Malware Analysis Report

2024-11-13 18:52

Sample ID 240305-hf4ebagg9x
Target https://fliqlo.com/download/FliqloScr.zip
Tags
paypal phishing
score
5/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
5/10

Threat Level: Likely benign

The file https://fliqlo.com/download/FliqloScr.zip was found to be: Likely benign.

Malicious Activity Summary

paypal phishing

Detected potential entity reuse from brand paypal.

Program crash

Modifies Control Panel

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-05 06:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-05 06:41

Reported

2024-03-05 06:46

Platform

win10v2004-20240226-en

Max time kernel

265s

Max time network

269s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fliqlo.com/download/FliqloScr.zip

Signatures

Detected potential entity reuse from brand paypal.

phishing paypal

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop\ScreenSaveActive = "1" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop\ScreenSaveTimeOut = "900" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Users\\Admin\\Music\\Fliqlo.scr" C:\Windows\system32\rundll32.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fliqlo.scr = "11001" C:\Users\Admin\AppData\Local\Temp\Temp1_FliqloScr.zip\Fliqlo.scr N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fliqlo.scr = "11001" C:\Users\Admin\Music\Fliqlo.scr N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fliqlo.scr = "11001" C:\Users\Admin\Music\Fliqlo.scr N/A
Set value (int) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fliqlo.scr = "11001" C:\Users\Admin\Music\Fliqlo.scr N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Temp1_FliqloScr.zip\Fliqlo.scr N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Music\Fliqlo.scr N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Music\Fliqlo.scr N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Music\Fliqlo.scr N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5080 wrote to memory of 3548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3548 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 4760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5080 wrote to memory of 3544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fliqlo.com/download/FliqloScr.zip

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb55f46f8,0x7ffcb55f4708,0x7ffcb55f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4732 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x15c 0x308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_FliqloScr.zip\Fliqlo.scr

"C:\Users\Admin\AppData\Local\Temp\Temp1_FliqloScr.zip\Fliqlo.scr" /S

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7012 /prefetch:2

C:\Windows\system32\rundll32.exe

"rundll32.exe" desk.cpl,InstallScreenSaver C:\Users\Admin\Music\Fliqlo.scr

C:\Users\Admin\Music\Fliqlo.scr

C:\Users\Admin\Music\Fliqlo.scr /p 66356

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6936 -ip 6936

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 2796

C:\Users\Admin\Music\Fliqlo.scr

"C:\Users\Admin\Music\Fliqlo.scr" /S

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1528 -ip 1528

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 2700

C:\Users\Admin\Music\Fliqlo.scr

"C:\Users\Admin\Music\Fliqlo.scr" /S

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6564 -ip 6564

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.me/yjadc/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffcb55f46f8,0x7ffcb55f4708,0x7ffcb55f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 fliqlo.com udp
JP 157.7.44.174:443 fliqlo.com tcp
JP 157.7.44.174:443 fliqlo.com tcp
JP 157.7.44.174:443 fliqlo.com tcp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 174.44.7.157.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 code.jquery.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 151.101.2.137:443 code.jquery.com tcp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 assets.pinterest.com udp
US 8.8.8.8:53 translate.google.com udp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 172.217.16.238:443 translate.google.com tcp
GB 104.96.172.192:443 assets.pinterest.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 translate.googleapis.com udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 192.172.96.104.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 199.232.56.157:443 platform.twitter.com tcp
GB 142.250.200.10:443 translate.googleapis.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.8:443 syndication.twitter.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
GB 142.250.200.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 8.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com udp
GB 142.250.200.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 i.pinimg.com udp
GB 151.101.60.84:443 i.pinimg.com tcp
GB 151.101.60.84:443 i.pinimg.com tcp
GB 151.101.60.84:443 i.pinimg.com tcp
GB 151.101.60.84:443 i.pinimg.com tcp
GB 151.101.60.84:443 i.pinimg.com tcp
GB 151.101.60.84:443 i.pinimg.com tcp
US 8.8.8.8:53 widgets.pinterest.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.60.101.151.in-addr.arpa udp
US 151.101.0.84:443 widgets.pinterest.com tcp
US 151.101.0.84:443 widgets.pinterest.com tcp
US 151.101.0.84:443 widgets.pinterest.com tcp
US 151.101.0.84:443 widgets.pinterest.com tcp
US 151.101.0.84:443 widgets.pinterest.com tcp
US 151.101.0.84:443 widgets.pinterest.com tcp
US 8.8.8.8:53 v1.pinimg.com udp
GB 13.224.81.64:443 v1.pinimg.com tcp
GB 13.224.81.64:443 v1.pinimg.com tcp
GB 13.224.81.64:443 v1.pinimg.com tcp
US 8.8.8.8:53 84.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 64.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 log.pinterest.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 104.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 adclick.g.doubleclick.net udp
US 8.8.8.8:53 www.dreamstime.com udp
US 169.62.154.245:443 www.dreamstime.com tcp
US 169.62.154.245:443 www.dreamstime.com tcp
GB 216.58.201.98:443 adclick.g.doubleclick.net tcp
US 8.8.8.8:53 monitor.clickcease.com udp
IE 20.234.104.33:443 monitor.clickcease.com tcp
US 8.8.8.8:53 thumbs.dreamstime.com udp
US 8.8.8.8:53 client.px-cloud.net udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 245.154.62.169.in-addr.arpa udp
US 8.8.8.8:53 33.104.234.20.in-addr.arpa udp
US 151.101.1.91:443 thumbs.dreamstime.com tcp
GB 142.250.200.10:443 translate-pa.googleapis.com udp
GB 88.221.134.57:443 client.px-cloud.net tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 151.101.1.91:443 thumbs.dreamstime.com tcp
US 151.101.1.91:443 thumbs.dreamstime.com tcp
US 151.101.1.91:443 thumbs.dreamstime.com tcp
US 151.101.1.91:443 thumbs.dreamstime.com tcp
US 151.101.1.91:443 thumbs.dreamstime.com tcp
FI 108.177.14.120:443 csi.gstatic.com tcp
US 8.8.8.8:53 front.dreamstime.com udp
US 8.8.8.8:53 eprocode.com udp
US 151.101.1.91:443 front.dreamstime.com tcp
US 151.101.1.91:443 front.dreamstime.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 151.101.1.91:443 front.dreamstime.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 173.194.76.157:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 collector-px2e972lwz.px-cloud.net udp
GB 216.58.204.67:443 www.google.co.uk tcp
US 151.101.1.91:443 front.dreamstime.com tcp
US 35.190.10.96:443 collector-px2e972lwz.px-cloud.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 57.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 120.14.177.108.in-addr.arpa udp
US 8.8.8.8:53 157.76.194.173.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 96.10.190.35.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 18.233.3.105:443 eprocode.com tcp
US 35.190.10.96:443 collector-px2e972lwz.px-cloud.net udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 105.3.233.18.in-addr.arpa udp
US 8.8.8.8:53 176.178.17.96.in-addr.arpa udp
US 35.190.10.96:443 collector-px2e972lwz.px-cloud.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 211.135.221.88.in-addr.arpa udp
US 151.101.2.137:443 code.jquery.com tcp
US 8.8.8.8:53 80.192.122.92.in-addr.arpa udp
US 8.8.8.8:53 174.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 211.178.17.96.in-addr.arpa udp
GB 142.250.200.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 fliqlo.app udp
JP 157.7.44.174:443 fliqlo.app tcp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 201.179.17.96.in-addr.arpa udp
JP 157.7.44.174:443 fliqlo.app tcp
JP 157.7.44.174:443 fliqlo.app tcp
JP 157.7.44.174:443 fliqlo.app tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
JP 157.7.44.174:443 fliqlo.app tcp
JP 157.7.44.174:443 fliqlo.app tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
JP 157.7.44.174:443 fliqlo.app tcp
JP 157.7.44.174:443 fliqlo.app tcp
US 8.8.8.8:53 www.paypal.me udp
US 151.101.1.21:443 www.paypal.me tcp
US 151.101.1.21:443 www.paypal.me tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 pics.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com udp
US 104.17.209.240:443 zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 240.209.17.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1eb86108cb8f5a956fdf48efbd5d06fe
SHA1 7b2b299f753798e4891df2d9cbf30f94b39ef924
SHA256 1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512 e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f35bb0615bb9816f562b83304e456294
SHA1 1049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA256 05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512 db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

\??\pipe\LOCAL\crashpad_5080_GLYEDLHNWTMBDYAJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dab5f618e57052591d297faa1848cf39
SHA1 1303fab9786311148466b9452c990361e92c94ba
SHA256 6992b46246abcf106bd961d218ed6f01c0c520123dec7cbd259e5051c01192a1
SHA512 b27e8b514fc49bc789096fab83be5120d21d2fd156a56f14adb49ee6ff14bbe5306355fd1b913bc7a41de948d8d5d17ed65cf1119873864601c6aad9d95b3b4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a3157d0e6c43deed62c4199a560e7b65
SHA1 dd534ef7fb838e8cf27050cdd2871a83f3533e13
SHA256 7c4fc633ede3fd4b9dfbb46e4d9271fa1baed656a296fc6b2e50abe89b66061c
SHA512 e8894973ef81737474d1b806ca3e24ccafec27a5dc34ed5fb4fce4177959c33db40b2eb4f289ae191fdc941c9b7a6263ef7c6f273d025faaa8c1755365886c79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fdb13e0c79b4cb66cc225d9c0cc1ade6
SHA1 be6efde728f7d94d444fe10d4399d36885e255a6
SHA256 25f788fb7f12608b729d5a26c275ca35fa26dd322e6ccb3224001fc939b3042e
SHA512 53db63bc11cccedea5551aac94dc251a1c52eb3134aa01a8056c1cb87935f89bf2751e4b9e3d48cb7a0d049ebac757b6811ed2bb3edefd18c7baf96e39717581

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e25e48e7da4bf609ac389e7dd267202
SHA1 09cbcec341e6da357fa3aaf7476e7b216040f5ea
SHA256 4e8b6628f03761c699cf8006dff1f6eb9aa19a80249c0ae35e5f07d23dfdb151
SHA512 f853ece08654dc2a50dac6c1766b2cd8f832ab0b6fba85338d994575aac60c9d94b279c348b216667fad1c494672a6cf2eebfbd8958fb68d0265b735d803eafe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b13f.TMP

MD5 72e01bcf702f78cce7285d47a0e8600c
SHA1 86c5fc371f22ffd682a44d82105d2e6b39d20a45
SHA256 0675fcbf0703aafd97d84cbaedb0dbe3a96be89ad386cbffb8b548c00efcc08e
SHA512 5e3c2069c86e612345b96da91618f4e6e5f291a2a7551cf3698c8e3fc04e924f1247a6e2043d0d5f3b8fcfa98946b52bc3e05cb8e44ee9b87ed5348056da4fba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 69aec89ed965a1d7ceede690643e41c3
SHA1 09cb0976b1ede39f068325adee798e65a9c66ba8
SHA256 b02ebcb58bf3c346ff6d48e0f4f7a64278e61abe178f1059f89286125146a500
SHA512 91d9da182d7423e6bd29a83db2977950c77f59c804528c75eaf3adcbe78c9934fd2e4d672ce9d63e1c42e6977a3e0e75cdae8b013985122cdc6619b295924c9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 99d2f9e6dcd37ca1f963fa94d1e0ed51
SHA1 7694deca4b4111c2e52c7752eb50e396e2abe445
SHA256 d938054d2c4a0944391f2fe83893b7edf3e649f13001e5a8f8a4630a1f4050d3
SHA512 9e7a5d786694123fa62db62147d9fb9e347524dfec19c24f4fa2612033fe23428f5d207e26c2dddc982f4fc5bafc9926512ba2797fc3cdc183245237efb062ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 c8e69fc65287045e4f083a6bcd40b8e0
SHA1 fa3a37740705510fe08c3b286ea9a81e2e4bb04d
SHA256 bffefe5f48974eeda69bb6a53127b10ee8244ba7f9dd4a925f2f2c1bde189db0
SHA512 2735de34b5292413834fce2025fc05cd3cbdca4821243495cedc7127432f8bceb794fac4410f610f74aea4c3f8d14660841c96c926bb4ef80c79b112aecf571a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 ca6e0dcaf6fe11e3b4d4d299ecbab7a6
SHA1 a637b13aff3baacc733eb221226c36b71a3d3a7b
SHA256 f4a93cf3834c5f3bbbab2ba619425fb1415050a847f5bc12cd6b0bab5e68074e
SHA512 fa037f9ac77644d641bb6cd1b18722be3cd7d039738f8770d6a09cf7e5829b1602a772ab643ce8cd683a0d11e62c5ccabbd555fff25f77c39034793510543ed9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 7f7df43b9010f7a234262a82e742ff05
SHA1 b6205e45a5913a1609f3972ba10d401735e6e130
SHA256 8230fb97dc27aa5276c8b7c4c66055bdcf7e9d8ce5b5907ea709cf1b4753723b
SHA512 1e1bcc61dc094355004df31c5aa902e10eb6d80bbc5df5b7a872fb49ad4ca79686d27d50144c9b83cee85c0a5e65e553e3549e9bb28530acc17fbb7ce25cf48f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 8d7c71f1368249023aaf79b806d496a6
SHA1 5e7e2df599fde330640f118aa25de8d0a35fe6fa
SHA256 e7fed9bac667d9e165a795eb5355e036c8069b655e17c988233102d887a1e600
SHA512 739ac6c074634e12719eb8ba4223d1925570555d9666813ee3d8cf7f34546d9f762eb5661893e1edc2cf4aeb5e586984d1046a6b80deec208f90c07f754a95e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 f6811b0ef4a2ecc267487c8e984f9cad
SHA1 c8466c829ad320ac86aa1ffde939b1aa8827b605
SHA256 6ef6f12a3db2128d4e48f82d1dbd04cbe1dfcb36deb7806645f6395097bd1c72
SHA512 bbc74dfae13d9475174e9fa652166606afa19971d5ccef1ae4a96aaabf9a9e202b859fb5e730d71ab5629139962daa06fccc786be91120ec102b085a817b0b5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 e5f57a9ac5969d612fceb279b3e4bfc7
SHA1 1a4f05c39ba5ad35a91fee07518695272ea539d0
SHA256 cb617ac114727814cd35d4bcab2dd30de0c7a4e473a6fa46a58da0b0fa563617
SHA512 fe6f88baf08fedfe7c6ac439b41d8ae5cedb557e3a2924c2b8650fe53442d2fdc3ffa3aa1ad6b94846228735c57e75dda194e3bcd9af71b70f533c5168965631

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 5ce4ab61d9f229e70617a1fe73cc6928
SHA1 9f7605de7c7f8104bcceeba800e06abafd263edc
SHA256 5a0f2c97455971af89f0fd04f0cfe6c1b89b932b4f4af16b2c90f4e41ded9db5
SHA512 0e63fb17d8acd656785abac8bc4a5b3bef9693eb12c169a2c9bc5c42dd072136c2d9de78f1b5666c916c7a0f635384d0bf3ac46817d01bddc119473a0e2bef6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 cb9730521646fef01a3a198ece746240
SHA1 245b35fade029a8b7d6c732dfc79d38103fb0352
SHA256 c0efb52a8618a35eca8aeba777fabacce01992addaca8e89cf240f1f04c3cd71
SHA512 e144e66230ac5d72c986e979a19e0bda6b3d6ad6cce29b8ea26cb4908e650057e436513426f85dca1474379d96e2464893a5e79a505549d7ea6e0c73b65c02e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 5703338608f508d71b170450ce54265b
SHA1 c73b3d993fb19746ccb13a52e0320ad5dbae76c9
SHA256 56b27dbba3521dd3c02e32fa1504bf67df3154cded6340ab99a02fd32857c209
SHA512 26d396fe2a186c0978da9e33653d29d2aeb76c1d2bbeb1792be20134fa52bf8f541ad17c3399ce1b1c4a6ffab3b8cdde39f59368da07ef3ed252969856aee159

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 015c126a3520c9a8f6a27979d0266e96
SHA1 2acf956561d44434a6d84204670cf849d3215d5f
SHA256 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA512 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aae40b3b16a65f487adbffca113a9b56
SHA1 434ea93cb581c84b566c380b6d7360890cb6174a
SHA256 f1c4585413dcaaa4ea4f38734ac53a390705571b0b6a1723d47de3c3dabda14a
SHA512 86e2b694567027b304a8a4e98447bfa88381ff3fbd3ba0b310ad2ece2f922e8f58ec6d18aa488a69dad419478df2edf7d1d244332ca5b2465921dc2239a70154

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 7b9e47f9d658a88fe0431262c94f1235
SHA1 22e6c50ff1ddbf1c8d154363b0839e2aac218c3e
SHA256 e05d0a2bd5829a9f78eab8b0861273d3a54e4322c75fcf3dca3690ff57374941
SHA512 825150087074de40a3661d085a1423682b0a6c935c45ff3d257c607b38c0374b3e37a98fa0694bf4ba2f083b084a4278cb94b47198727eea09f6b098a16c8e22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 4e3b6af6455d4d44be1c63a654bc5079
SHA1 ae1a035747a25df844cc71ac860a9f5ce7251a23
SHA256 384976c29cbd3f199acb925161865e81fc50cc9cd8248546af5014ad9e59c4d6
SHA512 ce82325dc69ea00e02681ea1d1bd1364e1cf64b23f87faef6bf63169c8b26ef79042ab16e2390a8eb21093da4b0c59eb42b05ac782c2d503f4af493e86bbd076

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 c1a4aeeadc3d8e34c02d287e6193ec5e
SHA1 a16158cd4c9cf7ad88bde30b105a3df969c2d94f
SHA256 e4bb7ef65bc198f0a049471d2023a915fbd99d5a10e8b9a26f5c14720218ae19
SHA512 b3da9a9bdc3bed213686063025e2169c71db37a9a8c6d86d36ec3d985c8ba3d3c6424a2c2a09c5bd8b66eb93e35d68195a6015f3681ca186c3938301031b950c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 45427198dc5d1f3205831e5962f2e11d
SHA1 759fd388dc3657a8ec6e10f823d9aab07b5700ad
SHA256 a0b86028b98db59c3a7a06868bc429001d9b951e3b715346f7f8c01eb496c9a7
SHA512 ef2729ac5469027d5cf506df5962bc222040e60d3dbcdde01f33e0c11ca6f31538ef962ee75ae93eaf7a89dfc664e6711d6ac6803fbd6775acf7d7893017f1f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 37c983ee0d6a9e277a1446b75112d547
SHA1 aa586afcc8f4cdffc4adbac5779f6f9bda7270ad
SHA256 7e250028402857a0fc0d4d193d41ff60dbcba3eef2ea77203015097708806510
SHA512 36747618648d355770317ddfc48e74a6a9632c17a4b59af0d9e5b5d21e7b2fcbde4445e9d8664572f68c9057bb04a80e63ab0bb8b1699e0c397bcbac3348b274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 1fe3dd130f41c033b8337d084e733ce4
SHA1 76dec75e2a34a0118ac13284714f4be462520fa1
SHA256 e0e79c791a035b3ab48eb7d47a249786b29d83a402209249dd6d6654da955949
SHA512 362050fcf4cfc44f45e01b2db486e4e4cfc254c9f6f4574477438d696947d741063b482076fda6f6333f12a88e68963df33036520ee0bd9a7b507ec0a3e4c41f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 63d7974bed7d152459f2305930467ec3
SHA1 922b8a21ad75a0fd1d65e16d46a5aef1576d9414
SHA256 543038025f5c3097e5ec7e46e0079d8f2d95120589dafa103b34c8ee8965f252
SHA512 72c751f71b465ad745920e208e88a5ea6d32cc70469c98a4c410499328b1fd226a6bd1ad59ac060f97ea51f3db35f467e2475b5e02a5b1521c587a373cf07651

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 6f894c9e5b69423bd9b9a04fa6af03f8
SHA1 d66a2fc31cb7cb63682ec01aaaec30883aa3b872
SHA256 5d3760419add0114244c9b9e05c368d07c8d5a0854a852085187fa5734623f21
SHA512 c9d5f40fee7f0004a02992fdb100f0be7cf0e55af956f8e998c95de5de013f90b1e0f1cfe50c85ec76dfb628848c32cff3c2e76c9cc72c456df5f3660361db56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 35427379cc6048e15ae0dccf5d5f3585
SHA1 47e165ec293e35de27d87308215661e308d18c70
SHA256 ffeadf394e2b489128702f5f1e3f6e9279c53a38afa86a2d61c604d061064173
SHA512 0b6ceabb7bdecb70b603996d5d40c3bb9b350ca2894783284333e3ea21e42305936be8b01c370a02c417a70a356b6578e0e1d155937d33bc06af1f094835a722

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

MD5 3725764cf05d1a0938de73d398772331
SHA1 abdc742d760ca9c8f28c8d44ca9796d9ad6c0bc7
SHA256 f8c41f2f59fc9e9d088bc9002eef583c3cf256b4cd371619b18107b4abd92812
SHA512 1252431c7dfd592a4130861287104d268e5178bc636fd3362b1d69de6f10154a09aa968086fe5e63c075bc15bc3c02431be46815acdcf5aaaf501461d9776841

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 eb3c894e0bb7a9c114fcd48cf050b4bf
SHA1 33f22370275ebe16fad66b98ad0fe98fb478d2ee
SHA256 1f45e843af629be46eb3e761bc0a70d32fbaa860ea14ca4536d5dea191a006d0
SHA512 e6eb5bb6cb9c935c6efd4cabe7a83711daf76eaf9153363fe2b7b043c5439d2ada0fa3d5487739806bb90d354e18d70de8f19115ca150056b1deaedeb13b0aa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 dffebb7e4c9c5edec343eb6a6a2d474d
SHA1 1fbdf8aa441d48cd5473ac75e417df1efa78a2cb
SHA256 fe82978204c6eb0ca2b096a5fbdd9ef33d61a690e79e5bc9447f3273307c3fdf
SHA512 6fe9956024d5af2df91b2f63e24f2537c8ae73e410078c607532a510b6838df9df6e85d3fcbb5de2589656849a901c46b4cb534babd934f03ec4dfb8bfdf1a1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582fa6.TMP

MD5 ddf28186d07ff5d91104b4b805530d08
SHA1 7b1401ede8e9796df63f2176bbfea7aff64b7d06
SHA256 ba39255caafd1af25d0e58ac40801b7c2e9eed63084a4c7d96c74b5c959cbf46
SHA512 fb9fc18648b5e8ac691eab36614f21112c2ee8cbd1570780a1101836f4f808e2bc9065ea304c82def225608baaf591c99bac2de3896bf9d290183363c7793d97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dc14878364afa8edf28277de2a4cd411
SHA1 78e808943a6dde3180c0d935c9d18cee9631270e
SHA256 25b946a58c9603c4335b9b568f3dd91cbe842f50936e90fa57a6ee8bc9594be0
SHA512 c3235303fd2382ab629821903708d7e44eccf540dd585dab76eca5d6a5d2a5ca88784ed2f07699f1bc5633eedfe2904d2d279e678a1cb89883ae726175fde43b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 51d669a35836d414f35eab36e29f22ad
SHA1 4c0aa93bd0b4680bdb47589a0712b3b7a0b01d4d
SHA256 f067064afc13768a0e1c4b79435133befdb4d0a3b65a0744fff492acf6f23c31
SHA512 d91ff2af3ae21159e82bd032351ce5ab42f3e1c32fa5eeafa679f769263be1a7a9a315d9a95f0476d00bc7fe74f8e78f4b332e03c44b7c5640e5ff63f705d9cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 617276a3ff85d660b31bad294d86ac6f
SHA1 6610cf3cfc51cb6a6cbae7ff9e4c614641a748a0
SHA256 bae69540bc5ec3a6187a8a8ee16050abf3bac4beec49b3a083079aef40079fd0
SHA512 911ea07a42349f7e2a7918f865bc9b80010a1704fdb8d1b063353642da0d1150316898aa0f7fc6cb465e068d696e77818f69b534d7b94c21df60af4206e3dd88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7f1a5aad719c0358b75b7ca5d018efeb
SHA1 3a37194b8354021c423eeb34bd0abab8a61d4280
SHA256 8033cd2552bfcf0c5e5c12a454e13219598aa72182396fea8fc55c490cafdf8a
SHA512 472d69177133dee0834603074d733343176e7bc35dbe7f05a14fedfea2c9ba40db7436e9d1a529412bd6868f8ec803cab110ddbc0770f4e74c7f51c2f79e10dd

C:\Users\Admin\Downloads\FliqloScr.zip

MD5 e058ed7e3af2a4152711e38a1190cede
SHA1 6768f6f8688dedbadae68002ae4e79697f833691
SHA256 b51eb85041ed7dfbd9435d5eec0f72dbfa3b52ac9bcd6a517f51ab05f9aba64c
SHA512 762d1d05213840d8a00f2d20aa941b85190cffe9b4cfa06ba051033bf4fee5fffaa7b558fc6c755380494bfc56c2d9db2bb85f4b4fce80e6410c6261be28004b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 37155501ebbdd1187cb4f73bd29bea48
SHA1 43c4425d6080b96c2cfcbb3f2ae80950c379e6ed
SHA256 42b886d3174f2344c15578411ef2e147f7219c7e27415f9583f250561404ce22
SHA512 a2e9ecc0ccb8d5561ee6a14e321dfabf3d5f26219226808fdc9322f949c57547331737df433c272620b22470269e7fb83f3b8f5709c2b975ffc54616c56a36ab

memory/6044-815-0x0000000000F00000-0x0000000000F64000-memory.dmp

memory/6044-816-0x0000000075370000-0x0000000075B20000-memory.dmp

memory/6044-817-0x0000000005EE0000-0x0000000006484000-memory.dmp

memory/6044-818-0x00000000059D0000-0x0000000005A62000-memory.dmp

memory/6044-819-0x0000000005B90000-0x0000000005BA0000-memory.dmp

memory/6044-820-0x0000000005970000-0x000000000597A000-memory.dmp

memory/6044-821-0x0000000005B90000-0x0000000005BA0000-memory.dmp

memory/6044-831-0x0000000075370000-0x0000000075B20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 705c0d9f33380968539f05d18222ab40
SHA1 4457b34b993af74c69900aef80213c9b9f7ddb08
SHA256 f2148a5fae5b63bd7fc47ada0b1a4ea0409b28ff4da05e7ea227363f6a8c9c1b
SHA512 2450fe1edf0b7e6a2fea37bd5484cd65e949369da64b90e68ddcea9b92d41c901c9cfd3214f116a959e8a73cf419360ffd2e1fc6bc4c1e1beaddf41486f6b4ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b01d7c8eb4b19218803b9c1bd247170b
SHA1 aceb661d57208273ec0d66dc52c5467fcc0f8abc
SHA256 0a382ca87b8348ee397a247462f8eeb8203930aad6b6eea271197545d1d703fa
SHA512 947c4e002ee30a11e90054130f53a2fe0ae8530ed7eeca9e955273419e5bde83632178b30c77f03261c117f3b5bc3a4c94d79eb997cbbf31d7e644174c23e1fe

C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

MD5 212ac5ca160baff302b9993ab5adfe96
SHA1 11dd10d4a5a61730d51766a551396ce194c3b916
SHA256 7b9636d7e377aa1e66dba4d2966fce39cd0bafa8daad2333e3ce277ccb4d3899
SHA512 24119a0d1a5a16cc72c224e653dc08363bb74421be38278185bbf466123ad5fcad1709337e822b58213cdcbc73ea017f64716e5d3f9844f95fc7fee10c0db90b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

MD5 2cef7239c31a9390233bc073e2210ecd
SHA1 f78138d9668b8d9051485fc3db9634c2b4585098
SHA256 398f3878ea15ab17d862ef258d1420bebdfb66668c47bfc9ab7d814ae0ce460e
SHA512 05e69d7173317fc8f04a8fdbfb0b079467d80cbfa837be51b820d97cb654233754c6da8f274c0f87a2955971953ce6a0682eec17eb274714ff1e9d398d61771e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

MD5 744c47e8762745630f9a4c6cc1af0edf
SHA1 19411b83cca4271d1bb069fe2b5af09d072fd827
SHA256 f1ea2b4cfbbdccd461470b2b14529510d7691a399e37e29fcce9fdea6cea8b96
SHA512 eb9e3aaf40eb42a5eb1cf19089dbdc7c12dbbe3c29378aa6fb3e9a39a55cb5e4469350c7e74bf605ed3ceb03fa0ab518bfadaf3db095d1a7776123723941bc42

C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme

MD5 c121c9991613a2284aa5ba13ddee4b81
SHA1 556514378daf5f0c97f53c54f6ff68f864cb692c
SHA256 f83a6a4d98d48301e513284be95bb5c844d3238e357fb91d30fbb3127f5c5d5b
SHA512 0c61c92fbf7b42cbc7700400bd16aedb17382fbfd4057800fc09da4b19f6baa575c65172a4c8e22a057428f7b564dbfceb76736974fba523de0c85b0d9610891

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Fliqlo.scr.log

MD5 7ebe314bf617dc3e48b995a6c352740c
SHA1 538f643b7b30f9231a3035c448607f767527a870
SHA256 48178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8
SHA512 0ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e

memory/6936-1568-0x0000000075370000-0x0000000075B20000-memory.dmp

memory/6936-1569-0x00000000057E0000-0x00000000057F0000-memory.dmp

memory/6936-1570-0x00000000057E0000-0x00000000057F0000-memory.dmp

memory/6936-1571-0x00000000057E0000-0x00000000057F0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2ZG7H8ZF\MKCRRVYV.htm

MD5 e013799147ec6eec94624fa276381e56
SHA1 ad913cd2e82c93df22bd74077276e86a2c61f0e3
SHA256 e568292b02526ac41d5840b56d256eb9d6003ef13314363dd464413c3e0612e7
SHA512 c635c3005a0baedb2a8df96f8b1f8eb03ca0e310c405a8c2d3f07533c52cf274b2a3d586cdc1145e2d576682711ad7eff01393c2b26c68196de788b4ec19c478

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 9a9418b7a8368823721b0ce6f7891b35
SHA1 a186283185ae2f70af26d50433d1347d0402d351
SHA256 6fdb936a26f1235bf131cd0698d78da1759d97b0279971262b5c001530a0be04
SHA512 2268cd2c8a67a58b7c3ee4f15b1808c8851dd1e1c516e20163822f58e9cff5a798dbe4ac251bd958ed03eb95adb490043a91cdc4443db0b04fa38415883def54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7433C5829E663CF43B8B6A8691A595F7

MD5 9ecf1fd98a781e318b91b80b439b873a
SHA1 f49d9fc299b639be95f065afc17b247e3323251d
SHA256 e6822be64c74ed04ee3203b74713deeb2e73b6203e510738660d84f75d6f5d85
SHA512 a8cc5af4f9866d1a0d3f6a2630728e3c2fc7ba1051b6c0974b50916a838bd2857539b6e3223dfa8f5c43136045b1164ca3ec9c039b42f9a944d969a6615e9c46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7433C5829E663CF43B8B6A8691A595F7

MD5 e3f605068ddf0d56226a4f8661716746
SHA1 bd94e4dca42d504a4e047e1efd82dd201854387c
SHA256 8fc29a93e1079eeab8499261b6b33c69ee5676a8947baf61d8f73066d8783c04
SHA512 77cc40452dfe715a58e92cdedb6bb9acb75dcf3f14aee1c254acdb34c26efbfb4deef94dc8303851744e9a19d564dec58186e9efa4658be17a86395a7b2b72c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 822467b728b7a66b081c91795373789a
SHA1 d8f2f02e1eef62485a9feffd59ce837511749865
SHA256 af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512 bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

memory/6936-1594-0x0000000075370000-0x0000000075B20000-memory.dmp

memory/1528-1595-0x0000000075370000-0x0000000075B20000-memory.dmp

memory/1528-1596-0x00000000050A0000-0x00000000050B0000-memory.dmp

memory/1528-1597-0x00000000050A0000-0x00000000050B0000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_279EB7E7074697CADB0A3844954F1B7D

MD5 e57c2df790d1116d662f34c58d987a57
SHA1 25b4cb3bf115fe825ffca5806febd0afbaf5eda5
SHA256 500e8a6cf55051b6d901e62a3c76e33d33deeb91543b5a7b3be8210d17d2fade
SHA512 55e7d340d86a22e7f55fc877de5e837f0437abc8e2951135b300a02012b28c9a5db66f6a08c6ccc7aaf9e7db46479e92f50c0668158953a547ec699ab9aaf1b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_279EB7E7074697CADB0A3844954F1B7D

MD5 1aab0ff42eb1b0e28728986e30bcdcd1
SHA1 810c20b1dd5bdbb6353ab1407346ad0e8032e34a
SHA256 0c0f348085a1130bd134fbdec77160f6ae59ec3170539a27c6ba3e932f977015
SHA512 101370bd14f5d0a09d8cc1d23b620f6711af8133811c7a35f46943bdc0b02e2391ff6a9f6e8f36ad874ed1a5a8fd984bca7d6dd7542dab3d161df61c4e61d5bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 6a4232d43faded5d802cfe1bb8139763
SHA1 07e5f6d1f006c2310d37439cef8ea4160886b3db
SHA256 6ce6f759b61e52d1d364b1125e2c2e3a52976fc4873780b34c4382baf4b2f9e3
SHA512 6381a451116dfa583e7dff6524e0c46dcbda3f41d2223886dde49951e5d9cc4b4418e9813648550e124c5a7b15e4fcfd08de6bc2deaddeca7a74dad6f80de392

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 78d4456c0e41fa3fed2f664bdcc51251
SHA1 761b3682c4e4b2354c9204c195a6e98e6c896263
SHA256 7b39ee48fab93f9f48ddb11ffd0ffed62e4c7da07c93e88a56fb2c8c978e231e
SHA512 726d7bcf21fc0b8bdd8f95d99f017835bcfb45d2ff88b6e4980b822cc5c04542e1c8a124e7b4ede423c5bd8eb3cc4e07b698398cfe23dfe0ee9083a9142d5e62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 1e6a510eb491b552d0bc58beceba2042
SHA1 16d389a1c671c2f17a41a0cfc7cbf1ac17bcc5f4
SHA256 4ad17aa398c21c606d3fe81791ec9fee864e0e279d27027d5d0bfc39a9cfbdb9
SHA512 c7e78641d69a6a0b96ab28ef2b989d62423b2b041a028ce41ce72b3004c3619c0d5f4b99f4c6fe30ac87e05ace26b8756580382c060226563cb5e3550762c41e

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GP57WU1M\fliqlo.min[1].css

MD5 59c189ba6846101d0a732b05840275ff
SHA1 8e1d81915ede6d7c9eb55c641206ffccd7508811
SHA256 b890b2cf127642f9a531218e7a13e939c58c77625460bd51e847e44bdc1702b5
SHA512 89f256e60b81536a21220418d5bf74a9f48dfa160a1cb9ba3514c9a9773d70160b0dfcda2630af91a791b6e2e7fbbb8ffee827752f3f7675450f1f879b49f270

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1YRVVION\fontfaceonload[1].js

MD5 011df2c35319b034bf8841e6deeb59d1
SHA1 3938ff14822830983369131e1159139274cc1ad5
SHA256 590be13ff34cbff30abf5f84a7340a92ca087b69196247575117656b8c63beda
SHA512 0cc282347db2b03e251f526f3a3d637c3ae5ad5b0febe1870834f48cb4ff58d2a682c6fc2ee12e27e65de350dfaaa491eeee1d566f1e5a2df4540471ceafa5fe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2ZG7H8ZF\js[1].js

MD5 e49b4b0544d7747c1e2b285c9910eabf
SHA1 d8db7f4a896bf58e77cd053e5aa20aec11663d5a
SHA256 8646c0fdc0a2438b0a08af2d3598f653fb32466a81c8989b965568aaeac09a47
SHA512 4cdf254b8878e4c998d8fed2626164e03491427e4ff3de8faf60159ff93d67ce8ac8ce02445c78e7576887423a192794468c04a0d3d24065da89184fd5e73e08

memory/1528-1609-0x0000000075370000-0x0000000075B20000-memory.dmp

memory/6564-1610-0x0000000075410000-0x0000000075BC0000-memory.dmp

memory/6564-1611-0x0000000004CE0000-0x0000000004CF0000-memory.dmp

memory/6564-1612-0x0000000004CE0000-0x0000000004CF0000-memory.dmp

memory/6564-1625-0x0000000075410000-0x0000000075BC0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1d118b3a8c0845b90604c1755cabd366
SHA1 34a94ad232df0a4c30cc03f020c721c36d4aefae
SHA256 7d7614b565d2df3af7744e7fec7d65b9394953bc49bcaf2e93e00def21913b66
SHA512 0090b4455d69d71f7ac620d59d905189e3acd2c229e40f10b5d373bf0465ab50414aa31e0b0ddca0c2f3526f1643929d5bcb348b27a0022b8f680bcedc623aef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a09f4a6e864a2fa48f4ebf9225f9dd84
SHA1 79aa4be0489754a7164b454a0f621c3d848d3140
SHA256 932a93c2850e958709fbb7486d825ea20a375f0a3d7461d96cd8bb318528a209
SHA512 568fa79312209c3b644e1aadee840a121428cc7285b5b59e67736886a639e8c241901587f20aedd087ddb78ab2b1374701e0f4cfce34644b6df20225f67e7d8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0546594d677966d206154a0734977e4e
SHA1 e18c5dac2cc4714b969edbd075bcb3cf1eb862c6
SHA256 e43de1a2c15af8ce230352af85eca6092217c507b098dea43c1f7e3fb1650b85
SHA512 2e11778bcfc442ed472b966d318dad6d39945fe34627ebe8b8cb1f22129fad113c8d5a2ec676b8e14dfe687b8946c8e15d7a491675054e55d7d0039d970958a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc75581eb25ad3883477045f35ff67dd
SHA1 3a82cbdd78d3fe812d76d5ce451319a867af87f4
SHA256 4a61594fdad8f55abe915b55766c66ce8611c7b37dd759713eff878a12231e9b
SHA512 caa832f1937a59d4918f314d4fdc5248c77126e29e20282b3963e7358f954c2ccedd431239b19f67c317ed0515a162ec51dd071a36fd54ebb7afee266a51b9b8