General Info

File name

314-Fliqlo Setup.exe

Full analysis
https://app.any.run/tasks/1dafb367-1c6c-4bd5-89c6-720c6598505b
Verdict
Malicious activity
Analysis date
4/14/2019, 20:03:06
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

installer

Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

8630d93fa5297eb76e0f9099abc220da

SHA1

4c05d4745137c7b8e2ca304f3e2d5a80ca4dc581

SHA256

0d38c697e869451a96ade9d5c7be28464c93562e906055d6b7960e7f12a87180

SSDEEP

98304:7nTikwhtVoWjJI4Yaaq3EgXG1UbPtP+GUjFrOevzjoV:UTI4Qq3EeOaPC0qjoV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • Fliqlo.scr (PID: 3800)
  • Fliqlo.scr (PID: 2588)
  • explorer.exe (PID: 252)
  • 314-Fliqlo Setup.exe (PID: 2872)
Application was dropped or rewritten from another process
  • Fliqlo.scr (PID: 3672)
  • Fliqlo.scr (PID: 3168)
  • Fliqlo.scr (PID: 2700)
  • Fliqlo.scr (PID: 3800)
  • Fliqlo.scr (PID: 2588)
  • Fliqlo.scr (PID: 4064)
  • Fliqlo.scr (PID: 2832)
  • 314-Fliqlo Setup.exe (PID: 2872)
  • 314-Fliqlo Setup.exe (PID: 2556)
Uses RUNDLL32.EXE to load library
  • explorer.exe (PID: 252)
  • 314-Fliqlo Setup.exe (PID: 3160)
Creates files in the user directory
  • explorer.exe (PID: 252)
  • Fliqlo.scr (PID: 3168)
  • Fliqlo.scr (PID: 2832)
Starts application with an unusual extension
  • rundll32.exe (PID: 2596)
  • rundll32.exe (PID: 2468)
Creates files in the program directory
  • Fliqlo.scr (PID: 3168)
  • Fliqlo.scr (PID: 2832)
  • 314-Fliqlo Setup.exe (PID: 2872)
Creates a software uninstall entry
  • 314-Fliqlo Setup.exe (PID: 2872)
Executable content was dropped or overwritten
  • 314-Fliqlo Setup.exe (PID: 2872)
  • 314-Fliqlo Setup.exe (PID: 3160)
Creates files in the Windows directory
  • 314-Fliqlo Setup.exe (PID: 2872)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   InstallShield setup (49.2%)
.exe
|   Win32 Executable Delphi generic (16.2%)
.scr
|   Windows screen saver (14.9%)
.dll
|   Win32 Dynamic Link Library (generic) (7.5%)
.exe
|   Win32 Executable (generic) (5.1%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
1992:06:20 00:22:17+02:00
PEType:
PE32
LinkerVersion:
2.25
CodeSize:
426496
InitializedDataSize:
100352
UninitializedDataSize:
null
EntryPoint:
0x6905c
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
4.0.3.0
ProductVersionNumber:
4.0.3.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Windows, Latin1
CompanyName:
null
FileDescription:
null
FileVersion:
4.0.3.0
InternalName:
null
LegalCopyright:
null
LegalTrademarks:
null
OriginalFileName:
null
ProductName:
null
ProductVersion:
1.0.0.0
Comments:
null
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
19-Jun-1992 22:22:17
Detected languages
English - United States
CompanyName:
null
FileDescription:
null
FileVersion:
4.0.3.0
InternalName:
null
LegalCopyright:
null
LegalTrademarks:
null
OriginalFilename:
null
ProductName:
null
ProductVersion:
1.0.0.0
Comments:
null
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0050
Pages in file:
0x0002
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x000F
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x001A
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000100
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
8
Time date stamp:
19-Jun-1992 22:22:17
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
CODE 0x00001000 0x000681D0 0x00068200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.5533
DATA 0x0006A000 0x000014E4 0x00001600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.22226
BSS 0x0006C000 0x00000EED 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.idata 0x0006D000 0x00002732 0x00002800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.99973
.tls 0x00070000 0x00000010 0x00000000 IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rdata 0x00071000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 0.158427
.reloc 0x00072000 0x00007440 0x00007600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 6.65463
.rsrc 0x0007A000 0x0000D158 0x0000D200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_SHARED 5.12404
Resources
1

2

3

4

5

6

7

4080

4081

4082

4083

4084

4085

4086

4087

4088

4089

4090

4091

4092

4093

4094

4095

4096

32761

32762

32763

32764

32765

32766

32767

BBABORT

BBALL

BBCANCEL

BBCLOSE

BBHELP

BBIGNORE

BBNO

BBOK

BBRETRY

BBYES

CDROM

CLOSEDFOLDER

CURRENTFOLDER

EXECUTABLE

FLOPPY

HARD

KNOWNFILE

NETWORK

OPENFOLDER

PREVIEWGLYPH

RAM

UNKNOWNFILE

DLGTEMPLATE

DVCLAL

KRH_EXESETTINGS_

KRH_LIBSETTINGS_

PACKAGEINFO

TSENDERMAINFORM

MAINICON

Imports
    kernel32.dll

    user32.dll

    advapi32.dll

    oleaut32.dll

    gdi32.dll

    ole32.dll

    comctl32.dll

    shell32.dll

    SHFolder.dll

Exports

    No exports.

Screenshots

Processes

Total processes
47
Monitored processes
13
Malicious processes
5
Suspicious processes
4

Behavior graph

+
drop and start drop and start start 314-fliqlo setup.exe 314-fliqlo setup.exe no specs 314-fliqlo setup.exe rundll32.exe no specs fliqlo.scr fliqlo.scr no specs fliqlo.scr no specs fliqlo.scr no specs explorer.exe no specs fliqlo.scr no specs rundll32.exe no specs fliqlo.scr no specs fliqlo.scr no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
252
CMD
C:\Windows\Explorer.EXE
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sndvolsso.dll
c:\windows\system32\hid.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\atl.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shacct.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\authui.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gameux.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\wer.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\version.dll
c:\windows\system32\msi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\psapi.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\es.dll
c:\windows\system32\prnfldr.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dxp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\syncreg.dll
c:\windows\ehome\ehsso.dll
c:\windows\system32\netshell.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\alttab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\pnidui.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wwanapi.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\qagent.dll
c:\windows\system32\srchadmin.dll
c:\windows\system32\sxs.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\synccenter.dll
c:\windows\system32\actioncenter.dll
c:\windows\system32\imapi2.dll
c:\windows\system32\hgcpl.dll
c:\windows\system32\provsvc.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\fxsst.dll
c:\windows\system32\fxsapi.dll
c:\windows\system32\fxsresm.dll
c:\windows\system32\wscinterop.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\wscui.cpl
c:\windows\system32\werconcpl.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wercplsupport.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\hcproviders.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\searchfolder.dll
c:\windows\system32\structuredquery.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\nlsdata0009.dll
c:\windows\system32\nlslexicons0009.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\tquery.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\users\admin\appdata\local\temp\314-fliqlo setup.exe
c:\programdata\screentime\fliqlo\saver1.dll
c:\program files\windows sidebar\sbdrop.dll
c:\windows\system32\display.dll
c:\program files\common files\system\wab32res.dll
c:\program files\windows sidebar\sidebar.exe
c:\windows\system32\themecpl.dll
c:\program files\windows journal\journal.exe
c:\windows\system32\notepad.exe
c:\windows\system32\msxml3.dll
c:\windows\system32\imageres.dll
c:\windows\system32\themeui.dll
c:\windows\system32\mctres.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\rundll32.exe

PID
3160
CMD
"C:\Users\admin\AppData\Local\Temp\314-Fliqlo Setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\314-Fliqlo Setup.exe
Indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
4.0.3.0
Modules
Image
c:\users\admin\appdata\local\temp\314-fliqlo setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\screentime\stf1\314-fliqlo setup.exe
c:\windows\system32\mpr.dll
c:\windows\system32\rundll32.exe

PID
2556
CMD
"C:\Users\admin\AppData\Local\Screentime\STF1\314-Fliqlo Setup.exe" /l=196912
Path
C:\Users\admin\AppData\Local\Screentime\STF1\314-Fliqlo Setup.exe
Indicators
No indicators
Parent process
314-Fliqlo Setup.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Screen Saver Installer
Version
4.0.3.0
Modules
Image
c:\users\admin\appdata\local\screentime\stf1\314-fliqlo setup.exe
c:\systemroot\system32\ntdll.dll

PID
2872
CMD
"C:\Users\admin\AppData\Local\Screentime\STF1\314-Fliqlo Setup.exe" /l=196912
Path
C:\Users\admin\AppData\Local\Screentime\STF1\314-Fliqlo Setup.exe
Indicators
Parent process
314-Fliqlo Setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Screen Saver Installer
Version
4.0.3.0
Modules
Image
c:\users\admin\appdata\local\screentime\stf1\314-fliqlo setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\wininet.dll
c:\windows\system32\winmm.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\users\admin\appdata\local\screentime\stf2\impborl.dll
c:\windows\system32\riched32.dll
c:\windows\system32\riched20.dll

PID
2468
CMD
rundll32.exe shell32.dll,Control_RunDLL desk.cpl,,1
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
314-Fliqlo Setup.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\desk.cpl
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\themeui.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winsta.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mmres.dll
c:\windows\system32\authui.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\fliqlo.scr

PID
2832
CMD
C:\Windows\system32\Fliqlo.scr /p 131448
Path
C:\Windows\system32\Fliqlo.scr
Indicators
Parent process
rundll32.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
ScreenTime Media
Description
ScreenTime Screensaver Engine
Version
4.0.2
Modules
Image
c:\windows\system32\fliqlo.scr
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\secur32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wintrust.dll

PID
3168
CMD
C:\Windows\system32\Fliqlo.scr /c:131390
Path
C:\Windows\system32\Fliqlo.scr
Indicators
No indicators
Parent process
rundll32.exe
User
admin
Integrity Level
MEDIUM
Exit code
2
Version:
Company
ScreenTime Media
Description
ScreenTime Screensaver Engine
Version
4.0.2
Modules
Image
c:\windows\system32\fliqlo.scr
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\mlang.dll
c:\windows\system32\inetmib1.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\wintrust.dll

PID
2700
CMD
C:\Windows\system32\Fliqlo.scr /p 131448
Path
C:\Windows\system32\Fliqlo.scr
Indicators
No indicators
Parent process
rundll32.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
ScreenTime Media
Description
ScreenTime Screensaver Engine
Version
4.0.2
Modules
Image
c:\windows\system32\fliqlo.scr
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wintrust.dll

PID
2588
CMD
C:\Windows\system32\Fliqlo.scr /s
Path
C:\Windows\system32\Fliqlo.scr
Indicators
No indicators
Parent process
rundll32.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
ScreenTime Media
Description
ScreenTime Screensaver Engine
Version
4.0.2
Modules
Image
c:\windows\system32\fliqlo.scr
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rpcrtremote.dll
c:\programdata\screentime\fliqlo\saver1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\inetmib1.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\wintrust.dll

PID
4064
CMD
C:\Windows\system32\Fliqlo.scr /p 131448
Path
C:\Windows\system32\Fliqlo.scr
Indicators
No indicators
Parent process
rundll32.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
ScreenTime Media
Description
ScreenTime Screensaver Engine
Version
4.0.2
Modules
Image
c:\windows\system32\fliqlo.scr
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wintrust.dll

PID
2596
CMD
"C:\Windows\System32\rundll32.exe" shell32.dll,Control_RunDLL desk.cpl,ScreenSaver,@ScreenSaver
Path
C:\Windows\System32\rundll32.exe
Indicators
No indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\desk.cpl
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\themeui.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winsta.dll
c:\windows\system32\propsys.dll
c:\windows\system32\authui.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

PID
3672
CMD
C:\Windows\system32\Fliqlo.scr /p 65980
Path
C:\Windows\system32\Fliqlo.scr
Indicators
No indicators
Parent process
rundll32.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
ScreenTime Media
Description
ScreenTime Screensaver Engine
Version
4.0.2
Modules
Image
c:\windows\system32\fliqlo.scr
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wintrust.dll

PID
3800
CMD
C:\Windows\system32\Fliqlo.scr /s
Path
C:\Windows\system32\Fliqlo.scr
Indicators
No indicators
Parent process
rundll32.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
ScreenTime Media
Description
ScreenTime Screensaver Engine
Version
4.0.2
Modules
Image
c:\windows\system32\fliqlo.scr
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oledlg.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rpcrtremote.dll
c:\programdata\screentime\fliqlo\saver1.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\inetmib1.dll
c:\windows\system32\snmpapi.dll

Registry activity

Total events
1694
Read events
1392
Write events
302
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nqzva\NccQngn\Ybpny\Fperragvzr\FGS1\314-Syvdyb Frghc.rkr
0000000000000000000000002E080000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000004000000020000005B7B00000200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F02
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\display.dll,-4
S&creen resolution
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Program Files\Common Files\System\wab32res.dll,-4602
Contact file
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Program Files\Windows Sidebar\sidebar.exe,-11100
&Gadgets
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\themecpl.dll,-10
Pe&rsonalize
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@"C:\Program Files\Windows Journal\Journal.exe",-3072
Journal Document
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\notepad.exe,-469
Text Document
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
Classes
.accdb
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew
~reserved~
0800000000000600
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
1
41007000700065006100720061006E0063006500200061006E006400200050006500720073006F006E0061006C0069007A006100740069006F006E000000A400320000000000000000000000417070656172616E636520616E6420506572736F6E616C697A6174696F6E2E6C6E6B0000720008000400EFBE00000000000000002A0000000000000000000000000000000000000000000000000041007000700065006100720061006E0063006500200061006E006400200050006500720073006F006E0061006C0069007A006100740069006F006E002E006C006E006B00000032000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
1
41007000700065006100720061006E0063006500200061006E006400200050006500720073006F006E0061006C0069007A006100740069006F006E000000A400320000000000000000000000417070656172616E636520616E6420506572736F6E616C697A6174696F6E2E6C6E6B0000720008000400EFBE00000000000000002A0000000000000000000000000000000000000000000000000041007000700065006100720061006E0063006500200061006E006400200050006500720073006F006E0061006C0069007A006100740069006F006E002E006C006E006B00000032000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder
MRUListEx
0100000000000000FFFFFFFF
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
MRUListEx
0100000000000000FFFFFFFF
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
NodeSlots
02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
MRUListEx
0000000001000000070000000200000006000000030000000500000004000000FFFFFFFF
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2
MRUListEx
03000000020000000100000009000000080000000700000006000000050000000400000000000000FFFFFFFF
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@themecpl.dll,-1
Personalization
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar
Locked
1
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\mctres.dll,-200000
United States
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\themeui.dll,-2014
Windows 7 Basic
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\themeui.dll,-2016
Windows Classic
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\themeui.dll,-2107
High Contrast #1
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\themeui.dll,-2108
High Contrast #2
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\themeui.dll,-2103
High Contrast Black
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\themeui.dll,-2104
High Contrast White
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\themeui.dll,-2013
Windows 7
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\themeui.dll,-2105
Architecture
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\themeui.dll,-2109
Characters
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\themeui.dll,-2106
Landscapes
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\MCTRes.dll,-200225
United States
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\themeui.dll,-2101
Nature
252
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\System32\themeui.dll,-2110
Scenes
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\ehaqyy32.rkr
00000000010000000000000000000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF10D71A7AECF2D40100000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000005000000020000005B7B00000200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F02
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.Jvaqbjf.PbagebyCnary
000000000000000000000000A72D0000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
252
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
0000000005000000020000000E9A00000200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F020200000002000000724300004D006900630072006F0073006F00660074002E004100750074006F00470065006E006500720061007400650064002E007B00310035003900360032003100370035002D0037004400460043002D0042003100440037002D0042003000440031002D004500420034004300300038004600460044003700350034007D000000120200000000CC0B120200000000CC0B12020400050005001F02280C12020800050005001F026CE71F020100000154001F0200000100B8139D75444812020C0003000300000000000500280C12020000000005000000CC0B120201000000C8E91F02C0E91F0200000000C8FDDE02C0FCDE0244E71F023DA9457600000000FBFFFF7F68E71F02987880574F8C6244BB6371042380B1090000000001100211FFFFFFFF00000000000000000000000035EE190651EE190635EE1906000000000000000000000000080000002E006C006E006B0000005300630068006500640075006C00650072002E006C006E006B00000014000000140050000000070000000200060026030200A5863C750800000064021400E72F1B77B5863C753F030000CC04140000001400A86D150011000000B8451700B045170005000000F8F3DD0270E80000F28635BB20E81F028291457670E81F0224E81F022795457600000000ECD2DD024CE81F02CD944576ECD2DD02F8E81F0260CEDD02E19445760000000060CEDD02F8E81F0254E81F02
3160
314-Fliqlo Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3160
314-Fliqlo Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3160
314-Fliqlo Setup.exe
write
HKEY_CURRENT_USER\Control Panel\Desktop
SCRNSAVE.EXE
C:\Windows\system32\Fliqlo.scr
2872
314-Fliqlo Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fliqlo
DisplayName
Fliqlo Screen Saver
2872
314-Fliqlo Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fliqlo
UninstallString
C:\Windows\system32\Fliqlo.scr /u
2468
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2468
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@themeui.dll,-854
Windows Classic
2468
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@themeui.dll,-2019
Normal
2468
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@themeui.dll,-850
High Contrast #1
2468
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@themeui.dll,-851
High Contrast #2
2468
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@themeui.dll,-852
High Contrast Black
2468
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@themeui.dll,-853
High Contrast White
2468
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@mmres.dll,-800
Windows Default
2468
rundll32.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes
CurrentTheme
C:\Users\admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
2832
Fliqlo.scr
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Fliqlo_RASAPI32
EnableFileTracing
0
2832
Fliqlo.scr
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Fliqlo_RASAPI32
EnableConsoleTracing
0
2832
Fliqlo.scr
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Fliqlo_RASAPI32
FileTracingMask
4294901760
2832
Fliqlo.scr
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Fliqlo_RASAPI32
ConsoleTracingMask
4294901760
2832
Fliqlo.scr
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Fliqlo_RASAPI32
MaxFileSize
1048576
2832
Fliqlo.scr
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Fliqlo_RASAPI32
FileDirectory
%windir%\tracing
2832
Fliqlo.scr
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Fliqlo_RASMANCS
EnableFileTracing
0
2832
Fliqlo.scr
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Fliqlo_RASMANCS
EnableConsoleTracing
0
2832
Fliqlo.scr
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Fliqlo_RASMANCS
FileTracingMask
4294901760
2832
Fliqlo.scr
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Fliqlo_RASMANCS
ConsoleTracingMask
4294901760
2832
Fliqlo.scr
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Fliqlo_RASMANCS
MaxFileSize
1048576
2832
Fliqlo.scr
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Fliqlo_RASMANCS
FileDirectory
%windir%\tracing
2832
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2832
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2832
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2832
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3168
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3168
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2700
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2700
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2588
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2588
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
4064
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
4064
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2596
rundll32.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3672
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3672
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3800
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3800
Fliqlo.scr
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
14
Suspicious files
2
Text files
3
Unknown types
22

Dropped files

PID
Process
Filename
Type
3160
314-Fliqlo Setup.exe
C:\Users\admin\AppData\Local\Screentime\STF1\314-Fliqlo Setup.PT
executable
MD5: fadae26394dea62f1947389ef629a2fe
SHA256: a8b8780a42f06f25715eebf8bebfa73977d838bdf558fc6126c446707d975787
2872
314-Fliqlo Setup.exe
C:\Users\admin\AppData\Local\Screentime\STF2\impborl.dll
executable
MD5: 23a38a0f3b5fb112809c339725a9e318
SHA256: 7f86b2a4d53df100d8572c1615e809c11df9765054e394773b033aed083719ff
2872
314-Fliqlo Setup.exe
C:\ProgramData\Screentime\Fliqlo\saver2.dll
executable
MD5: 780b904630b859d122e5fe85ef8d45d7
SHA256: b7ffc9c018c90be3658a082a39b06438fe0cd5560f3bad78828c2c117c2f53c4
3160
314-Fliqlo Setup.exe
C:\Users\admin\AppData\Local\Screentime\STF1\314-Fliqlo Setup.FR
executable
MD5: e45075f00ebaa61b08ca7fd6bbb3a92b
SHA256: f124a3218940a4decd7519d6f40c48de5cab74fd6c11ddc0592678e14d7cb40d
3160
314-Fliqlo Setup.exe
C:\Users\admin\AppData\Local\Screentime\STF1\314-Fliqlo Setup.NL
executable
MD5: 3edd41d95d6954d9613a3b45ec2186d5
SHA256: ca4e8f05200586498db766ab963a4a6972f349b450d565a61f9d15eb660c6dd1
2872
314-Fliqlo Setup.exe
C:\Users\admin\AppData\Local\Screentime\STF2\temp.dat
executable
MD5: 677a21918514c60efaad25bc52b68e93
SHA256: 7d67e495c93ab18d9cf5c67147fe7ff82f0f9abb7f351c982a90c8616f531562
3160
314-Fliqlo Setup.exe
C:\Users\admin\AppData\Local\Screentime\STF1\314-Fliqlo Setup.ES
executable
MD5: 8b0df5daf1789e25b26de0282bc5a953
SHA256: ba9b408dd05268ca89e02b3ee96a7cf2a8d2136556686959b4f28319d617828a
3160
314-Fliqlo Setup.exe
C:\Users\admin\AppData\Local\Screentime\STF1\314-Fliqlo Setup.CAT
executable
MD5: 6d79d3bd00f91c2fb68d5af9032f9aa1
SHA256: c7a73ad317660557e24f662822a81eb455abc5b414a446cd543324f57538c60f
2872
314-Fliqlo Setup.exe
C:\Windows\system32\Fliqlo.scr
executable
MD5: 373ca1151d0254d0b45569fcae0286cf
SHA256: 407e07603c430e82baf2ab057fa4b042386bf8a8f99190e643e63d21e854e31d
3160
314-Fliqlo Setup.exe
C:\Users\admin\AppData\Local\Screentime\STF1\314-Fliqlo Setup.JPN
executable
MD5: 444eab3bdf58c885039fbfecf358f950
SHA256: ae6ec60d0bb283bbaf8192e825f2daa7d75de8a7e2d66a0aff191ab60f63eadc
3160
314-Fliqlo Setup.exe
C:\Users\admin\AppData\Local\Screentime\STF1\314-Fliqlo Setup.exe
executable
MD5: 677a21918514c60efaad25bc52b68e93
SHA256: 7d67e495c93ab18d9cf5c67147fe7ff82f0f9abb7f351c982a90c8616f531562
2872
314-Fliqlo Setup.exe
C:\Users\admin\AppData\Local\Screentime\STF2\install_flash_player_10_active_x.exe
executable
MD5: b1acc692ce72994cf963c863cc547b80
SHA256: aca24cc25c2b4a16f0365a8443d1baef21eb5bed80f7f38e3052634541873ab8
2872
314-Fliqlo Setup.exe
C:\ProgramData\Screentime\Fliqlo\saver1.dll
executable
MD5: 39a1e0efcf1ec5a09ac54acd797b5c0c
SHA256: 40e08432e75fe53d8152eb562293c62a2a2ad625b3470a4703cc2cb16eac5755
3160
314-Fliqlo Setup.exe
C:\Users\admin\AppData\Local\Screentime\STF1\314-Fliqlo Setup.DE
executable
MD5: c4de8cef8b75522d71a066434d3cc5bd
SHA256: 074af74829ae6bc3ac011b5e143c1a6535eab1b290b80d6fc1b9154e10cedbe9
2832
Fliqlo.scr
C:\ProgramData\Screentime\Fliqlo\ping.txt
binary
MD5: c4ca4238a0b923820dcc509a6f75849b
SHA256: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
2468
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
text
MD5: 80e9b0a1ecb7d394a1c354d9b61481ac
SHA256: 8e1cdb8dcf3cae27c2380b03e0556e913df5572adddbd5fc54764ef4b0c5d5ea
252
explorer.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\Appearance and Personalization.lnk
lnk
MD5: 09383afe23b505a7bccb775b9c1e26b9
SHA256: 77f67f1fad901634ab4b5f0efa51cdda21c7f5dc6e32fa457aa6da383335727a
2872
314-Fliqlo Setup.exe
C:\ProgramData\Screentime\Fliqlo\movie.swf
swf
MD5: 7a7332127c65f7e3c92c4ce63b40e6fd
SHA256: f8c529c4af9f673a5b57754b2178b7e350b72e1484342fb058aa9d95b7572fc1
2872
314-Fliqlo Setup.exe
C:\ProgramData\Screentime\Fliqlo\expire.scf
swf
MD5: e338755ed4be4e6ae7b88733045985a9
SHA256: 3224b628751ce1ede1d2806d0a222372ca4133d06b4bab14878071a2318dd5b0
3168
Fliqlo.scr
C:\ProgramData\Screentime\Fliqlo\saver.ini
text
MD5: b5e3073fbdbde87a49a3c267ca200691
SHA256: a0b4e84703b1913485daff740f1685dfd44be16ac4fef758b8ad4eb65f4a2d93
2872
314-Fliqlo Setup.exe
C:\ProgramData\Screentime\Fliqlo\com.9031.fliqlo.1.3.3.swf
swf
MD5: 701a922399238f8abf3bdc2e52ebaf84
SHA256: 546d72082760c9c2dacae8a608f2979cb5bf860d45ab63e88ec3958adb847378
2872
314-Fliqlo Setup.exe
C:\ProgramData\Screentime\Fliqlo\saver.dat
binary
MD5: 7190d154d4543a0631291c3abacb35e4
SHA256: 5ffd6b166ae30498c46ad9f3b275665d5c5f9d4785627dcbb7e77333c1d79043
3168
Fliqlo.scr
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol
sol
MD5: 2756698355edd11f67e8ca84d98ff210
SHA256: 5ae43486daef331c2ed2ee58ea3e9b3246c44aa40c7426fe1eb7f6313076914c
2872
314-Fliqlo Setup.exe
C:\ProgramData\Screentime\Fliqlo\setwnd.scf
swf
MD5: 82e05faccc0338c924f7726629f63bf3
SHA256: f4745e9f9f1f6be947f1a6f84a530fb23c00635050a093a9d4b2f758eb95dc93
2872
314-Fliqlo Setup.exe
C:\Users\admin\AppData\Local\Screentime\STF2\Fliqlo.ssd
––
MD5:  ––
SHA256:  ––
3168
Fliqlo.scr
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R85C8QCJ\localhost\fliqlo.sol
sol
MD5: ec633a8d7941c7d3be225e802c60f59f
SHA256: 2fe7b4c3d28e3c4a5b37f3094276cc7571d64f0fdbe6536ee47b4d2961a4bb14
3168
Fliqlo.scr
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R85C8QCJ\localhost\fliqlo.sxx
––
MD5:  ––
SHA256:  ––
3168
Fliqlo.scr
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sxx
––
MD5:  ––
SHA256:  ––
3168
Fliqlo.scr
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
sol
MD5: 76eff03bdf7c9ac01db2023cb97763ed
SHA256: 3fe627c4f849caa52a3b56534d0cc149ae46f746481d2fc6a082a758ece17b8b
3168
Fliqlo.scr
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
––
MD5:  ––
SHA256:  ––
2832
Fliqlo.scr
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
sol
MD5: 486ecf05245c33c1ac6dc19d1a50ea9a
SHA256: 0741ac99b56d9786bfc121057968bace85eb109074bf9b6d8996f89341a00f00
2832
Fliqlo.scr
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx
––
MD5:  ––
SHA256:  ––
2832
Fliqlo.scr
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
sol
MD5: 6e1815547f3a9bf10bd43f5cc2450b86
SHA256: b4f10ee4886e33995adfa6880819ecc0aeffabac1028a03da9a674f7aea0aecf
2832
Fliqlo.scr
C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
––
MD5:  ––
SHA256:  ––
2832
Fliqlo.scr
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\saver[1].htm
html
MD5: d1bd59064847494eb5553cb1c560833d
SHA256: 723cb5cfa55bfdf47f8d73784d3ebbd595a8979f1dbf70726ba9996279ce8672
252
explorer.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\7e4dca80246863e3.automaticDestinations-ms
automaticdestinations-ms
MD5: f3e56a3a17c1c57254bcdaed1c5e782f
SHA256: 97c9a46c4b8621ace99d17fa6a7f2880a40c8b273f48259da124e32a1f39a4f4

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
2
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2832 Fliqlo.scr GET 301 199.204.248.117:80 http://services.screentime.com/saver?purpose=askUsersFirewallAppForOnlineContentPermission&platform=Windows&version=3.7&command=ping US
html
suspicious
2832 Fliqlo.scr GET 200 199.204.248.117:80 http://services.screentime.com/saver/?purpose=askUsersFirewallAppForOnlineContentPermission&platform=Windows&version=3.7&command=ping US
html
suspicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2832 Fliqlo.scr 199.204.248.117:80 CONTINENTAL BROADBAND PENNSYLVANIA, INC. US suspicious

DNS requests

Domain IP Reputation
services.screentime.com 199.204.248.117
unknown

Threats

No threats detected.

Debug output strings

No debug info.