Analysis Overview
Threat Level: Likely benign
The file https://fliqlo.com/download/FliqloScr.zip was found to be: Likely benign.
Malicious Activity Summary
Detected potential entity reuse from brand paypal.
Program crash
Modifies Control Panel
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-05 06:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-05 06:41
Reported
2024-03-05 06:46
Platform
win10v2004-20240226-en
Max time kernel
265s
Max time network
269s
Command Line
Signatures
Detected potential entity reuse from brand paypal.
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Music\Fliqlo.scr |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Music\Fliqlo.scr |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Music\Fliqlo.scr |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop\ScreenSaveActive = "1" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop\ScreenSaveTimeOut = "900" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Users\\Admin\\Music\\Fliqlo.scr" | C:\Windows\system32\rundll32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fliqlo.scr = "11001" | C:\Users\Admin\AppData\Local\Temp\Temp1_FliqloScr.zip\Fliqlo.scr | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fliqlo.scr = "11001" | C:\Users\Admin\Music\Fliqlo.scr | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fliqlo.scr = "11001" | C:\Users\Admin\Music\Fliqlo.scr | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Fliqlo.scr = "11001" | C:\Users\Admin\Music\Fliqlo.scr | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_FliqloScr.zip\Fliqlo.scr | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Music\Fliqlo.scr | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Music\Fliqlo.scr | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Music\Fliqlo.scr | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_FliqloScr.zip\Fliqlo.scr | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Temp1_FliqloScr.zip\Fliqlo.scr | N/A |
| N/A | N/A | C:\Users\Admin\Music\Fliqlo.scr | N/A |
| N/A | N/A | C:\Users\Admin\Music\Fliqlo.scr | N/A |
| N/A | N/A | C:\Users\Admin\Music\Fliqlo.scr | N/A |
| N/A | N/A | C:\Users\Admin\Music\Fliqlo.scr | N/A |
| N/A | N/A | C:\Users\Admin\Music\Fliqlo.scr | N/A |
| N/A | N/A | C:\Users\Admin\Music\Fliqlo.scr | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fliqlo.com/download/FliqloScr.zip
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb55f46f8,0x7ffcb55f4708,0x7ffcb55f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4732 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x15c 0x308
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_FliqloScr.zip\Fliqlo.scr
"C:\Users\Admin\AppData\Local\Temp\Temp1_FliqloScr.zip\Fliqlo.scr" /S
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7012 /prefetch:2
C:\Windows\system32\rundll32.exe
"rundll32.exe" desk.cpl,InstallScreenSaver C:\Users\Admin\Music\Fliqlo.scr
C:\Users\Admin\Music\Fliqlo.scr
C:\Users\Admin\Music\Fliqlo.scr /p 66356
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6936 -ip 6936
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 2796
C:\Users\Admin\Music\Fliqlo.scr
"C:\Users\Admin\Music\Fliqlo.scr" /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1528 -ip 1528
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 2700
C:\Users\Admin\Music\Fliqlo.scr
"C:\Users\Admin\Music\Fliqlo.scr" /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6564 -ip 6564
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 2640
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.me/yjadc/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffcb55f46f8,0x7ffcb55f4708,0x7ffcb55f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,18388491910233378295,3974416546493245800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fliqlo.com | udp |
| JP | 157.7.44.174:443 | fliqlo.com | tcp |
| JP | 157.7.44.174:443 | fliqlo.com | tcp |
| JP | 157.7.44.174:443 | fliqlo.com | tcp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.44.7.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | assets.pinterest.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 172.217.16.238:443 | translate.google.com | tcp |
| GB | 104.96.172.192:443 | assets.pinterest.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.172.96.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| GB | 142.250.200.10:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.8:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| GB | 142.250.200.10:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | 8.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 142.250.200.10:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | i.pinimg.com | udp |
| GB | 151.101.60.84:443 | i.pinimg.com | tcp |
| GB | 151.101.60.84:443 | i.pinimg.com | tcp |
| GB | 151.101.60.84:443 | i.pinimg.com | tcp |
| GB | 151.101.60.84:443 | i.pinimg.com | tcp |
| GB | 151.101.60.84:443 | i.pinimg.com | tcp |
| GB | 151.101.60.84:443 | i.pinimg.com | tcp |
| US | 8.8.8.8:53 | widgets.pinterest.com | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.60.101.151.in-addr.arpa | udp |
| US | 151.101.0.84:443 | widgets.pinterest.com | tcp |
| US | 151.101.0.84:443 | widgets.pinterest.com | tcp |
| US | 151.101.0.84:443 | widgets.pinterest.com | tcp |
| US | 151.101.0.84:443 | widgets.pinterest.com | tcp |
| US | 151.101.0.84:443 | widgets.pinterest.com | tcp |
| US | 151.101.0.84:443 | widgets.pinterest.com | tcp |
| US | 8.8.8.8:53 | v1.pinimg.com | udp |
| GB | 13.224.81.64:443 | v1.pinimg.com | tcp |
| GB | 13.224.81.64:443 | v1.pinimg.com | tcp |
| GB | 13.224.81.64:443 | v1.pinimg.com | tcp |
| US | 8.8.8.8:53 | 84.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | log.pinterest.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adclick.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.dreamstime.com | udp |
| US | 169.62.154.245:443 | www.dreamstime.com | tcp |
| US | 169.62.154.245:443 | www.dreamstime.com | tcp |
| GB | 216.58.201.98:443 | adclick.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | monitor.clickcease.com | udp |
| IE | 20.234.104.33:443 | monitor.clickcease.com | tcp |
| US | 8.8.8.8:53 | thumbs.dreamstime.com | udp |
| US | 8.8.8.8:53 | client.px-cloud.net | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.154.62.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.104.234.20.in-addr.arpa | udp |
| US | 151.101.1.91:443 | thumbs.dreamstime.com | tcp |
| GB | 142.250.200.10:443 | translate-pa.googleapis.com | udp |
| GB | 88.221.134.57:443 | client.px-cloud.net | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 151.101.1.91:443 | thumbs.dreamstime.com | tcp |
| US | 151.101.1.91:443 | thumbs.dreamstime.com | tcp |
| US | 151.101.1.91:443 | thumbs.dreamstime.com | tcp |
| US | 151.101.1.91:443 | thumbs.dreamstime.com | tcp |
| US | 151.101.1.91:443 | thumbs.dreamstime.com | tcp |
| FI | 108.177.14.120:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | front.dreamstime.com | udp |
| US | 8.8.8.8:53 | eprocode.com | udp |
| US | 151.101.1.91:443 | front.dreamstime.com | tcp |
| US | 151.101.1.91:443 | front.dreamstime.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 151.101.1.91:443 | front.dreamstime.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 173.194.76.157:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | collector-px2e972lwz.px-cloud.net | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 151.101.1.91:443 | front.dreamstime.com | tcp |
| US | 35.190.10.96:443 | collector-px2e972lwz.px-cloud.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.14.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.76.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.10.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 18.233.3.105:443 | eprocode.com | tcp |
| US | 35.190.10.96:443 | collector-px2e972lwz.px-cloud.net | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.3.233.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 35.190.10.96:443 | collector-px2e972lwz.px-cloud.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 211.135.221.88.in-addr.arpa | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 80.192.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 211.178.17.96.in-addr.arpa | udp |
| GB | 142.250.200.10:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | fliqlo.app | udp |
| JP | 157.7.44.174:443 | fliqlo.app | tcp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.179.17.96.in-addr.arpa | udp |
| JP | 157.7.44.174:443 | fliqlo.app | tcp |
| JP | 157.7.44.174:443 | fliqlo.app | tcp |
| JP | 157.7.44.174:443 | fliqlo.app | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| JP | 157.7.44.174:443 | fliqlo.app | tcp |
| JP | 157.7.44.174:443 | fliqlo.app | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| JP | 157.7.44.174:443 | fliqlo.app | tcp |
| JP | 157.7.44.174:443 | fliqlo.app | tcp |
| US | 8.8.8.8:53 | www.paypal.me | udp |
| US | 151.101.1.21:443 | www.paypal.me | tcp |
| US | 151.101.1.21:443 | www.paypal.me | tcp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 8.8.8.8:53 | pics.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | udp |
| US | 104.17.209.240:443 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | tcp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.209.17.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1eb86108cb8f5a956fdf48efbd5d06fe |
| SHA1 | 7b2b299f753798e4891df2d9cbf30f94b39ef924 |
| SHA256 | 1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40 |
| SHA512 | e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f35bb0615bb9816f562b83304e456294 |
| SHA1 | 1049e2bd3e1bbb4cea572467d7c4a96648659cb4 |
| SHA256 | 05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71 |
| SHA512 | db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1 |
\??\pipe\LOCAL\crashpad_5080_GLYEDLHNWTMBDYAJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dab5f618e57052591d297faa1848cf39 |
| SHA1 | 1303fab9786311148466b9452c990361e92c94ba |
| SHA256 | 6992b46246abcf106bd961d218ed6f01c0c520123dec7cbd259e5051c01192a1 |
| SHA512 | b27e8b514fc49bc789096fab83be5120d21d2fd156a56f14adb49ee6ff14bbe5306355fd1b913bc7a41de948d8d5d17ed65cf1119873864601c6aad9d95b3b4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a3157d0e6c43deed62c4199a560e7b65 |
| SHA1 | dd534ef7fb838e8cf27050cdd2871a83f3533e13 |
| SHA256 | 7c4fc633ede3fd4b9dfbb46e4d9271fa1baed656a296fc6b2e50abe89b66061c |
| SHA512 | e8894973ef81737474d1b806ca3e24ccafec27a5dc34ed5fb4fce4177959c33db40b2eb4f289ae191fdc941c9b7a6263ef7c6f273d025faaa8c1755365886c79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fdb13e0c79b4cb66cc225d9c0cc1ade6 |
| SHA1 | be6efde728f7d94d444fe10d4399d36885e255a6 |
| SHA256 | 25f788fb7f12608b729d5a26c275ca35fa26dd322e6ccb3224001fc939b3042e |
| SHA512 | 53db63bc11cccedea5551aac94dc251a1c52eb3134aa01a8056c1cb87935f89bf2751e4b9e3d48cb7a0d049ebac757b6811ed2bb3edefd18c7baf96e39717581 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e25e48e7da4bf609ac389e7dd267202 |
| SHA1 | 09cbcec341e6da357fa3aaf7476e7b216040f5ea |
| SHA256 | 4e8b6628f03761c699cf8006dff1f6eb9aa19a80249c0ae35e5f07d23dfdb151 |
| SHA512 | f853ece08654dc2a50dac6c1766b2cd8f832ab0b6fba85338d994575aac60c9d94b279c348b216667fad1c494672a6cf2eebfbd8958fb68d0265b735d803eafe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b13f.TMP
| MD5 | 72e01bcf702f78cce7285d47a0e8600c |
| SHA1 | 86c5fc371f22ffd682a44d82105d2e6b39d20a45 |
| SHA256 | 0675fcbf0703aafd97d84cbaedb0dbe3a96be89ad386cbffb8b548c00efcc08e |
| SHA512 | 5e3c2069c86e612345b96da91618f4e6e5f291a2a7551cf3698c8e3fc04e924f1247a6e2043d0d5f3b8fcfa98946b52bc3e05cb8e44ee9b87ed5348056da4fba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 69aec89ed965a1d7ceede690643e41c3 |
| SHA1 | 09cb0976b1ede39f068325adee798e65a9c66ba8 |
| SHA256 | b02ebcb58bf3c346ff6d48e0f4f7a64278e61abe178f1059f89286125146a500 |
| SHA512 | 91d9da182d7423e6bd29a83db2977950c77f59c804528c75eaf3adcbe78c9934fd2e4d672ce9d63e1c42e6977a3e0e75cdae8b013985122cdc6619b295924c9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 99d2f9e6dcd37ca1f963fa94d1e0ed51 |
| SHA1 | 7694deca4b4111c2e52c7752eb50e396e2abe445 |
| SHA256 | d938054d2c4a0944391f2fe83893b7edf3e649f13001e5a8f8a4630a1f4050d3 |
| SHA512 | 9e7a5d786694123fa62db62147d9fb9e347524dfec19c24f4fa2612033fe23428f5d207e26c2dddc982f4fc5bafc9926512ba2797fc3cdc183245237efb062ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | c8e69fc65287045e4f083a6bcd40b8e0 |
| SHA1 | fa3a37740705510fe08c3b286ea9a81e2e4bb04d |
| SHA256 | bffefe5f48974eeda69bb6a53127b10ee8244ba7f9dd4a925f2f2c1bde189db0 |
| SHA512 | 2735de34b5292413834fce2025fc05cd3cbdca4821243495cedc7127432f8bceb794fac4410f610f74aea4c3f8d14660841c96c926bb4ef80c79b112aecf571a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | ca6e0dcaf6fe11e3b4d4d299ecbab7a6 |
| SHA1 | a637b13aff3baacc733eb221226c36b71a3d3a7b |
| SHA256 | f4a93cf3834c5f3bbbab2ba619425fb1415050a847f5bc12cd6b0bab5e68074e |
| SHA512 | fa037f9ac77644d641bb6cd1b18722be3cd7d039738f8770d6a09cf7e5829b1602a772ab643ce8cd683a0d11e62c5ccabbd555fff25f77c39034793510543ed9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 7f7df43b9010f7a234262a82e742ff05 |
| SHA1 | b6205e45a5913a1609f3972ba10d401735e6e130 |
| SHA256 | 8230fb97dc27aa5276c8b7c4c66055bdcf7e9d8ce5b5907ea709cf1b4753723b |
| SHA512 | 1e1bcc61dc094355004df31c5aa902e10eb6d80bbc5df5b7a872fb49ad4ca79686d27d50144c9b83cee85c0a5e65e553e3549e9bb28530acc17fbb7ce25cf48f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 8d7c71f1368249023aaf79b806d496a6 |
| SHA1 | 5e7e2df599fde330640f118aa25de8d0a35fe6fa |
| SHA256 | e7fed9bac667d9e165a795eb5355e036c8069b655e17c988233102d887a1e600 |
| SHA512 | 739ac6c074634e12719eb8ba4223d1925570555d9666813ee3d8cf7f34546d9f762eb5661893e1edc2cf4aeb5e586984d1046a6b80deec208f90c07f754a95e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | f6811b0ef4a2ecc267487c8e984f9cad |
| SHA1 | c8466c829ad320ac86aa1ffde939b1aa8827b605 |
| SHA256 | 6ef6f12a3db2128d4e48f82d1dbd04cbe1dfcb36deb7806645f6395097bd1c72 |
| SHA512 | bbc74dfae13d9475174e9fa652166606afa19971d5ccef1ae4a96aaabf9a9e202b859fb5e730d71ab5629139962daa06fccc786be91120ec102b085a817b0b5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | e5f57a9ac5969d612fceb279b3e4bfc7 |
| SHA1 | 1a4f05c39ba5ad35a91fee07518695272ea539d0 |
| SHA256 | cb617ac114727814cd35d4bcab2dd30de0c7a4e473a6fa46a58da0b0fa563617 |
| SHA512 | fe6f88baf08fedfe7c6ac439b41d8ae5cedb557e3a2924c2b8650fe53442d2fdc3ffa3aa1ad6b94846228735c57e75dda194e3bcd9af71b70f533c5168965631 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 5ce4ab61d9f229e70617a1fe73cc6928 |
| SHA1 | 9f7605de7c7f8104bcceeba800e06abafd263edc |
| SHA256 | 5a0f2c97455971af89f0fd04f0cfe6c1b89b932b4f4af16b2c90f4e41ded9db5 |
| SHA512 | 0e63fb17d8acd656785abac8bc4a5b3bef9693eb12c169a2c9bc5c42dd072136c2d9de78f1b5666c916c7a0f635384d0bf3ac46817d01bddc119473a0e2bef6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | cb9730521646fef01a3a198ece746240 |
| SHA1 | 245b35fade029a8b7d6c732dfc79d38103fb0352 |
| SHA256 | c0efb52a8618a35eca8aeba777fabacce01992addaca8e89cf240f1f04c3cd71 |
| SHA512 | e144e66230ac5d72c986e979a19e0bda6b3d6ad6cce29b8ea26cb4908e650057e436513426f85dca1474379d96e2464893a5e79a505549d7ea6e0c73b65c02e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 5703338608f508d71b170450ce54265b |
| SHA1 | c73b3d993fb19746ccb13a52e0320ad5dbae76c9 |
| SHA256 | 56b27dbba3521dd3c02e32fa1504bf67df3154cded6340ab99a02fd32857c209 |
| SHA512 | 26d396fe2a186c0978da9e33653d29d2aeb76c1d2bbeb1792be20134fa52bf8f541ad17c3399ce1b1c4a6ffab3b8cdde39f59368da07ef3ed252969856aee159 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | 015c126a3520c9a8f6a27979d0266e96 |
| SHA1 | 2acf956561d44434a6d84204670cf849d3215d5f |
| SHA256 | 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa |
| SHA512 | 02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aae40b3b16a65f487adbffca113a9b56 |
| SHA1 | 434ea93cb581c84b566c380b6d7360890cb6174a |
| SHA256 | f1c4585413dcaaa4ea4f38734ac53a390705571b0b6a1723d47de3c3dabda14a |
| SHA512 | 86e2b694567027b304a8a4e98447bfa88381ff3fbd3ba0b310ad2ece2f922e8f58ec6d18aa488a69dad419478df2edf7d1d244332ca5b2465921dc2239a70154 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 7b9e47f9d658a88fe0431262c94f1235 |
| SHA1 | 22e6c50ff1ddbf1c8d154363b0839e2aac218c3e |
| SHA256 | e05d0a2bd5829a9f78eab8b0861273d3a54e4322c75fcf3dca3690ff57374941 |
| SHA512 | 825150087074de40a3661d085a1423682b0a6c935c45ff3d257c607b38c0374b3e37a98fa0694bf4ba2f083b084a4278cb94b47198727eea09f6b098a16c8e22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 4e3b6af6455d4d44be1c63a654bc5079 |
| SHA1 | ae1a035747a25df844cc71ac860a9f5ce7251a23 |
| SHA256 | 384976c29cbd3f199acb925161865e81fc50cc9cd8248546af5014ad9e59c4d6 |
| SHA512 | ce82325dc69ea00e02681ea1d1bd1364e1cf64b23f87faef6bf63169c8b26ef79042ab16e2390a8eb21093da4b0c59eb42b05ac782c2d503f4af493e86bbd076 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | c1a4aeeadc3d8e34c02d287e6193ec5e |
| SHA1 | a16158cd4c9cf7ad88bde30b105a3df969c2d94f |
| SHA256 | e4bb7ef65bc198f0a049471d2023a915fbd99d5a10e8b9a26f5c14720218ae19 |
| SHA512 | b3da9a9bdc3bed213686063025e2169c71db37a9a8c6d86d36ec3d985c8ba3d3c6424a2c2a09c5bd8b66eb93e35d68195a6015f3681ca186c3938301031b950c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 45427198dc5d1f3205831e5962f2e11d |
| SHA1 | 759fd388dc3657a8ec6e10f823d9aab07b5700ad |
| SHA256 | a0b86028b98db59c3a7a06868bc429001d9b951e3b715346f7f8c01eb496c9a7 |
| SHA512 | ef2729ac5469027d5cf506df5962bc222040e60d3dbcdde01f33e0c11ca6f31538ef962ee75ae93eaf7a89dfc664e6711d6ac6803fbd6775acf7d7893017f1f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 37c983ee0d6a9e277a1446b75112d547 |
| SHA1 | aa586afcc8f4cdffc4adbac5779f6f9bda7270ad |
| SHA256 | 7e250028402857a0fc0d4d193d41ff60dbcba3eef2ea77203015097708806510 |
| SHA512 | 36747618648d355770317ddfc48e74a6a9632c17a4b59af0d9e5b5d21e7b2fcbde4445e9d8664572f68c9057bb04a80e63ab0bb8b1699e0c397bcbac3348b274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 1fe3dd130f41c033b8337d084e733ce4 |
| SHA1 | 76dec75e2a34a0118ac13284714f4be462520fa1 |
| SHA256 | e0e79c791a035b3ab48eb7d47a249786b29d83a402209249dd6d6654da955949 |
| SHA512 | 362050fcf4cfc44f45e01b2db486e4e4cfc254c9f6f4574477438d696947d741063b482076fda6f6333f12a88e68963df33036520ee0bd9a7b507ec0a3e4c41f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 63d7974bed7d152459f2305930467ec3 |
| SHA1 | 922b8a21ad75a0fd1d65e16d46a5aef1576d9414 |
| SHA256 | 543038025f5c3097e5ec7e46e0079d8f2d95120589dafa103b34c8ee8965f252 |
| SHA512 | 72c751f71b465ad745920e208e88a5ea6d32cc70469c98a4c410499328b1fd226a6bd1ad59ac060f97ea51f3db35f467e2475b5e02a5b1521c587a373cf07651 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 6f894c9e5b69423bd9b9a04fa6af03f8 |
| SHA1 | d66a2fc31cb7cb63682ec01aaaec30883aa3b872 |
| SHA256 | 5d3760419add0114244c9b9e05c368d07c8d5a0854a852085187fa5734623f21 |
| SHA512 | c9d5f40fee7f0004a02992fdb100f0be7cf0e55af956f8e998c95de5de013f90b1e0f1cfe50c85ec76dfb628848c32cff3c2e76c9cc72c456df5f3660361db56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 35427379cc6048e15ae0dccf5d5f3585 |
| SHA1 | 47e165ec293e35de27d87308215661e308d18c70 |
| SHA256 | ffeadf394e2b489128702f5f1e3f6e9279c53a38afa86a2d61c604d061064173 |
| SHA512 | 0b6ceabb7bdecb70b603996d5d40c3bb9b350ca2894783284333e3ea21e42305936be8b01c370a02c417a70a356b6578e0e1d155937d33bc06af1f094835a722 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041
| MD5 | 3725764cf05d1a0938de73d398772331 |
| SHA1 | abdc742d760ca9c8f28c8d44ca9796d9ad6c0bc7 |
| SHA256 | f8c41f2f59fc9e9d088bc9002eef583c3cf256b4cd371619b18107b4abd92812 |
| SHA512 | 1252431c7dfd592a4130861287104d268e5178bc636fd3362b1d69de6f10154a09aa968086fe5e63c075bc15bc3c02431be46815acdcf5aaaf501461d9776841 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | eb3c894e0bb7a9c114fcd48cf050b4bf |
| SHA1 | 33f22370275ebe16fad66b98ad0fe98fb478d2ee |
| SHA256 | 1f45e843af629be46eb3e761bc0a70d32fbaa860ea14ca4536d5dea191a006d0 |
| SHA512 | e6eb5bb6cb9c935c6efd4cabe7a83711daf76eaf9153363fe2b7b043c5439d2ada0fa3d5487739806bb90d354e18d70de8f19115ca150056b1deaedeb13b0aa2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | dffebb7e4c9c5edec343eb6a6a2d474d |
| SHA1 | 1fbdf8aa441d48cd5473ac75e417df1efa78a2cb |
| SHA256 | fe82978204c6eb0ca2b096a5fbdd9ef33d61a690e79e5bc9447f3273307c3fdf |
| SHA512 | 6fe9956024d5af2df91b2f63e24f2537c8ae73e410078c607532a510b6838df9df6e85d3fcbb5de2589656849a901c46b4cb534babd934f03ec4dfb8bfdf1a1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582fa6.TMP
| MD5 | ddf28186d07ff5d91104b4b805530d08 |
| SHA1 | 7b1401ede8e9796df63f2176bbfea7aff64b7d06 |
| SHA256 | ba39255caafd1af25d0e58ac40801b7c2e9eed63084a4c7d96c74b5c959cbf46 |
| SHA512 | fb9fc18648b5e8ac691eab36614f21112c2ee8cbd1570780a1101836f4f808e2bc9065ea304c82def225608baaf591c99bac2de3896bf9d290183363c7793d97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc14878364afa8edf28277de2a4cd411 |
| SHA1 | 78e808943a6dde3180c0d935c9d18cee9631270e |
| SHA256 | 25b946a58c9603c4335b9b568f3dd91cbe842f50936e90fa57a6ee8bc9594be0 |
| SHA512 | c3235303fd2382ab629821903708d7e44eccf540dd585dab76eca5d6a5d2a5ca88784ed2f07699f1bc5633eedfe2904d2d279e678a1cb89883ae726175fde43b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 51d669a35836d414f35eab36e29f22ad |
| SHA1 | 4c0aa93bd0b4680bdb47589a0712b3b7a0b01d4d |
| SHA256 | f067064afc13768a0e1c4b79435133befdb4d0a3b65a0744fff492acf6f23c31 |
| SHA512 | d91ff2af3ae21159e82bd032351ce5ab42f3e1c32fa5eeafa679f769263be1a7a9a315d9a95f0476d00bc7fe74f8e78f4b332e03c44b7c5640e5ff63f705d9cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 617276a3ff85d660b31bad294d86ac6f |
| SHA1 | 6610cf3cfc51cb6a6cbae7ff9e4c614641a748a0 |
| SHA256 | bae69540bc5ec3a6187a8a8ee16050abf3bac4beec49b3a083079aef40079fd0 |
| SHA512 | 911ea07a42349f7e2a7918f865bc9b80010a1704fdb8d1b063353642da0d1150316898aa0f7fc6cb465e068d696e77818f69b534d7b94c21df60af4206e3dd88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7f1a5aad719c0358b75b7ca5d018efeb |
| SHA1 | 3a37194b8354021c423eeb34bd0abab8a61d4280 |
| SHA256 | 8033cd2552bfcf0c5e5c12a454e13219598aa72182396fea8fc55c490cafdf8a |
| SHA512 | 472d69177133dee0834603074d733343176e7bc35dbe7f05a14fedfea2c9ba40db7436e9d1a529412bd6868f8ec803cab110ddbc0770f4e74c7f51c2f79e10dd |
C:\Users\Admin\Downloads\FliqloScr.zip
| MD5 | e058ed7e3af2a4152711e38a1190cede |
| SHA1 | 6768f6f8688dedbadae68002ae4e79697f833691 |
| SHA256 | b51eb85041ed7dfbd9435d5eec0f72dbfa3b52ac9bcd6a517f51ab05f9aba64c |
| SHA512 | 762d1d05213840d8a00f2d20aa941b85190cffe9b4cfa06ba051033bf4fee5fffaa7b558fc6c755380494bfc56c2d9db2bb85f4b4fce80e6410c6261be28004b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 37155501ebbdd1187cb4f73bd29bea48 |
| SHA1 | 43c4425d6080b96c2cfcbb3f2ae80950c379e6ed |
| SHA256 | 42b886d3174f2344c15578411ef2e147f7219c7e27415f9583f250561404ce22 |
| SHA512 | a2e9ecc0ccb8d5561ee6a14e321dfabf3d5f26219226808fdc9322f949c57547331737df433c272620b22470269e7fb83f3b8f5709c2b975ffc54616c56a36ab |
memory/6044-815-0x0000000000F00000-0x0000000000F64000-memory.dmp
memory/6044-816-0x0000000075370000-0x0000000075B20000-memory.dmp
memory/6044-817-0x0000000005EE0000-0x0000000006484000-memory.dmp
memory/6044-818-0x00000000059D0000-0x0000000005A62000-memory.dmp
memory/6044-819-0x0000000005B90000-0x0000000005BA0000-memory.dmp
memory/6044-820-0x0000000005970000-0x000000000597A000-memory.dmp
memory/6044-821-0x0000000005B90000-0x0000000005BA0000-memory.dmp
memory/6044-831-0x0000000075370000-0x0000000075B20000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 705c0d9f33380968539f05d18222ab40 |
| SHA1 | 4457b34b993af74c69900aef80213c9b9f7ddb08 |
| SHA256 | f2148a5fae5b63bd7fc47ada0b1a4ea0409b28ff4da05e7ea227363f6a8c9c1b |
| SHA512 | 2450fe1edf0b7e6a2fea37bd5484cd65e949369da64b90e68ddcea9b92d41c901c9cfd3214f116a959e8a73cf419360ffd2e1fc6bc4c1e1beaddf41486f6b4ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b01d7c8eb4b19218803b9c1bd247170b |
| SHA1 | aceb661d57208273ec0d66dc52c5467fcc0f8abc |
| SHA256 | 0a382ca87b8348ee397a247462f8eeb8203930aad6b6eea271197545d1d703fa |
| SHA512 | 947c4e002ee30a11e90054130f53a2fe0ae8530ed7eeca9e955273419e5bde83632178b30c77f03261c117f3b5bc3a4c94d79eb997cbbf31d7e644174c23e1fe |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
| MD5 | 212ac5ca160baff302b9993ab5adfe96 |
| SHA1 | 11dd10d4a5a61730d51766a551396ce194c3b916 |
| SHA256 | 7b9636d7e377aa1e66dba4d2966fce39cd0bafa8daad2333e3ce277ccb4d3899 |
| SHA512 | 24119a0d1a5a16cc72c224e653dc08363bb74421be38278185bbf466123ad5fcad1709337e822b58213cdcbc73ea017f64716e5d3f9844f95fc7fee10c0db90b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
| MD5 | 2cef7239c31a9390233bc073e2210ecd |
| SHA1 | f78138d9668b8d9051485fc3db9634c2b4585098 |
| SHA256 | 398f3878ea15ab17d862ef258d1420bebdfb66668c47bfc9ab7d814ae0ce460e |
| SHA512 | 05e69d7173317fc8f04a8fdbfb0b079467d80cbfa837be51b820d97cb654233754c6da8f274c0f87a2955971953ce6a0682eec17eb274714ff1e9d398d61771e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
| MD5 | 744c47e8762745630f9a4c6cc1af0edf |
| SHA1 | 19411b83cca4271d1bb069fe2b5af09d072fd827 |
| SHA256 | f1ea2b4cfbbdccd461470b2b14529510d7691a399e37e29fcce9fdea6cea8b96 |
| SHA512 | eb9e3aaf40eb42a5eb1cf19089dbdc7c12dbbe3c29378aa6fb3e9a39a55cb5e4469350c7e74bf605ed3ceb03fa0ab518bfadaf3db095d1a7776123723941bc42 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
| MD5 | c121c9991613a2284aa5ba13ddee4b81 |
| SHA1 | 556514378daf5f0c97f53c54f6ff68f864cb692c |
| SHA256 | f83a6a4d98d48301e513284be95bb5c844d3238e357fb91d30fbb3127f5c5d5b |
| SHA512 | 0c61c92fbf7b42cbc7700400bd16aedb17382fbfd4057800fc09da4b19f6baa575c65172a4c8e22a057428f7b564dbfceb76736974fba523de0c85b0d9610891 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Fliqlo.scr.log
| MD5 | 7ebe314bf617dc3e48b995a6c352740c |
| SHA1 | 538f643b7b30f9231a3035c448607f767527a870 |
| SHA256 | 48178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8 |
| SHA512 | 0ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e |
memory/6936-1568-0x0000000075370000-0x0000000075B20000-memory.dmp
memory/6936-1569-0x00000000057E0000-0x00000000057F0000-memory.dmp
memory/6936-1570-0x00000000057E0000-0x00000000057F0000-memory.dmp
memory/6936-1571-0x00000000057E0000-0x00000000057F0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2ZG7H8ZF\MKCRRVYV.htm
| MD5 | e013799147ec6eec94624fa276381e56 |
| SHA1 | ad913cd2e82c93df22bd74077276e86a2c61f0e3 |
| SHA256 | e568292b02526ac41d5840b56d256eb9d6003ef13314363dd464413c3e0612e7 |
| SHA512 | c635c3005a0baedb2a8df96f8b1f8eb03ca0e310c405a8c2d3f07533c52cf274b2a3d586cdc1145e2d576682711ad7eff01393c2b26c68196de788b4ec19c478 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 9a9418b7a8368823721b0ce6f7891b35 |
| SHA1 | a186283185ae2f70af26d50433d1347d0402d351 |
| SHA256 | 6fdb936a26f1235bf131cd0698d78da1759d97b0279971262b5c001530a0be04 |
| SHA512 | 2268cd2c8a67a58b7c3ee4f15b1808c8851dd1e1c516e20163822f58e9cff5a798dbe4ac251bd958ed03eb95adb490043a91cdc4443db0b04fa38415883def54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7433C5829E663CF43B8B6A8691A595F7
| MD5 | 9ecf1fd98a781e318b91b80b439b873a |
| SHA1 | f49d9fc299b639be95f065afc17b247e3323251d |
| SHA256 | e6822be64c74ed04ee3203b74713deeb2e73b6203e510738660d84f75d6f5d85 |
| SHA512 | a8cc5af4f9866d1a0d3f6a2630728e3c2fc7ba1051b6c0974b50916a838bd2857539b6e3223dfa8f5c43136045b1164ca3ec9c039b42f9a944d969a6615e9c46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7433C5829E663CF43B8B6A8691A595F7
| MD5 | e3f605068ddf0d56226a4f8661716746 |
| SHA1 | bd94e4dca42d504a4e047e1efd82dd201854387c |
| SHA256 | 8fc29a93e1079eeab8499261b6b33c69ee5676a8947baf61d8f73066d8783c04 |
| SHA512 | 77cc40452dfe715a58e92cdedb6bb9acb75dcf3f14aee1c254acdb34c26efbfb4deef94dc8303851744e9a19d564dec58186e9efa4658be17a86395a7b2b72c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
memory/6936-1594-0x0000000075370000-0x0000000075B20000-memory.dmp
memory/1528-1595-0x0000000075370000-0x0000000075B20000-memory.dmp
memory/1528-1596-0x00000000050A0000-0x00000000050B0000-memory.dmp
memory/1528-1597-0x00000000050A0000-0x00000000050B0000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_279EB7E7074697CADB0A3844954F1B7D
| MD5 | e57c2df790d1116d662f34c58d987a57 |
| SHA1 | 25b4cb3bf115fe825ffca5806febd0afbaf5eda5 |
| SHA256 | 500e8a6cf55051b6d901e62a3c76e33d33deeb91543b5a7b3be8210d17d2fade |
| SHA512 | 55e7d340d86a22e7f55fc877de5e837f0437abc8e2951135b300a02012b28c9a5db66f6a08c6ccc7aaf9e7db46479e92f50c0668158953a547ec699ab9aaf1b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_279EB7E7074697CADB0A3844954F1B7D
| MD5 | 1aab0ff42eb1b0e28728986e30bcdcd1 |
| SHA1 | 810c20b1dd5bdbb6353ab1407346ad0e8032e34a |
| SHA256 | 0c0f348085a1130bd134fbdec77160f6ae59ec3170539a27c6ba3e932f977015 |
| SHA512 | 101370bd14f5d0a09d8cc1d23b620f6711af8133811c7a35f46943bdc0b02e2391ff6a9f6e8f36ad874ed1a5a8fd984bca7d6dd7542dab3d161df61c4e61d5bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 6a4232d43faded5d802cfe1bb8139763 |
| SHA1 | 07e5f6d1f006c2310d37439cef8ea4160886b3db |
| SHA256 | 6ce6f759b61e52d1d364b1125e2c2e3a52976fc4873780b34c4382baf4b2f9e3 |
| SHA512 | 6381a451116dfa583e7dff6524e0c46dcbda3f41d2223886dde49951e5d9cc4b4418e9813648550e124c5a7b15e4fcfd08de6bc2deaddeca7a74dad6f80de392 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 78d4456c0e41fa3fed2f664bdcc51251 |
| SHA1 | 761b3682c4e4b2354c9204c195a6e98e6c896263 |
| SHA256 | 7b39ee48fab93f9f48ddb11ffd0ffed62e4c7da07c93e88a56fb2c8c978e231e |
| SHA512 | 726d7bcf21fc0b8bdd8f95d99f017835bcfb45d2ff88b6e4980b822cc5c04542e1c8a124e7b4ede423c5bd8eb3cc4e07b698398cfe23dfe0ee9083a9142d5e62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 1e6a510eb491b552d0bc58beceba2042 |
| SHA1 | 16d389a1c671c2f17a41a0cfc7cbf1ac17bcc5f4 |
| SHA256 | 4ad17aa398c21c606d3fe81791ec9fee864e0e279d27027d5d0bfc39a9cfbdb9 |
| SHA512 | c7e78641d69a6a0b96ab28ef2b989d62423b2b041a028ce41ce72b3004c3619c0d5f4b99f4c6fe30ac87e05ace26b8756580382c060226563cb5e3550762c41e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GP57WU1M\fliqlo.min[1].css
| MD5 | 59c189ba6846101d0a732b05840275ff |
| SHA1 | 8e1d81915ede6d7c9eb55c641206ffccd7508811 |
| SHA256 | b890b2cf127642f9a531218e7a13e939c58c77625460bd51e847e44bdc1702b5 |
| SHA512 | 89f256e60b81536a21220418d5bf74a9f48dfa160a1cb9ba3514c9a9773d70160b0dfcda2630af91a791b6e2e7fbbb8ffee827752f3f7675450f1f879b49f270 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1YRVVION\fontfaceonload[1].js
| MD5 | 011df2c35319b034bf8841e6deeb59d1 |
| SHA1 | 3938ff14822830983369131e1159139274cc1ad5 |
| SHA256 | 590be13ff34cbff30abf5f84a7340a92ca087b69196247575117656b8c63beda |
| SHA512 | 0cc282347db2b03e251f526f3a3d637c3ae5ad5b0febe1870834f48cb4ff58d2a682c6fc2ee12e27e65de350dfaaa491eeee1d566f1e5a2df4540471ceafa5fe |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2ZG7H8ZF\js[1].js
| MD5 | e49b4b0544d7747c1e2b285c9910eabf |
| SHA1 | d8db7f4a896bf58e77cd053e5aa20aec11663d5a |
| SHA256 | 8646c0fdc0a2438b0a08af2d3598f653fb32466a81c8989b965568aaeac09a47 |
| SHA512 | 4cdf254b8878e4c998d8fed2626164e03491427e4ff3de8faf60159ff93d67ce8ac8ce02445c78e7576887423a192794468c04a0d3d24065da89184fd5e73e08 |
memory/1528-1609-0x0000000075370000-0x0000000075B20000-memory.dmp
memory/6564-1610-0x0000000075410000-0x0000000075BC0000-memory.dmp
memory/6564-1611-0x0000000004CE0000-0x0000000004CF0000-memory.dmp
memory/6564-1612-0x0000000004CE0000-0x0000000004CF0000-memory.dmp
memory/6564-1625-0x0000000075410000-0x0000000075BC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1d118b3a8c0845b90604c1755cabd366 |
| SHA1 | 34a94ad232df0a4c30cc03f020c721c36d4aefae |
| SHA256 | 7d7614b565d2df3af7744e7fec7d65b9394953bc49bcaf2e93e00def21913b66 |
| SHA512 | 0090b4455d69d71f7ac620d59d905189e3acd2c229e40f10b5d373bf0465ab50414aa31e0b0ddca0c2f3526f1643929d5bcb348b27a0022b8f680bcedc623aef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a09f4a6e864a2fa48f4ebf9225f9dd84 |
| SHA1 | 79aa4be0489754a7164b454a0f621c3d848d3140 |
| SHA256 | 932a93c2850e958709fbb7486d825ea20a375f0a3d7461d96cd8bb318528a209 |
| SHA512 | 568fa79312209c3b644e1aadee840a121428cc7285b5b59e67736886a639e8c241901587f20aedd087ddb78ab2b1374701e0f4cfce34644b6df20225f67e7d8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0546594d677966d206154a0734977e4e |
| SHA1 | e18c5dac2cc4714b969edbd075bcb3cf1eb862c6 |
| SHA256 | e43de1a2c15af8ce230352af85eca6092217c507b098dea43c1f7e3fb1650b85 |
| SHA512 | 2e11778bcfc442ed472b966d318dad6d39945fe34627ebe8b8cb1f22129fad113c8d5a2ec676b8e14dfe687b8946c8e15d7a491675054e55d7d0039d970958a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc75581eb25ad3883477045f35ff67dd |
| SHA1 | 3a82cbdd78d3fe812d76d5ce451319a867af87f4 |
| SHA256 | 4a61594fdad8f55abe915b55766c66ce8611c7b37dd759713eff878a12231e9b |
| SHA512 | caa832f1937a59d4918f314d4fdc5248c77126e29e20282b3963e7358f954c2ccedd431239b19f67c317ed0515a162ec51dd071a36fd54ebb7afee266a51b9b8 |