhs.nh.gov/foryou/disabilities.htm
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
https://api.microsoftstream.com/api/
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
https://cr.office.com
https://www.nh.gov/policy/accessibility.htm
https://www.dhhs.nh.gov/#translateilities.htmt
https://www.dhhs.nh.gov/favicon.ico~
http://www.reddit.com/
https://www.app-support.nh.gov/nhgov-fonts/encode-sans/encodesanscondensed-medium.woff)
https://www.app-support.nh.gov/nhgov-fonts/trirong/trirong-regular.woff)
https://www.dhhs.nh.gov/foryou/adults.htmm
https://res.getmicrosoftkey.com/api/redemptionevents
https://tasks.office.com
https://www.nh.gov/covid19
https://officeci.azurewebsites.net/api/
https://www.dhhs.nh.gov/about/index.htmies.htm
https://www.dhhs.nh.gov/foryou/adults.htm
https://dashboard.nh.gov/#/site/DHHS/views/COVID-19LrgMaps/MAPCumulativeLrg.pdf
https://store.office.cn/addinstemplate
https://www.servicelink.nh.gov/
https://wus2-000.pagecontentsync.
https://www.app-support.nh.gov/nhgov-fonts/trirong/trirong-bold-italic.woff)
https://www.dhhs.nh.gov
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
https://www.dhhs.nh.gov/foryou/women.htmmr
https://www.odwebp.svc.ms
https://api.powerbi.com/v1.0/myorg/groups
https://web.microsoftstream.com/video/
https://www.dhhs.nh.gov/foryou/women.htm
https://www.doj.nh.gov/covid-19-scams/
https://graph.windows.net
https://www.nh.gov
https://dashboard.nh.gov/#/site/DHHS/views/COVID19InteractiveMapDashboard/Town-ActiveCases-Data.csv?
https://www.dhhs.nh.gov/index.htmjNew
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
https://www.dhhs.nh.gov/foryou/families.htm
https://www.hhs.gov/sites/default/files/ocr-bulletin-3-28-20.pdf
https://www.dhhs.nh.gov/dphs/cdcs/covid19/crisis-soc-medical-ad-comm.htm
https://www.dhhs.nh.gov/index.htmilities.htmd
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
http://weather.service.msn.com/data.aspx
https://www.app-support.nh.gov/nhgov-fonts/open-sans/opensans-bold.woff)
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
https://www.dhhs.nh.gov/#skip/www.dhhs.nh.gov/favicon.ico
https://www.dhhs.nh.gov/foryou/seniors.htm
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
https://clients.config.office.net/user/v1.0/ios
https://www.dhhs.nh.gov/foryou/families.htmx
https://o365auditrealtimeingestion.manage.office.com
https://outlook.office365.com/api/v1.0/me/Activities
https://clients.config.office.net/user/v1.0/android/policies
http://www.amazon.com/
https://entitlement.diagnostics.office.com
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
https://www.who.int/health-topics/coronavirus
http://www.twitter.com/
https://outlook.office.com/
https://storage.live.com/clientlogs/uploadlocation
https://www.nh.gov/file-format/pdf.htm
https://www.dhhs.nh.gov/index.htmilities.htm
https://www.nh.gov/index.htm
https://www.nh.gov/covid19/resources-guidance/vaccination-planning.htm
https://www.dhhs.nh.go
http://www.dynamicdrive.com)
https://graph.windows.net/
https://devnull.onenote.com
https://www.dhhs.nh.gov/
http://coveringnewhampshire.org/
https://www.dhhs.nh.gov/about/index.htm
https://messaging.office.com/
http://txkang.com
https://www.dhhs.nh.gov/foryou/women.htmm
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
https://skyapi.live.net/Activity/
https://www.nh.gov/covid19/X
http://ekallevig.com/jshowoff
http://www.nytimes.com/
https://api.cortana.ai
https://www.nh.gov/covid19/index.htm
https://visio.uservoice.com/forums/368202-visio-on-devices
https://www.dhhs.nh.gov/index.htm
https://staging.cortana.ai
https://www.nhcarepath.dhhs.nh.gov/
https://onedrive.live.com/embed?
https://www.dhhs.nh.gov/favicon.ico

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2B1065E4-70B6-11EB-90E5-ECF4BB570DC9}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2B1065E6-70B6-11EB-90E5-ECF4BB570DC9}.dat
Microsoft Word Document
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{43C50248-70B6-11EB-90E5-ECF4BB570DC9}.dat
Microsoft Word Document
#
Click to see the 97 hidden entries
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\dikxvqf\imagestore.dat
data
#
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\ADCB58F4-D1C1-44B4-8E35-2D0947F07A2D
XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\698A8F31.png
PNG image data, 293 x 295, 1-bit colormap, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{684EC546-5172-4E4C-A638-EBF4CDF1FB1E}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9766F8FA-474A-4D26-9B90-1E4FEFAFF644}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B268D7D1-175E-4774-8B62-5FC8DD9A2BB9}.tmp
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\400x25officialsite[1].gif
GIF image data, version 89a, 400 x 25
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\a-large[1].png
PNG image data, 16 x 13, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\arrow_ltblue[1].gif
GIF image data, version 89a, 11 x 11
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\background-hi-lite[1].png
PNG image data, 34 x 400, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\contribute[1].css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\element_main[1].js
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\emergency[1].jpg
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 515x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\flags[1].gif
GIF image data, version 89a, 133 x 27
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\flu-fighters[1].jpg
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 515x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\googlelogo_color_42x16dp[1].png
PNG image data, 42 x 16, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\granite-advantage[1].jpg
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 150x95, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\icon-twitter-bird[1].gif
GIF image data, version 89a, 21 x 20
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\mediumA[1].gif
GIF image data, version 89a, 16 x 13
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\nheasy-sm[1].jpg
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 150x57, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\opensans-bold-italic[1].woff
Web Open Font Format, TrueType, length 65060, version 1.10
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\opensans-bold[1].woff
Web Open Font Format, TrueType, length 70188, version 1.10
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\opensans-italic[1].woff
Web Open Font Format, TrueType, length 65184, version 1.10
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\opensans-semibold-italic[1].woff
Web Open Font Format, TrueType, length 65888, version 1.10
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\opensans-semibold[1].woff
Web Open Font Format, TrueType, length 69884, version 1.10
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\opensans[1].woff
Web Open Font Format, TrueType, length 67524, version 1.10
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\print[1].css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\search-btn[1].png
PNG image data, 36 x 30, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\the-doorway[1].jpg
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 150x112, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\trans[1].gif
GIF image data, version 89a, 1 x 1
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\translate_24dp[1].png
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\translate_24dp[2].png
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\YEY3408P.htm
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\arrow_blue0[1].gif
GIF image data, version 89a, 11 x 11
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\arrow_gold0[1].gif
GIF image data, version 89a, 11 x 11
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\arrow_green0[1].gif
GIF image data, version 89a, 11 x 11
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\button-sysc[1].gif
GIF image data, version 89a, 149 x 121
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\carbon-monoxide[1].jpg
[TIFF image data, little-endian, direntries=12, height=292, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=600], baseline, precision 8, 515x251, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\coronavirus[1].jpg
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 525x295, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\covid19[1].htm
HTML document, ASCII text
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\current-map-small[1].png
PNG image data, 296 x 371, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\encodesanscondensed-bold[1].woff
Web Open Font Format, TrueType, length 70596, version 0.0
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\heart-month[1].jpg
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 515x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\icon_flash[1].gif
GIF image data, version 89a, 16 x 16
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\jquery-1.2.6.min[1].js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\jquery.jshowoff.min[1].js
ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\jshowoff[1].css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\lg-screen[1].css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\mcm-logo[1].jpg
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 150x79, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\menu-triangle[1].png
PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\office[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 300x150, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\print[1].css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\sm-screen[1].css
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\state-seal-20perc[1].png
PNG image data, 290 x 272, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\trirong-bold-italic[1].woff
Web Open Font Format, TrueType, length 104636, version 1.0
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\trirong-bold[1].woff
Web Open Font Format, TrueType, length 92188, version 1.0
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\trirong-italic[1].woff
Web Open Font Format, TrueType, length 97836, version 1.0
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\trirong-regular[1].woff
Web Open Font Format, TrueType, length 91200, version 1.0
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\xls-icon[1].gif
GIF image data, version 89a, 16 x 16
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\1000x100-jpg-header06[1].jpg
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 1000x100, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\button-glencliff[1].gif
GIF image data, version 89a, 149 x 121
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\button-nhh[1].gif
GIF image data, version 89a, 162 x 127
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\calendar-graphic[1].png
PNG image data, 170 x 126, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\covid-19-collage[1].jpg
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 1170x283, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\covid19[1].htm
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\cumulative-map-small[1].png
PNG image data, 296 x 371, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ds[1].gif
GIF image data, version 89a, 1 x 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\facebook-btn[1].png
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\favicon[1].ico
MS Windows icon resource - 2 icons, 16x16, 32x32
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\footer_seal[1].gif
GIF image data, version 89a, 25 x 25
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\gcd-seal[1].jpg
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 180x64, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\icon-fb-like[1].gif
GIF image data, version 89a, 42 x 20
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\icon-sp[1].gif
GIF image data, version 89a, 19 x 29
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\icon_pdf[1].gif
GIF image data, version 89a, 16 x 16
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\iconseal[1].gif
GIF image data, version 89a, 25 x 25
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\index[1].htm
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\mental-health[1].jpg
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 515x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\pdf-icon[1].gif
GIF image data, version 89a, 16 x 16
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\school-safety[1].png
PNG image data, 150 x 49, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\seniors[1].htm
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\smallA[1].gif
GIF image data, version 89a, 16 x 13
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\teens[1].htm
HTML document, ASCII text, with very long lines, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\textsizer2[1].js
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\textsizer[1].js
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\1095b[1].jpg
[TIFF image data, little-endian, direntries=0], baseline, precision 8, 515x250, frames 3
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\a-med[1].png
PNG image data, 16 x 13, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\a-small[1].png
PNG image data, 16 x 13, 8-bit/color RGBA, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\adults[1].htm
HTML document, ASCII text, with very long lines, with CRLF line terminators
#