Analysis Report https://www.golfcoronado.com/

Overview

General Information

Sample URL:	https://www.golfcoronado.com/
Analysis ID:	385660
Infos:
Most interesting Screenshot:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

HTML title does not match URL

Submit button contains javascript call

Classification

Signatures

Phishing:

HTML title does not match URL

Source: https://www.golfcoronado.com/tournaments	HTTP Parser: Title: Tournaments does not match URL
Source: https://www.golfcoronado.com/tournaments	HTTP Parser: Title: Tournaments does not match URL

Submit button contains javascript call

Source: https://www.golfcoronado.com/tournaments	HTTP Parser: On click: RSFormPro.YUICalendar.showHideCalendar('cal2_0Container');
Source: https://www.golfcoronado.com/tournaments	HTTP Parser: On click: RSFormPro.YUICalendar.showHideCalendar('cal2_0Container');

Source: https://www.golfcoronado.com/tournaments	HTTP Parser: No <meta name="copyright".. found
Source: https://www.golfcoronado.com/tournaments	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 69.167.161.101:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.101:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.119:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.119:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.119:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.119:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.119:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.25.34:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.25.34:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.101:443 -> 192.168.2.6:49745 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: www.golfcoronado.com

Source: calendar[1].js.3.dr	String found in binary or memory: http://developer.yahoo.com/yui/license.html
Source: calendar[1].css.3.dr	String found in binary or memory: http://developer.yahoo.net/yui/license.txt
Source: script[1].js0.3.dr	String found in binary or memory: http://kevin.vanzonneveld.net
Source: script[1].js0.3.dr	String found in binary or memory: http://kevin.vanzonneveld.net)
Source: social[1].js.3.dr	String found in binary or memory: http://twitter.com/share
Source: webcam[1].htm.3.dr	String found in binary or memory: http://www.1-2-1marketing.com
Source: KFOmCnqEu92Fr1Mu4mxP[1].ttf.3.dr, KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf.3.dr, KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf.3.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: bootstrap.min[1].js.3.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.txt
Source: juniors[1].jpg.3.dr	String found in binary or memory: http://www.dreamstime.com/royalty-free-stock-photos-kids-golf-competition-children-posing-near-car-c
Source: junior_golf[1].jpg.3.dr	String found in binary or memory: http://www.dreamstime.com/stock-images-kids-golf-competition-children-playing-taking-part-course-sum
Source: uikit2-2143e9f4[1].js.3.dr	String found in binary or memory: http://www.getuikit.com
Source: junior-golf[1].htm.3.dr	String found in binary or memory: http://www.girlsgolf.org
Source: jcemediabox.min[1].js.3.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl-2.0.html
Source: acymailing_module[1].js.3.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl-3.0.html
Source: social[1].js.3.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: 622COIJN.htm.3.dr	String found in binary or memory: http://www.golfchannel.com/media?guid=9VqDBlqa25FOw9wVpJgZYptJ_R_tRmh2
Source: 622COIJN.htm.3.dr	String found in binary or memory: http://www.golfcoronado.com/25-uncategorized/17-welcome
Source: PGA-Profile-Coronado[1].pdf.3.dr	String found in binary or memory: http://www.sdjuniorclub.com)
Source: bootstrap[1].css.3.dr	String found in binary or memory: http://www.yootheme.com/license)
Source: analytics[1].js.3.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: 622COIJN.htm.3.dr	String found in binary or memory: https://campaignpilot.com/plugins/campaignpilot.js
Source: recaptcha__en_gb[1].js.3.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: recaptcha__en_gb[1].js.3.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en_gb[1].js.3.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: 622COIJN.htm.3.dr	String found in binary or memory: https://feastandfarewaycoronado.com/
Source: bootstrap[1].css.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat
Source: bootstrap[1].css.3.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Noto
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/fjallaone/v8/Yq6R-LCAWCX3-6Ky7FAFrOF6lA.woff)
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v17/0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkqs.woff)
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v17/0QI6MX1D_JOuGQbT0gvTJPa787z5vBJBkqs.woff)
Source: css[2].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459WlhzQ.woff)
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/muli/v22/7Aulp_0qiz-aVz7u3PJLcUMYOFkQl0k30e4.woff)
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/muli/v22/7Aulp_0qiz-aVz7u3PJLcUMYOFkpl0k30e4.woff)
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/muli/v22/7Aulp_0qiz-aVz7u3PJLcUMYOFmQkEk30e4.woff)
Source: css[1].css0.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/muli/v22/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30e4.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v9/ga6Iaw1J5X9T9RW6j9bNfFcWbg.woff)
Source: css[1].css.3.dr	String found in binary or memory: https://fonts.gstatic.com/s/notoserif/v9/ga6Kaw1J5X9T9RW6j9bNfFImajC9.woff)
Source: AcroRd32.exe, 00000008.00000003.408522785.0000000009502000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: recaptcha__en_gb[1].js.3.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: analytics[1].js.3.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: recaptcha__en_gb[1].js.3.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en_gb[1].js.3.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en_gb[1].js.3.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en_gb[1].js.3.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: analytics[1].js.3.dr	String found in binary or memory: https://tagassistant.google.com/
Source: {BCC0B376-9C01-11EB-90E5-ECF4BB2D2496}.dat.2.dr	String found in binary or memory: https://www.golfcoronado.
Source: {BCC0B376-9C01-11EB-90E5-ECF4BB2D2496}.dat.2.dr	String found in binary or memory: https://www.golfcoronado.Root
Source: webcam[1].htm.3.dr	String found in binary or memory: https://www.golfcoronado.com
Source: ~DF9BE3C77B1405F18B.TMP.2.dr, {BCC0B376-9C01-11EB-90E5-ECF4BB2D2496}.dat.2.dr	String found in binary or memory: https://www.golfcoronado.com/
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/#tm-top-a
Source: {BCC0B376-9C01-11EB-90E5-ECF4BB2D2496}.dat.2.dr	String found in binary or memory: https://www.golfcoronado.com/FCoronado
Source: {BCC0B376-9C01-11EB-90E5-ECF4BB2D2496}.dat.2.dr	String found in binary or memory: https://www.golfcoronado.com/Root
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/course-info/course-information
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/course-info/course-information$Course
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/course-info/rates
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/course-info/ratesinformation
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/course-info/webcam
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/course-info/webcaminformation
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/course-info/webcaminformations
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/course-info/webcaminformation~
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/images/PGA-Profile-Coronado.pdf
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/instruction/adult-group-lessons
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/instruction/adult-group-lessons&Adult
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/instruction/adult-group-lessonsF
Source: ~DF9BE3C77B1405F18B.TMP.2.dr, golf-pro-bios[1].htm.3.dr	String found in binary or memory: https://www.golfcoronado.com/instruction/golf-pro-bios
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/instruction/junior-golf
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/instruction/junior-golfessons
Source: ~DF9BE3C77B1405F18B.TMP.2.dr, lesson-rates[1].htm.3.dr	String found in binary or memory: https://www.golfcoronado.com/instruction/lesson-rates
Source: 622COIJN.htm.3.dr	String found in binary or memory: https://www.golfcoronado.com/media/com_acymailing/css/module_default.css?v=1573072179
Source: 622COIJN.htm.3.dr	String found in binary or memory: https://www.golfcoronado.com/media/com_acymailing/js/acymailing_module.js?v=51010
Source: imagestore.dat.3.dr	String found in binary or memory: https://www.golfcoronado.com/templates/yoo_avanti/favicon.ico~
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/tm-top-a
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/tm-top-a.com/#tm-top-a
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/tournaments
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/tournamentsunior-golfessons
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfcoronado.com/tournamentsunior-golfessonsr
Source: course-information[1].htm.3.dr	String found in binary or memory: https://www.golfsandiego.com/welcome-coronado-golfers?utm_source=CoronadoGC_website&utm_medium=l
Source: 622COIJN.htm.3.dr, ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.golfsandiego.com/welcome-coronado-golfers?utm_source=CoronadoGC_website&utm_medium=link&
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: recaptcha__en_gb[1].js.3.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: 622COIJN.htm.3.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js?onload=JoomlaInitReCaptcha2&render=explicit&hl=en-GB
Source: bframe[1].htm.3.dr, api[1].js.3.dr, recaptcha__en_gb[1].js.3.dr, anchor[1].htm0.3.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeR_R8UAAAAAA0VG_vkkJuI1o5wkHexvzimAWK0&co=aHR0
Source: ~DF9BE3C77B1405F18B.TMP.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/bframe?hl=en-GB&v=539Evs44yecoSf-lkJBQzKKj&k=6LeR_R8UAAAAAA0VG
Source: analytics[1].js.3.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: bframe[1].htm.3.dr, webworker[1].js.3.dr, api[1].js.3.dr, anchor[1].htm0.3.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/539Evs44yecoSf-lkJBQzKKj/recaptcha__en_gb.js
Source: bframe[1].htm.3.dr, anchor[1].htm0.3.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/539Evs44yecoSf-lkJBQzKKj/styles__ltr.css
Source: jcemediabox.min[1].js.3.dr	String found in binary or memory: https://www.joomlacontenteditor.net
Source: adult-group-lessons[1].htm.3.dr	String found in binary or memory: https://www.smarterlessons.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 69.167.161.101:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.101:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.119:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.119:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.119:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.119:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.119:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.25.34:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.32.25.34:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 69.167.161.101:443 -> 192.168.2.6:49745 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@7/126@4/3

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BCC0B374-9C01-11EB-90E5-ECF4BB2D2496}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF71F77B353CF93854.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5624 CREDAT:17410 /prefetch:2
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 6108
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 6108
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5624 CREDAT:17410 /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' /o /eo /l /b /ac /id 6108	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 /o /eo /l /b /ac /id 6108	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Anti Debugging:

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 8_2_05187110 LdrInitializeThunk,

8_2_05187110

Source: AcroRd32.exe, 00000008.00000002.414484031.0000000005B80000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000008.00000002.414484031.0000000005B80000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000008.00000002.414484031.0000000005B80000.00000002.00000001.sdmp	Binary or memory string: &Program Manager
Source: AcroRd32.exe, 00000008.00000002.414484031.0000000005B80000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
69.167.161.101	golfcoronado.com	United States	32244	LIQUIDWEBUS	false
13.32.25.34	campaignpilot.com	United States	7018	ATT-INTERNET4US	false
69.167.161.119	demo.1-2-1marketing.com	United States	32244	LIQUIDWEBUS	false

Contacted Domains

Name	IP	Active
demo.1-2-1marketing.com	69.167.161.119	true
campaignpilot.com	13.32.25.34	true
golfcoronado.com	69.167.161.101	true
www.golfcoronado.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.golfsandiego.com/welcome-coronado-golfers?utm_source=CoronadoGC_website&utm_medium=link&utm_campaign=CoronadoGC_referrals	false	unknown
https://www.golfcoronado.com/	false	high
https://www.golfcoronado.com/course-info/webcam	false	high
https://www.golfcoronado.com/instruction/lesson-rates	false	high
https://www.golfcoronado.com/course-info/rates	false	high
https://www.golfcoronado.com/instruction/junior-golf	false	high
https://www.golfcoronado.com/#tm-top-a	false	high
https://www.golfcoronado.com/instruction/golf-pro-bios	false	high
https://www.golfcoronado.com/course-info/course-information	false	high
https://www.golfcoronado.com/tournaments	false	high
https://www.golfcoronado.com/instruction/adult-group-lessons	false	high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\UM9GSJ8J\www.google[1].xml	ASCII text, with no line terminators	933C23F84AE4F512133135CD1679D1DF	9DE2BDEF1E749B3DC8A175B3DC9B848DFA8AC260	18049AB849912D978067F5B4505D4CD8DD576560980A8C370D52EDEFD7EAD434
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BCC0B374-9C01-11EB-90E5-ECF4BB2D2496}.dat	Microsoft Word Document	E33C0857A68197BFD79BF9E3ED32842D	63B69F0B2BD2C776582515082F6EBD868B6B310B	5D7AD39FBC606ECDDDD714345DD423E4E3E7F923383BC1E1E6AA1B30F2A62046
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BCC0B376-9C01-11EB-90E5-ECF4BB2D2496}.dat	Microsoft Word Document	CDF4D0079008A64690F1B114187401F6	41FEB78DEFEC6ACFC91CB3843922B4BBB0399CB8	357A5FA774CD2F0881AE65596D6C1FF5794BEF4166300889B7487CF4E8C43858
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C4144EC6-9C01-11EB-90E5-ECF4BB2D2496}.dat	Microsoft Word Document	4877FCEFE6ACDC4ED97C9CFDC74E69E8	B2FCA047F4A460F3D408D8BB287C4B66542ACC2A	C0E370AD9FCE3EFB497477FD808A8DBD432C0209163B5C59B766913E5659627C
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\wlm7n14\imagestore.dat	data	A33AC91B4C2EF6B01F639F3EE6786BBC	5C68FF5B2EB9528E618755413F7E4355A0DBE41F	744C0244DF12251B2B97455A5945A7B7FD30CC04F16C0F92FC959E0C8EB83327
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30e4[1].woff	Web Open Font Format, TrueType, length 20644, version 1.1	91288B87B7BBE6D6FBFB131D5DBACBF1	E8D1EE39BBDF5DEA50861488704490C66CFC602A	0A34DA75A521DA237A12876684AC11B2C21D9B8D47FB9E9DEEAA998FB98324E1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\PGA-Profile-Coronado[1].pdf	PDF document, version 1.3	2F5657E68F2228140BD5CA6391EED062	8DD09B9DD53E8B5B726B7EBA6E981E4C02D45A60	F43EF967D5C93C7F767FC14B487C00D563E26DB8A675971BED65562C138339A2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\Yq6R-LCAWCX3-6Ky7FAFrOF6lA[1].woff	Web Open Font Format, TrueType, length 19976, version 1.1	7710E53EE1E24055DD9BA499766CBF2A	84B6D697B33EBFBDC7E7892D1B51FEC3CC3AF64B	DA9B29CAD35666AD35DF54FC721FF8D0838660640456185A86521E6C506B81CD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\banner_1[1].jpg	[TIFF image data, little-endian, direntries=0], progressive, precision 8, 2000x835, frames 3	F5428635C480B8C986D17DA23FB93731	A9736B525B850860F4A198CC8899E9866CBB5C08	4A2B14DAEACA298DA356826D9B9ABD19DA688AA8A1E1BA7D440D36BE0BF67C2C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\banner_button_1[1].jpg	[TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, frames 3	DF09C2ED6A97CBB5BE84950C8A598F23	5B3E53538B9B86EDBAE761980A6BBAE241F52A57	BABD55E9F56A5D5B11CCBDA8A0E6E1D11633CB1D03F14A8755B722BA6D8BE428
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\banner_button_3[1].jpg	[TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, frames 3	B18B2B4C4CB99A1E66CB184F827C0282	B932BD4C77EC6BD87A92251B2DFA60C5FEE64F40	BC701B05296D823978958899F37FCDAD8BA7FDD087F6ECF2243CF8E033E2B94C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\banner_button_4[1].jpg	[TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, frames 3	7D71D98EA0AF9D22228CE07BCAA1DCB1	1BC40949742441FFCF8684E0C2632E2F9E9F4222	85F3206BC7BC8440F59819A9F2F36A991925CB48032E90FDB083E4478C7BF82C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\calendar[1].js	ASCII text, with very long lines, with CRLF line terminators	9A324D28D9904FCCE62478C3DE19FFC3	8381F14112706B6C003D7F50F5D57FE9F6E13B55	8F441F14EDC55A96007732EE8BA5246B656051428C96CF9D8D7D5F0A5499E238
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\city-of-coronado-logo[1].png	PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced	AF6CB4E3136F416712D32B9079DF8984	AB9E3D6D6BCF39B373F6DB2638D53A7D4506484D	BDCA68C79BA53EB1701DC54AC3B1487809E2D4D52757FDB9D7B6DAF5EFBEBE8B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\custom[1].js	UTF-8 Unicode (with BOM) text, with CRLF line terminators	5517E5BFB948962C6A5999446BAAF409	7B060B8B4212D8B78E8AFDD65661E1981AD1B368	48D481003AE7740D61DE8ED0BE2A090D24F53C9F8A93FEC7411DE403C5BE9163
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\favicon[1].ico	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	6CEFF6449F8F37889351B717609E67D2	C179D1FA5B6111AE45A7E45EDD1E80A0A07892CE	FDB554EB67AF926326715B9B4D5B1877DD49DFC86386F59966172BE929345247
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\fontawesome-webfont[1].woff	Web Open Font Format, TrueType, length 89076, version 1.0	273F0BB520E37453D185A6EC9E566351	CFD0792239E00B4EFB4FA2383F85CA3F1E3DCDAB	2411947E1534AB21E31D4E1C6C46214AE93D1A2BA2C643FF620568C585D949B9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\golf-channel-logo[1].png	PNG image data, 164 x 163, 8-bit/color RGBA, non-interlaced	22AEB7803BB6332490B77C283D721419	092EA1578E62070C4B8BE9684644429D3D927AFE	707D1C4866A50D9F02DE666E733FB1C0C2D6D9D8A824BAF9E346310691F721A5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\golf-digest-logo[1].png	PNG image data, 163 x 163, 8-bit/color RGBA, non-interlaced	D931237D95A3F7B78B8736240E631557	2FA8E29A56F430EC18482D71385C0A8B49CB451C	CD75C8575A2AE04D63EB6B6D6BFDF81FABF35736236F6CC8051F9344D80F688A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	9234071287E637F85D721463C488704C	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\jcemediabox.min[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	9D108330040BD2B7386AD9C4CF8105FC	53594F946AF4896BB98AC91A817990EAA74B75D1	CC61348D07D4BB7C569FED635C4FCBC26D5EC226657E7C4340C63D10093AF2F5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\jcemediabox.min[1].js	HTML document, UTF-8 Unicode text, with very long lines	1B6E86F0CF3DB9F07A84A04E29A794E0	B4F87734D77B5B455272EED66254F872458E7605	484976F805712704558C5AFB0145FA21E607B554DC8EC94B0088E8D5BA5FEBEF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\jquery-migrate.min[1].js	ASCII text, with very long lines	7121994EEC5320FBE6586463BF9651C2	90532AFF6D4121954254CDF04994D834F7EC169B	48EB8B500AE6A38617B5738D2B3FAEC481922A7782246E31D2755C034A45CD5D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\logo[1].png	PNG image data, 76 x 62, 8-bit/color RGBA, non-interlaced	6026A7030CE11733FC9DDCAE281349C9	B97FA3146211D8FD6D2FCAAA04C31B91C8A032FD	3DAA289A34ED6B38EDFBBFB76050E5B99DDCCB9314D56E493E5348EF98ABEF0A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\main[1].css	assembler source, ASCII text	C59599C6D682548DD634B19BB8C025DA	BF23FEBF7062E53BE8BE8A8720A88EC439BE26C1	3A4EC77FD81E5B08D00E41CA880E81BE1263309C9D4930D176E70603D549B620
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\march12021rates[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 2550x3300, frames 3	B1648A8EA39EA2F21C4D42B4EA51F1DD	2CEF2A815ACFA766CCB7CD492529B31C04F79CDF	1F7E4BE9A6A673F7A2BD773581D8CF0CF7BE9E1075A4A70E760B9B42C5ED6323
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\markgedds[1].png	PNG image data, 840 x 1050, 8-bit/color RGB, non-interlaced	DC25E3FDA116F5802F600E080CC49E66	BFE631B285FDD7B16BD221C94F692A62B4327527	BFBE6DDD45012E10CFC2946381D8BCFD40C24AAD4FA190B727603327E6CC388D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\rates[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, CR, LF line terminators	FBB4B3F0D89C7C7AB42310CABBDAD392	E43FFCC8897CD910F497B275BE25EB7398C8D24E	5C21225100EB3E02A52BCC1E8A901EFB5A62891E3A9A42CDF060CE110D2F0E1B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\script[1].js	ASCII text, with CRLF line terminators	85A8540321B88D1D2761775A91CB54B6	83D6873124051C8281BDE893AF1C965C42F96A08	087F73EF30CC698B872ED48316FFE7EF38371A7E7635AE170222ECE9B919E71B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\theme-icons[1].eot	Embedded OpenType (EOT), theme-icons family	A22FD017802D49CC17805655A2D5F6AC	847E886C66325D2C34CDDC2B8FDD3C29417FF260	973D087D28C27445989D03B0404F075395CB4C2D3DBC65F5953706534C7F6982
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\velocity[1].js	ASCII text, with very long lines, with no line terminators	C226BC08EA47F737C97BD45051A50E35	134F94D957FF76D1427AB41B1D61BA07E6057578	9A6C90D617D93F4D7DF6D22B2F1592A81F5EE35F03B0EE3FCE723DC8E7426236
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\0QI6MX1D_JOuGQbT0gvTJPa787weuxJBkqs[1].woff	Web Open Font Format, TrueType, length 23256, version 1.1	18E48BEDF6F3FDF2A03A7E44D2AAA2CE	0EAF056823EDAA7D9BC51E05772FA28DA310FF57	5FD9A5BE62963B7E2C9948047F7F7C70E1EC7194AB1D059F49BCCF88513C8E7F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\0QI6MX1D_JOuGQbT0gvTJPa787z5vBJBkqs[1].woff	Web Open Font Format, TrueType, length 23324, version 1.1	9FB83404675A55EDB22A417C958FDFAD	E09B6A97D55A7040683576CBB9B25D3CAF69AB0B	39B7A1F170CFEA07CA7485087FF49BAFAF86FACB0A81E36AFA7904ED0C887A74
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\622COIJN.htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, CR, LF line terminators	583703132A4D70FC0F76E8EE6FBAF9DB	D1CC3AD2CF2F1ACAFD7BD81AB82D6FBAE7F4DB0C	F3017867067DC63E3E3E1B0A9C007564E0315DF5A0BCA1846910478D27F4A80B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\7Aulp_0qiz-aVz7u3PJLcUMYOFkQl0k30e4[1].woff	Web Open Font Format, TrueType, length 20708, version 1.1	992B9C11370518AECE1690BB6EC7BD3B	C474792143CF895DAA6341CAFF828B1BF4D385D0	CDCFC6049038D4962A320D79831AD8D881BA92046684BA9C3C2675F7A0DE32EA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\7Aulp_0qiz-aVz7u3PJLcUMYOFkpl0k30e4[1].woff	Web Open Font Format, TrueType, length 20756, version 1.1	4103B329F719559FBA5FE266839C0431	32E4635A61F8D5340EA1FB0BD337A3C8C04C2069	23D97C24A70B4BBDD28F76DBA3D50CCB71CD0B92288A4B16619EABF1BD38453A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\Petra-Cole[1].jpg	[TIFF image data, big-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, resolutionunit=2], baseline, precision 8, 231x228, frames 3	201F7E0614C023AFEFA4B872CF78E3F9	399D33ABE4650B9FAB478DDCB123FB2E78F2C51C	CDCB3BAE2888EAB28F3339F0E07C75367EB63CD5BBEDB89C95AF556483D1869C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\acymailing_module[1].js	ASCII text, with very long lines, with CRLF line terminators	A7FCC00D95E6FD756371B579925166C0	BF3EF179917D611AC24F377479208D76418F6236	A1B5DDC720119BF45D047BB0CF293D74CB5388199B775292C92E1215B04E6D5F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\anchor[1].htm	HTML document, ASCII text, with very long lines	416C70DF6057A105C3BAAAEC586FB0DC	EE899A9B2FC3A31C9C755588CC91C632B6A9619A	52924E3AF1CD6DD1A542A70A478D3D1705A07E3173294CE05C42F6427BFA4A79
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\api[1].js	ASCII text, with very long lines, with no line terminators	890F7543EEF2F069670C8B933B9349AE	7FB4A333BFFE173DC8CE40D94BB568042CF3EBFB	7E3525E11B949337962EAFF81221EA335BEEFC4F8D55F8ED4B7304BADAB6BB23
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\api[2].js	ASCII text, with very long lines, with no line terminators	890F7543EEF2F069670C8B933B9349AE	7FB4A333BFFE173DC8CE40D94BB568042CF3EBFB	7E3525E11B949337962EAFF81221EA335BEEFC4F8D55F8ED4B7304BADAB6BB23
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\banner-new-2[1].jpg	[TIFF image data, little-endian, direntries=1, copyright=Fitzgerald Visuals], baseline, precision 8, 1478x617, frames 3	9DB0D38F2FC76BCD9E1975B1D780B845	1738D6F752C2B7954C7AC0C4DE88921C2A27BFCB	945762E9F78133BE1322444DF04D9D893B21B28FDBBE4644F626036A141947B1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\banner-new-3[1].jpg	[TIFF image data, little-endian, direntries=1, copyright=@ 2013 Oscar G Medina 858.274.0665], baseline, precision 8, 1600x669, frames 3	78514FB4C15B8612F01307B7861D6029	E63264FB6723A6C5EB6C40E01BA90F60A6F999D7	8A3C6059848E41CDFCF23E2590478071C71F0D5D62E9759CB3DF20510B28C83F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\banner_button_2[1].jpg	[TIFF image data, little-endian, direntries=0], progressive, precision 8, 400x400, frames 3	7881BE6A8EC7EC06B54CEF70BFCCBA0B	F96DA104EC069599EEF8B670A46CB78EFE60DAF1	DD9A784A4826E55D67FB3D58D65DC7DEF4C2527EFD186AE00022AA9A14F9094B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\bframe[1].htm	HTML document, ASCII text	D490665160AA5220EA94324E1088BF36	6E3640FA0AD74A42F4152E8A1B3143FCEC672F8E	A10D6A1E237D59AB31DF58F1C20F7C49E8707D04CA846CA0FF63C60BC0E77E1D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\campaignpilot[1].js	UTF-8 Unicode text, with very long lines, with no line terminators	6049B6F2CE95F622566657901F6966B2	BC26066A3221242828AE2517DACFC2B094077286	53F8AEC2AA02D057DE5D49D3820D4C08627517B3E23961E08CC0F2110983C147
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\course-information[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, CR, LF line terminators	6E714B1DD108BBC3C645A0F0A9EAECDB	66C0E4B232E4189926BB20159CC09D652C19ED61	2A8EFA3E0B91FF7FA34F56BD74B6EDEB6301A5D30B06743A05742FDE63CEDFA5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\css[1].css	ASCII text	36D808AFD866423BAEBCED2A3738F224	859CE6B4933055C377CF49EEA278A25EEAE230EC	F4B1829668E9570372C8600D16829CFE4830CDBAF4DDF1B58D24E0FD85C79E85
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\css[2].css	ASCII text	0646418C7AEE21185C202EE136F7AA24	8D5C652ACD0993148978709AC0AA91954EA9F7E9	1CED2BEE5AB9F13FFACC51B4F4232EF4779576ED39A96FFC57A778AA094A890D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	D65EC06F21C379C87040B83CC1ABAC6B	208D0A0BB775661758394BE7E4AFB18357E46C8B	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\extensions[1].css	assembler source, ASCII text, with very long lines, with CRLF line terminators	B918063EE0B5EBCEE8B632A5F438924C	A49B20C1AA588BDE53E66A756674D6388FD7B1AA	0C05A7B918840F28CE7AAD8ACB1D35E0043514641D39D6B8EDBE9C63FBACF9F6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\jquery-noconflict[1].js	ASCII text	E2060C4E5E5955C824723B13A212D3EC	18420CE484978F8BA3D7371FEBF1638828BB7A67	5B6CF4E6EDA02F7C90B60B3C32413C0851915F8F80A268A913B92929085132A6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\lesson-rates[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, CR, LF line terminators	3B3F334BDA23FDC69D371E5E731619DE	FB72A898A013C1F4CB3D9CACD3BAD553B402C917	1E6A5F20CE40C864DA8BCE04AFDFB6F9B960969955A155A84292512D852AA3CE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\logo_slideshow[1].png	PNG image data, 593 x 73, 8-bit/color RGBA, non-interlaced	195D241513685302C4F120A2F8291BC5	F2DF6BE11FC2877BC1DDE60710DA105AA166D081	6DA961504EBC0C1C587288800C8C6BB2DCE39161600B2EBD7F37FE3D1AC0DEE7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\module_default[1].css	ASCII text, with CRLF line terminators	39A533A38EA6F34D73C209208351155E	0CAF31F5800E3D01DDF70D67FA62E0BB316C7194	3C6D689F7C27EF95F57FEEBC3A6DDF1711BC2D1E6225498D558D7DA996AC0076
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\pga-symbols[1].png	PNG image data, 200 x 89, 8-bit/color RGBA, non-interlaced	EA2D20821810A2EDA0408C307519133C	16B7191E231752338BFBC35C11D6E925BCA06E91	8AC0135A702E36BA253944C78275CD794031AF4647C9162D25133CF6134C3EF2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\recaptcha__en_gb[1].js	HTML document, ASCII text, with very long lines	D2A824A6770005938DDC5ABBBC85542D	2E3EAF9360305988AFCFEDB3A0C0B3C17EE2496A	C7A2E2F328B3BE757106DAA4497F0CDFD45C222FC722739946CF7A3E62D56619
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\script[1].js	UTF-8 Unicode text, with CRLF line terminators	94CB6C19794ACB22C4FC199FBC6338D8	A71A2395EFD0AF2994DBC71A24E1E6CCE5549538	9C18AE9B31E16AF8358DBA57A85EAD002B1CD0769EDF325373EFC2E69CB1C802
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\sub_banner_1[1].jpg	[TIFF image data, little-endian, direntries=0], progressive, precision 8, 2000x500, frames 3	1AAAC083C8076AFDA75F084F74000113	505A22342196E41A82AB433C9C86689721FBC189	66A45840CCDEB364AB652877DC6C680CFAF0529F8B6D3E55C59EA89E254FA672
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\tim[1].jpg	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x271, frames 3	91448350848B84E523A98C221344C569	09942010853DA36B004A5A01F486FEC5F1CD85E8	FE9E6938A05A450466D380B446488C48B08BF0A12EACC5BBD7B65385DF62DD21
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\velocity.ui[1].js	ASCII text, with very long lines, with no line terminators	6773BC8C6AB7F71DD7AF54364B3C9E8F	11A380044D24E427A0C6D7DA7D114D46413C49D6	6D07C90B8431C31152A84722BBA0B488B88311C3F66D6D62D7231D968DF6FF31
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\webworker[1].js	ASCII text, with no line terminators	38C3525E8D73FD8314A2C33D7CA1AAE9	19E620E7F25113902265184776AE1862FB0E8D0F	4FA982263F2FD4FCA6A3FCDCAB5196E77464E3ECC158BCCD9AEEC9B7732B117B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\webworker[2].js	ASCII text, with no line terminators	38C3525E8D73FD8314A2C33D7CA1AAE9	19E620E7F25113902265184776AE1862FB0E8D0F	4FA982263F2FD4FCA6A3FCDCAB5196E77464E3ECC158BCCD9AEEC9B7732B117B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\7Aulp_0qiz-aVz7u3PJLcUMYOFmQkEk30e4[1].woff	Web Open Font Format, TrueType, length 20616, version 1.1	76FA45D4455A086B9132FEEA5F587330	B7258076BD6781D78300E83BB6E8BB37CA7CA329	45BD0FCC14529DDE76DB9204A56040DDBDC1BCC0C4C3299DADBF97D69A751EED
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\JTUSjIg1_i6t8kCHKm459WlhzQ[1].woff	Web Open Font Format, TrueType, length 23480, version 1.1	8102C4838F9E3D08DAD644290A9CB701	5AF1938D1327395F47C84E57B6BA7756234D2262	60CEBEA4C9183F51FBD323F14DD729E18768BE4F6395467013216AE36526CF9C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Me	4D88404F733741EAACFDA2E318840A98	49E0F3D32666AC36205F84AC7457030CA0A9D95F	B464107219AF95400AF44C949574D9617DE760E100712D4DEC8F51A76C50DDA1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.Roboto BlackRegularVersion 2.137; 2017Roboto-Bla	4D99B85FA964307056C1410F78F51439	F8E30A1A61011F1EE42435D7E18BA7E21D4EE894	01027695832F4A3850663C9E798EB03EADFD1462D0B76E7C5AC6465D2D77DBD0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\KFOmCnqEu92Fr1Mu4mxP[1].ttf	TrueType Font data, 18 tables, 1st "GDEF", 8 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-Regularht	372D0CC3288FE8E97DF49742BAEFCE90	754D9EAA4A009C42E8D6D40C632A1DAD6D44EC21	466989FD178CA6ED13641893B7003E5D6EC36E42C2A816DEE71F87B775EA097F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\accordion-parent[1].js	ASCII text	4D8303E315C9A58D34FEC81202E893B4	9D39FE103CC0CA082AE39FDA2A41A048FD6DB6E0	86719B89CF556A8E8C2028D899E4A6B335F6B4EB4FA93369BD81CF830B4BC66B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\adult-group-lessons[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, CR, LF line terminators	9349593412D58837662DEA103AA2D2A7	9883D994582797A331B4596BCB5C69056B6E9130	6210D56C95E1E529A901B60DF1ABD397A10BFCE6A33EDFD8014BF79AD5ED42D5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\analytics[1].js	ASCII text, with very long lines	0A4E309B5F2D7439B4F8876B19F37FC7	7AC30F933A2B889EDBE5D3449F4EC90049B0E2A9	F79723478F4C48501CD49AC52B81D6244A6562B9D3F08CE8AB208A8B8878D4C4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\anchor[1].htm	HTML document, ASCII text, with very long lines	62709BE7851FB416E5AD7C7488982C51	AC6B236C2F1DD2907A3889866EAA5F9BB406B93C	979BF4B1CA1779E34A0B86CEEFEFD2AAB0F96C80AAB26416101041B45B4E666B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\bootstrap[1].css	ASCII text, with very long lines	119E02F23B1BC8FBC54F475A2E598A79	F2B32B7F971365AC1A98E19097E7BC23B3E132CB	3DDA9689ADCB6BD7C8F5857E1EE695864AAF366909994B0061ED3FAD2B5F7FEB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\brian[1].jpg	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 250x238, frames 3	43DD35A924C0DF13CF223F9E7941656D	B22438CE96E32032305262C54710EA1142A56314	E7B6D36355DCDD635090486B67CBFE7407A8005F5F617D1D9F9D7D85BE945544
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\callt[1].gif	GIF image data, version 89a, 9 x 12	0718C393FBD4095B219803CB6B7BCBF8	88A51E34BC8C5D616B76743A52AD1FE0CAE8232E	FA25AB37F9AB93F593B571405719BC288EB285210C5C0450E4D7D0EE7ECECB38
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\css[1].css	ASCII text	5C3A2BFCF7CCC53DD57FB41069074FA4	D0E7028E5F1A7972D05DE298B8F10D93A24931D1	54DCC0DD0A721BBF8A600A5CCB7AA62F2E25944C6519A52495194FD483A41A48
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	2DC61EB461DA1436F5D22BCE51425660	E1B79BCAB0F073868079D807FAEC669596DC46C1	ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	C4F558C4C8B56858F15C09037CD6625A	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\engagebox[1].js	ASCII text, with very long lines, with no line terminators	3FB262C100089B5C2746B85EEEFC5379	F29F9BA1C2C8B7A45043A8B09B6777A18D630C5B	9B2C4C124A927D28ED07FCA1DD848E9FC2EF4BE5F181799ECB5B02C765CFA920
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\extensions[1].js	UTF-8 Unicode (with BOM) text, with CRLF line terminators	14EA1230601E3A436C3467FD442E6287	CCF6A8176FA75C15AF510DAF5154A4D325136C5B	5F3933028E1C14007641C529D4D30E265CBAE4E642DFB6534B9988F1A1C3ADFF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\ga6Iaw1J5X9T9RW6j9bNfFcWbg[1].woff	Web Open Font Format, TrueType, length 27712, version 1.1	0976453A63382A978530EB81326C3FDB	BC9426351CA65609C3801F62D86D489798FCE252	D399584AA6FD33B0A36FA34D0EE39C22D5080D30C8ACEB2B5C4051C707A33873
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\ga6Kaw1J5X9T9RW6j9bNfFImajC9[1].woff	Web Open Font Format, TrueType, length 26232, version 1.1	A9B2BA1FE8CE0F484DF31E6D730174C8	F0D9464873D6B872A7ABEA83146073D6AEFD37E7	D70C8A917EF93366A8ABBDB8F8956855C25CDF44040EA6239188AB7AC18D25FC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\golf-pro-bios[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, CR, LF line terminators	01322DA6261B5C2A90FAF52821898CFD	9B4E81E6D9B9919C3AA96D96AEEFF24586583832	614F705BE7A41C3848E5D1903DB422AD1C174655451102B7C2AF7416CC841BED
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\junior-golf[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, CR, LF line terminators	F2E5E6B6CC39E67DBB55C3ED5C41F30A	BC41F5DE746C14B00338F15C1469E8714FBBBD49	4DE0FC94A85111CB0E0E1778472FD2D19087E32E98F71015F03DA71172C995A1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\junior_golf[1].jpg	[TIFF image data, big-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, copyright=(c) Iuriisokolov \| Dreamstime.com], baseline, precision 8, 800x533, frames 3	33E7FC74AAEFB4F8F1A6205B546B16B4	9CF7F1E4B59F611BE959D1FBC87C724BE2F3B553	32277454C7E1030BF82A019CCFDB49AC61245AA3B0DB6292C6B7DEDE4D9DB031
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\juniors[1].jpg	[TIFF image data, big-endian, direntries=6, xresolution=86, yresolution=94, resolutionunit=2, copyright=(c) Alexsokolov \| Dreamstime.com], baseline, precision 8, 800x533, frames 3	D160E2F93CAF1D5056598C9F39257E8A	3F9748C5BDAEC7BFA626A674B211136CEE38C950	67045855CA7D50CD0C24B95FA7617201478EE90293BAD83FD9088E44D5A73699
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\master[1].css	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators	3530B649417DA9D546FCC9AC12A26D6C	26340C3ADEA92D927479061520EEDD27B71C32D2	BB5025507F418466DD68E3AD5ACC37465CAEADD33EFA5E2007B4B17B15401EE2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\master[1].js	UTF-8 Unicode (with BOM) text, with CRLF line terminators	996DD100988B7B224D72CBDA6FCD9077	255A0EF34D039320F0CA0457B6E9FA458CE0E0C0	7E7AE39EB0179ACE0AE15EE4F618C195BC16A5D702149AEF3549CE0C3BA2A5CB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\recaptcha.min[1].js	ASCII text, with very long lines, with no line terminators	3B5EC6E98154E4EC7E71025DCBADAE01	21DDBBB12E63DA831C2C260532BD03EF4176FDA2	5046D067E2A7078DC5E279DF9577B611DAF40CB37B1877A727086C7D66955F5C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\styles__ltr[1].css	ASCII text, with very long lines, with no line terminators	2CC638EE58191086E0661BE1D50F58FE	F744D6C9BD84D98DCBCFE94A2A7EB986B58302F3	9FCB26C87712320932EA7FB2434BA2737AF71B6E96DD238DBCB312E454992837
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\theme[1].css	ASCII text	1C02BFA7CD88DF72F14F0BB0E282CAA7	7C9A503DFCD7C298CB4B413345F89D363E7C682D	832CB7432A395CE2787132007B9E57070C582F214CD6F8921874C8B5CA071AE4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\uikit2-2143e9f4[1].js	ASCII text, with very long lines	B57AFDD1303BA16D8D18B80CBD7F750A	68A207AA6A8657A8AE43213D72B317D0F99C36B6	76239E32B2020ACC0AFA076C1FAE77521E565B210B80BDE9F531C6FFBF6721F4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\webcam[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, CR, LF line terminators	688CFC6C72B8BF6D8C840F2211C64B16	83810AB6D441E77AD58751CD75C2F2282498597A	8BBEED62954B1045D41F3F4772E9626B35EB88D7B321DACAE092D564E8B4D3A4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\BhXhPg3d42Qn3k48YRS7u-t2FTc2Jg9-RS73ZPaiDMM[1].js	ASCII text, with very long lines, with no line terminators	CF699004DC20C10E4569F72C10814C70	AB072CC03FE1418B4E7D2489F8BCB129D5C6E8CE	0615E13E0DDDE36427DE4E3C6114BBBBEB76153736260F7E452EF764F6A20CC3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	DFEABDE84792228093A5A270352395B6	E41258C9576721025926326F76063C2305586F76	77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\TRY2H1XU.htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, CR, LF line terminators	0D91ECC87DBF0A44C5A8EE2CD431A16D	E5392E803210FA4A3E63216960FE0C1F59DB8DD9	49F7556E64E18E1E12C7FFC274F13A1A4C5306870DFCFCCF4ACE1DE90986098F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\animated-text[1].js	ASCII text, with very long lines	8FC75FEFFEA6880B80178E73BAD81B1C	6E4D43444560924A898B48E81D91008B247A6DE0	A85E3DF8721E8C89664B7EE01EDC3FA76B7BB179D535F44CBBC6191A4ECAB945
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\autocomplete[1].js	ASCII text, with very long lines, with no line terminators	957DE82B7F4A7B34A9685ED4E7544DB6	80FB0F4D128D9A83D6DFE84B80DC79FEA4B42515	B1D0F07DC31826330885C166EEFEF01B79CD635E73B84EFE279B0B12304461D5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\bootstrap.min[1].js	ASCII text, with very long lines	94935933A620FEF61D4B0C15C664F8B3	E879415D9CDDA4AE99767995F49560440025AD74	6EBE64DE8E1C2F92400A03A97250C8B2F7443025D53FA42DF90CB0589350C233
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\calendar[1].css	ASCII text, with CRLF line terminators	6275668E173B6EEB5CBAF890DF53D8B8	A3CAB022052042FDFBCC565B44BEDDA538C943A4	4AEA1DB7C94B2ABDF65D50863EDF69FFFB39CD3EB032117A854C27979B171624
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\calrt[1].gif	GIF image data, version 89a, 9 x 12	BA0B2098813B15AA3CC655E881C92D0A	F818910630FC046DBDD6DDE2960D3E26C5D4BEAF	5DB089A028DB21B5686B3B5049EB5DAEAA5AE9429FC51BCB76DB917E202196A9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\chris[1].jpg	JPEG image data, extended sequential, precision 8, 154x195, frames 3	4C21CDBE807E9F8CFEF8187E0401DF11	126D076755F47A22258980497CC93C4F7103741E	DAE4FE78FA521C5C26948FDCCC3E0C556F48479F78E4A4777B55F2721280C1B1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\custom[1].css	ASCII text, with very long lines	3A33C25B88F1AF578EF8F433D4759D01	33D8FE542E9CC14761A1AFE9B8B45DDB84D0B166	667AF9759F025F141568598D9926042B6F4FA0479B0A0187C33FBF4840D5CA45
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\datepicker[1].js	HTML document, ASCII text, with very long lines	0ED2D0ACBF043F7D927A205C47EAB9AA	9725FF2B0C8FBF80F46146FD09C98982A362A666	46DD03BC61EF62726C7A691A906B4A3F297854D13D83D7F9BC1E424F66849066
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\engagebox[1].css	ASCII text, with very long lines	9F8616AF8B00ECF769B4C3CCD4ACECC2	1BDDFDD2D314F0D14E008E811B9111A53EFCEC6F	57C8A4981D7388D2A4B02235DDA9E2F5DE236D1A7B16FE45C285CE1AB309CDDA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\footer_bg[1].jpg	[TIFF image data, little-endian, direntries=0], progressive, precision 8, 2000x1250, frames 3	F08646CBA275ED4A2E53BBB580A03805	A3BEC7976E24ADFC6CE6F05179D79667F4B8C387	B3023CD34D887CC539C81778090DE91EC66E33A6D1C5512F8833F356B9C64272
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\front[1].css	ASCII text, with CRLF line terminators	82FE31AC620F07021452BD2A31C6FFDD	83294BA574B25C27721C0561ECF06DF1E836D242	CCA98D5A96C2A75BDCF247C5AFE5CBC31C0263EE9AAF83F6A45C0778F1F6EC9A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\hr_bg[1].png	PNG image data, 90 x 45, 8-bit/color RGBA, interlaced	37EE66165B94EA95E477A99E056E2CF2	18F8B1AE2F513871D58D8C3F9A32C758C1A1E749	16C05983147A4F1DEC538DEF10D46569E9BBF403B58054625880F2FD522AE94C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\jquery.min[1].js	ASCII text, with very long lines	4F252523D4AF0B478C810C2547A63E19	5A9DCFBEF655A2668E78BAEBEAA8DC6F41D8DABB	668B046D12DB350CCBA6728890476B3EFEE53B2F42DBB84743E5E9F1AE0CC404
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\logo_48[1].png	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\modules_bg[1].jpg	[TIFF image data, little-endian, direntries=0], baseline, precision 8, 1500x750, frames 3	E32E0579774F77B1D5CFA8EB1A907EBC	08AA91D974F3FA678011DC0C763F29FC2C33AB3B	F6585A79EE4D3D10C5BC8E4FD5B7DD4930AAC7E44DF3E227890FBAA8DBE86DB7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\search[1].js	HTML document, ASCII text, with very long lines, with no line terminators	785B5D7976E9866F22E7C8BBF1DB8AA2	5276668D7DB765578BAEBB5C912FBF99CDFEF08B	8D0CD3AEB79FE0DB9F3C7DF8F91BEF0F23437093762AC40F36574C2FB08C065D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\social[1].js	HTML document, ASCII text, with very long lines	085BC8D65701B5CB6FF2247DCA3F8266	6BCE0031FA166F9B0C08C3F1CFA6A832C9EF46BE	547DEBFF3397B71FBA88FAE6B2D68F7A991ED520ABD7BDCDE0634B28B79B1E5E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\sticky[1].js	ASCII text, with very long lines, with no line terminators	00926AD8DBBA17AA53613040FDC3C081	E00B919B0531E5CEB5A31D93166ADFF54C6129F2	8D548BEEDDE662186126186D63D74312EEE127AC3E800F118AC9D6074F100C5F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\theme[1].js	ASCII text	839F3767BF6039A93EE50E4ECFAD3869	3EC90395F729BEA94C717958A882D92DD13DBCD4	FA8DA504AFE637AB9E48B25487153F412F9A31D970B527F36D0FF1567FE1845B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\timepicker[1].js	ASCII text, with very long lines, with no line terminators	FECCF97CF7BE343F82640062D309B5A3	13E577AC58A4CD8BD4FD44ADA271B413680785E9	FBA06BB71B821D66F9F95653C5292FC7EFDC8258E280ED4242BA20823B259AC7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\tooltip[1].js	ASCII text, with very long lines, with no line terminators	81FDF745DEEC14CC6EEEEF86707E8884	EED8999DDF3268A69FEF08E5C94A939A2E271C3A	CD1D6A82127E8ED435F6DCC825567E585893AFFBCBFF2DCAB67D46CC95E25FA2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\tournaments[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, CR, LF line terminators	734B76172B4D97FAB93ADAF9F2D55F1D	C8149AB59DDFF68B89963F8E129CA42A463D46AA	D802FBA459DB83D5FCA0340F1EB366E498CCAAD9DC59F4596E752FA9430AA272
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\uikit[1].js	ASCII text, with very long lines	7FC417A43E3709FE0DDF29146A84411C	D7F15D149B0506E18D35888643E89CF78049C9A7	18D96D031ADCF3915F286177CF3E9A39B970E481DB54BA78DEDF952490DEB56E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\wk-scripts-0859cc0a[1].js	ASCII text, with very long lines	1DA3A6BB6A95651F721C3A15DF69ADCE	01A14AA0278717337A57028D4215117E2A559211	4AEA902DFF6BDC234F67377F8855B503FBB87CB1EFA987996D0F360A74C02D25
C:\Users\user\AppData\Local\Temp\~DF71F77B353CF93854.TMP	data	E85CD83AEE1EFE81B3307D505CFFF8D1	3496B5CD3A7B479258A05AB636EF0F59F3D7C100	563FDF2371F837BDE3304C7F956B5651E49A3DFC8D691991076EB48FAB8BD940
C:\Users\user\AppData\Local\Temp\~DF9BE3C77B1405F18B.TMP	data	55A39DEBAEF9D98FE2691676A69655EB	F0ABD5EA4772DFD59E8D4C586A102A0963F081A2	5AD60F308032CAC638B6B862CD04E3E2CDF66BE6371E12E6B8495BA817CE75D0
C:\Users\user\AppData\Local\Temp\~DFB875911B3FEB4811.TMP	data	C5A861F654C1C8F4F38627161031C117	05B52786A9CF354F5DBA984E6B4D3CCA2D3C63D6	B1663AB2E4122970C69CCCD6B139326507FB8C308FA3BCD53D995D1BE78141FA
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store	data	CBA8CCE6EC973628D574110F93AA0C63	4360FCE94BD3E03C75EC440BACC2BCCE418515D1	72D7A3F54B99FE6EDA59730A5406676815641F7C1606AB56985C1AA4030774A3
C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei	MS Windows COFF PA-RISC object file	C3677AA0FC13E3849AD0E8EBBF10337E	9F99B89B2E1143F9DED112514ADA2185B10ADA70	379914BCFB8E83273F56A6C19F306D87E70B5769697EAB0ADD8BF48DA799B439
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\N1PO6TTZJGKA1CF2VWU7.temp	data	6CF31182AAA09F8179E1EB0D4E9B638C	E24462AE9DB99378202E0C53431CE19BD2C2A8C9	579B561B1B3B39CBE5567C591201A428DD8C37AE780D0D47CBBE5F050DE6BDA9

ID:	385660
Product:	CloudBasic
Start time:	19:40:41
Start date:	12.04.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Analysis Report https://www.golfcoronado.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Compliance:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs