hxxps://drive[.]google[.]com/file/d/1_myVGauzm-u3CasrtGYTAknp85d7UENZ/view

Analysis

max time kernel
868s
max time network
844s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2025 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1_myVGauzm-u3CasrtGYTAknp85d7UENZ/view

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
144	4444	msedge.exe

Executes dropped EXE 3 IoCs

pid	Process
1320	glogg-latest-x86_64-setup.exe
3420	glogg.exe
840	glogg.exe

Loads dropped DLL 17 IoCs

pid	Process
1320	glogg-latest-x86_64-setup.exe
1320	glogg-latest-x86_64-setup.exe
1320	glogg-latest-x86_64-setup.exe
3420	glogg.exe
3420	glogg.exe
3420	glogg.exe
3420	glogg.exe
3420	glogg.exe
3420	glogg.exe
3420	glogg.exe
840	glogg.exe
840	glogg.exe
840	glogg.exe
840	glogg.exe
840	glogg.exe
840	glogg.exe
840	glogg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
4	drive.google.com

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files\glogg\README.md	glogg-latest-x86_64-setup.exe
File created	C:\Program Files\glogg\Uninstall.exe	glogg-latest-x86_64-setup.exe
File created	C:\Program Files\glogg\Qt5Gui.dll	glogg-latest-x86_64-setup.exe
File created	C:\Program Files\glogg\Qt5Network.dll	glogg-latest-x86_64-setup.exe
File created	C:\Program Files\glogg\Qt5Widgets.dll	glogg-latest-x86_64-setup.exe
File created	C:\Program Files\glogg\glogg.exe	glogg-latest-x86_64-setup.exe
File created	C:\Program Files\glogg\COPYING	glogg-latest-x86_64-setup.exe
File created	C:\Program Files\glogg\platforms\qwindows.dll	glogg-latest-x86_64-setup.exe
File created	C:\Program Files\glogg\Qt5Core.dll	glogg-latest-x86_64-setup.exe
File created	C:\Program Files\glogg\libwinpthread-1.dll	glogg-latest-x86_64-setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	glogg-latest-x86_64-setup.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x0007000000023cef-337.dat	nsis_installer_1
behavioral1/files/0x0007000000023cef-337.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 26 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cap\OpenWithList\glogg.exe	glogg-latest-x86_64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cap\OpenWithList\glogg.exe\	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3625106387-4207083342-115176794-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3625106387-4207083342-115176794-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\OpenWithList\glogg.exe	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.txt	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.txt\OpenWithList	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.Log	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.log\OpenWithList\glogg.exe	glogg-latest-x86_64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.log\OpenWithList\glogg.exe\	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\glogg.exe\shell	glogg-latest-x86_64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\glogg.exe\shell\open\FriendlyAppName = "glogg"	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\glogg.exe\shell\open\command	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cap\OpenWithList	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\glogg.exe	glogg-latest-x86_64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\OpenWithList\glogg.exe\	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.txt\OpenWithList\glogg.exe	glogg-latest-x86_64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\glogg.exe\shell\open\command\ = "\"C:\\Program Files\\glogg\\glogg.exe\" \"%1\""	glogg-latest-x86_64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.txt\OpenWithList\glogg.exe\	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.Log\OpenWithList\glogg.exe	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.log\OpenWithList	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cap	glogg-latest-x86_64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\glogg.exe\	glogg-latest-x86_64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\glogg.exe\shell\ = "open"	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\glogg.exe\shell\open	glogg-latest-x86_64-setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3625106387-4207083342-115176794-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 420790.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 2 IoCs

ransomware

pid	Process
2660	NOTEPAD.EXE
2672	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3420	glogg.exe
840	glogg.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
1028	msedge.exe
1028	msedge.exe
1184	identity_helper.exe
1184	identity_helper.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
2052	msedge.exe
2052	msedge.exe
4800	msedge.exe
4800	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3420	glogg.exe
840	glogg.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2704	7zG.exe
Token: 35	2704	7zG.exe
Token: SeSecurityPrivilege	2704	7zG.exe
Token: SeSecurityPrivilege	2704	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
1320	glogg-latest-x86_64-setup.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
4636	OpenWith.exe
3420	glogg.exe
3420	glogg.exe
3420	glogg.exe
1168	OpenWith.exe
1168	OpenWith.exe
1168	OpenWith.exe
1168	OpenWith.exe
1168	OpenWith.exe
840	glogg.exe
840	glogg.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 560	1028	msedge.exe	85
PID 1028 wrote to memory of 560	1028	msedge.exe	85
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4460	1028	msedge.exe	86
PID 1028 wrote to memory of 4444	1028	msedge.exe	87
PID 1028 wrote to memory of 4444	1028	msedge.exe	87
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88
PID 1028 wrote to memory of 1608	1028	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1_myVGauzm-u3CasrtGYTAknp85d7UENZ/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd94cc46f8,0x7ffd94cc4708,0x7ffd94cc4718
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=932 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2052
- C:\Users\Admin\Downloads\glogg-latest-x86_64-setup.exe
  "C:\Users\Admin\Downloads\glogg-latest-x86_64-setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,3728913592988005950,14243295560302430742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2184

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2404

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4636
- C:\Program Files\glogg\glogg.exe
  "C:\Program Files\glogg\glogg.exe" "C:\Users\Admin\Downloads\Cópia de serasa e meu ovo.7z"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3420

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap7819:110:7zEvent4112
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2704

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\JBR_PF.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2672

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\JBR_PF.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2660

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1168
- C:\Program Files\glogg\glogg.exe
  "C:\Program Files\glogg\glogg.exe" "C:\Users\Admin\Downloads\JBR_PF.txt"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\glogg\Qt5Core.dll

Filesize
4.9MB

MD5
f3c59e296b2f712cd45f2cb363faf271

SHA1
b6feb332604449de28aab91324d2a63cb272242a

SHA256
6302e3cdfa16f1a67afa20ccf2ab21bcc96ff6f3dccde2be38607539d6229b49

SHA512
114940342800bf5c907353adc42272943da7a305cca14c41971708aff84c394fe8b3c1e5ba5113501380a4104107cf7dffe6c909a754c2bb6b80f5702ac55fc1

Download Submit
C:\Program Files\glogg\Qt5Gui.dll

Filesize
4.7MB

MD5
fe78193c8e70e237228a743644f48cc2

SHA1
11e97d8a0d19d47e7bf246760d03f522fe326790

SHA256
76ed1d350c039b75c4a7960368cd49fbd1400b1cc4cbf30bacc35abe3ea30f70

SHA512
3d3ae391767684b8f6bf66c80c88a138d4f129b6a884e4c310de0536eda06b1faa0ffdf9cce0c8f21699d9c29a860d35771e1bd22ec5d73aceba5dd2227f207f

Download Submit
C:\Program Files\glogg\Qt5Network.dll

Filesize
1.2MB

MD5
d309014c0023a9473f633ef0c6f2ac81

SHA1
709327ea5ef1ef6da27de290208308f0dd9e146a

SHA256
63307c6d137ef531ca3a940662479e6f0b26c334a3680eb6e7459c81bdb38e22

SHA512
18968ee5b45d33d377ca9c2ad7418abdf726da5841953f14bdd3e36882c4e638665b5746ec28bf22fb877d9bf5cea6b0127c32b5e1076ccb6114a563fd08181a

Download Submit
C:\Program Files\glogg\Qt5Widgets.dll

Filesize
5.7MB

MD5
a12bef377ee34d8c728696f594f916e3

SHA1
c852f4a0a55482e9a429fde50d97439c7a7af973

SHA256
a2b83465372e51d5fa111589c9faa25bcdc542f78a862579b2ba87af7dcef462

SHA512
7149bdb33d3d41ed3fea3eaa3068904d80c4f9d024f4a1bf14c83aa7f9e4157a64ced27fdd182c73d630d1a9975f568bdaae4a3c59e76e8af875cf712540c58b

Download Submit
C:\Program Files\glogg\libwinpthread-1.dll

Filesize
294KB

MD5
99a9ea05e3c12000701d2f04803c4de1

SHA1
680d2884f676d2de023d569fce5d837881c6c690

SHA256
285d58a93a64f451b2a622d42abc876319e14631f288c65b5fa987d3cf62d15a

SHA512
d6287cdc2fa3edb28e9267d4ec089de36fd33ee3cd60bf37d79994725873e0e78375c872ab2260e9d8c56c7dd5ded10a109947ccbc07d5fdf926ac3cd6a28725

Download Submit
C:\Program Files\glogg\platforms\qwindows.dll

Filesize
1.4MB

MD5
82a3c690ab7214861f7e9d3ad6d592ea

SHA1
5b355208b7861d91634cb7f3d8b0bc8441da9204

SHA256
49dbcd35596a5cd5e7c36d283e56c45b39dceaf3876b9a1728ed496d86994ec7

SHA512
6cc3e540446903341c1617800e69481e567c5e644f4e039371e28d9918145146a89d45d3e1e574ea6a8f32a199cec3582efc35d4ed0c3f56dc5e36350bfd6d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc29044ff79dd25458f32c381dc676af

SHA1
f4657c0bee9b865607ec3686b8d4f5d4c2c61cd7

SHA256
efe711204437661603d6e59765aba1654678f2093075c1eb2340dc5e80a1140f

SHA512
3d484f755d88c0485195b247230edb79c07cc0941dedbf2f34738ae4f80ba90595f5094c449b213c0c871ade6aff0a14d4acfe843186e2421ccbad221d34bf54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
709e5bc1c62a5aa20abcf92d1a3ae51c

SHA1
71c8b6688cd83f8ba088d3d44d851c19ee9ccff6

SHA256
aa718e97104d2a4c68a9dad4aae806a22060702177f836403094f7ca7f0f8d4e

SHA512
b9fc809fbb95b29336e5102382295d71235b0e3a54828b40380958a7feaf27c6407461765680e1f61d88e2692e912f8ec677a66ff965854bea6afae69d99cf24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
ec15a169ca493170955e5314904fc1bd

SHA1
4d54107f08377c26459476f8348d62807ef073e0

SHA256
652d3928a300fdfe4bf3e9397b79dd01dff7c22d79a356eb949ef7e74fcf53bb

SHA512
7f8fcdf39538ab8be9986ae80e87c42eff37c06e41a6e61879b532fbcace7430a895bc47705e821da3a8f2cd646f900380f6c55c611e8fdd6063db4a696a7744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f9910c790d9415695adf277adacc2970

SHA1
3e97c8e7f42f2642956d6f939b358672d65bcb7e

SHA256
2ad135201739c12d9627ccf84f643de3e49db219b98e8478f04531f432b80a60

SHA512
401dfc2ac3af3de035c1f609f02aa0a38e40fce428cf25a80babf3279dc13479a2b4f3368e5858903c5e0e82c796d4b00f9b2103d76e0f4ca1176b0d511d654a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
27c2468f2843ade77ceef8bce56965c3

SHA1
0e413668e9673b8d45e25c292486ac7c842b9e44

SHA256
675b103db77bc026844cc21678d8679c82eec06e2b0d8eda6d0098ba049c7629

SHA512
910328a76513c9efbd2a1949eb6d212053d5393e9bbffad1b5314e0d573757f5b109f6ee4a8292efb42195f1adf63d8a11e6d420c00398b89fa1cfe1f67d0378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b174f1854ee50c7c9a074d4ebd61fe7e

SHA1
3548016ab712807898e608577f56186ea2eb770f

SHA256
de1c651a5b81f68c5a33ecc142627a583153f5db9fab7949ce648245f8be7a89

SHA512
dc1b647c73d97e48c95da5bb429ace3bf1eec7ac5f5ddd0778e407c000ebf2cf368e77fd25a19b117da2cee9a69b1841df5579761d9433eaec6aaf89fe70ac9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1fca38cec3622f4f8de242edc9c4bd32

SHA1
9e0e8e5cce49f7c0a34df8b254d4c8129b251cd4

SHA256
5daebc572a59a036b3ec706556cd84f8deabf868894d261125e631db796cd1da

SHA512
5c139d81f19fba3c8b962d15177a4e624c9513694dcc56ed09d941ad72bac6b56b420228247ee508b3088e4b12d9c4ff903c76ff4699cef1c3b950ecb130640c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
30cf7dbc9d65655a8a27ce8a1e48b8bc

SHA1
669840ac0f983e1e34755e59a3a60ad02cb56bb6

SHA256
0a2d89f9096d7da4512d9289ed577958fbeb277be99753f14a93c860fb02c523

SHA512
9136754f9970a51849188624065474be46e163c2dee9d9a8e0625019bfe6300f288bb64620ea00c6538c8472e719147a63b83d71a723d0d134522ef0ff8bc1a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
68a7aeca189eda9d54db61984fba9f2e

SHA1
6b6655351a04a3dc7dfedb3b3e4af782151ff943

SHA256
cd49add60f780f9ae5b022e011a924c28817e9a83dd9b401ccecca308bd5dce8

SHA512
392e9d1ea0139e87ce28be1d6638a3f28deb47f5879434fd16b1766919e1efa4d98619d4318f8ab4b75c9cb01f6d1393cf2ee8aa967686be3dcb06f1cd994269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
58a55748c716df8030acddff32190d87

SHA1
c2e392317712ddcf4d0a0bf8f97b174543b08f92

SHA256
c76b0975fbc83742ff473e926ebbb62f33d2df0dd8bf4e338ce2285a08c305fd

SHA512
1422b6d43e80e268e14bf59772795c284130e8f264e212e431a7d8404e2c6dbbbb87269be27918a3f654c5746b864641cc6a12f6fe17e960b81e70046ba24027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
12a3bb55d54d2af1e0e8195924b35264

SHA1
5036f697e9354266b47fa7a8efdbd06f2e15bd2b

SHA256
ca4854f577054f9f1e35fcb737ba15aab7da3297fbaed92eb9d082e38cfe3524

SHA512
6245f820ed7f6ea84f3a5d80d7a13b4e3454a07a952f1074205eb05b26ce37c2d7211a1b6bd7e5778676d368d0af2bd2eefc58618abdd48dd95ec4ae012f054c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4867ac1b4620f9eafa1efc7809ab4ee9

SHA1
df1667929dfd06b3dbbb2785948a22a03bdb66a6

SHA256
8af7c61c0a49db46745f4ffaddf54a2df1e7d91eae4284d8c539845280bb1d46

SHA512
8e3b8a14f4484f53ddc1289b891d91993cf07fb06d8b1742e0dce6d31e53ac8c22994fb73105c35c76b6d82f9eb5e5efbc0cb67f4b92df1bc75b59ea7d64dd9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1f15696bf6add71ff69db0453fb5d32

SHA1
18364f05895291c4bacedcbea2a0df441a50ad2e

SHA256
a7d85c756d4d107ddd4170324e96813df7556b5cc4945b3dd234c6f951afaa24

SHA512
76cad6a50294f524ab04cfe54d91455a40c63b1ac25827f680d40628ebc12c3ee223d4da75f365b5ed8de448a1da8d3932f24c1ae40a1e8b8e4ad51eb884076e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1ece8f11eae9e72663dfdc6fde3705a7

SHA1
30b021f853b8739e8d4b4382515d2c4ac3d5978e

SHA256
a2ce29eaebce0830d3d7e5281f16e453cfa9942e9c72d64bba77b76ebae3c4d7

SHA512
7a615373030041636b79036bebe45f6b06a47f27fd6e7fae032fec5fb2da51a441f8325d035c588f8ff0afc53445e3bd76f59cb4059d65c39dd56717be94c078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1b3e6aa1a431a0e145d32510d1cd0a50

SHA1
243091bcd08877f644480741d75ad07e3dd64214

SHA256
b21fb5d545704b8391ef8d160387dbeb66fc429f488de4df1baa3691319ba603

SHA512
33fa85d1ec9b9c0a4ca30244019047e7ce38a7f65ed855c4147d4e01ed53bd0b5d7e6f43afb9ff7bb3fd6e13971c4255124b570c60b97ce611a6f451b9fa5866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f74cd96fedc0109a60c568783f86c688

SHA1
c4a5e6c4c290037b918d14a1cf96bd46fa576ba3

SHA256
ff51c15eaae8fcc3a19cc591e6e0f4b2e2d8d88d43b0f50c169aa978af159c46

SHA512
be13011265b143026696fb8a0d4a65737074f533512ff87a83266d7752c8093fff990927759dbd05a457f8e2e98941a723bc0fecc37f3d635c6fe293e3e07343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e9933543910b541337257bd29977f5fd

SHA1
6825d15da42a76ebba582a6c6f8ec19206333358

SHA256
9e092d15b25b5202cf704bf46fc4bb55f3d487f09b0dcd4aa5f282d115057351

SHA512
f754fdce40b0fc874f909d0fcd83d1017957ce3e07c45e2b33119a555f751c9bb9eb57216c9d3317510fc225a3eb68d5a9a1ba200fca99199d1717b03d0f0d38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5ddac7a95dad9eac759bbd79c1176425

SHA1
7bcabfa0526fc46765767592dda38c868e551311

SHA256
a687798782b813856d0687ed55f0e4b4528028ee6a717442c795e8d89fffed0a

SHA512
e783b825eef91a217f8f28ab129c7733e58a986483c288b887fd072dc2f95769f408ae40f2d689262a7ce6c5aa42e1b2527ef7d94728d7cb0a198128fe2090bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b245af52ab83729c8ca4da451f020a7

SHA1
5c4a11fdb879e0adc80737d7bd34c2c644091fc1

SHA256
ce15746608077b898ca10d974c7de51ef484244b15f7b96c0319b4c7fe10faf3

SHA512
554c2049efd9f300fc358dd78cbbcf5feb1c0fae190eafb3110d25d1851c8b69aff5a0db504ef3de185f4039878cf91aef9f19127516fa51bb8b24c902c5c480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a4b14.TMP

Filesize
1KB

MD5
7362fe86d6af4f53e4952d59b3557655

SHA1
3a1f8646134e9a4c1354cd4570f0a298cc92fc3f

SHA256
fa98c499a7ebc41721f22f831a56a4971308767f5ea5c63399a2268f3e7b18b1

SHA512
461995cc9cd6996158ee206ec6d1c69479942ae2c48adede1854fe73683f4a07706351311e028cbbb3c33636805d5ace1fdd7086b3241cca69b1a1a438805cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
64acc2fe1360ed2274c02d59b159d384

SHA1
fc25b30d502e17e40784674ccf3b5d911ab94017

SHA256
872514cae48a52448f01235f99d83b1f5da8212ce1f1a727bad26b51206f0cf0

SHA512
c2d1eed7faf7745e2ee44f08c9b27c7971c043823874187850e5f5fff2440f2790321b3dc06f0ecc9f7bb769e4e139d768da3bc5e947e8f893ec538371f978e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e76cfb1b4a69ee4cfeafea1a28974f8c

SHA1
5cb6db7f00020bedf09fa37abf26a28de13d33cc

SHA256
74ea5aa0e7140922711545ad80976708c32b42d01bb1d30837e86e86d3da081d

SHA512
7113a03a90b6ce9299900b52feed85afe9dd07c8e38e6a93a754ef85a7636e0c56d5ce48f2332bff3c555f4005d3b2aac67a90f5bbd5d8921e854dbb417f3cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f2f2155b9d0a1e73069339d8b983e9c

SHA1
2fe0fbad287f157a3bb6452ff362f2b4ecc84f3b

SHA256
9131704338d47cb735e5f740bddb4b44df1843d6b727d4ee6ff6a246e8e8d876

SHA512
023526847b3d4b543ffac0686f3aab222975643e0ec51f21e83f2f0a72e5185914530411d4959896b4e429548790416d5f266e772f751753e19ed28b1d07efeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd38670f6284dbd1a038413eed37ce91

SHA1
0a1df701632a8374b811150a9fb479812ce71e80

SHA256
86645a433f0a4fc1483dd8433d6de6f71372a4e2fc60f5a15732ed43163e81d7

SHA512
1aac258d42db16cf127dcab3c323970e498eae0ac6023cad0bccd37372016092c5f6307e7a60671d0ba6385c1e4141e2fb142a9ec194ce0b0e95e42d96b50fbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa4D24.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa4D24.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa4D24.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
C:\Users\Admin\AppData\Roaming\glogg\glogg.ini

Filesize
50B

MD5
dd840e12592b5a6636e30a50b08b9256

SHA1
4f8414100154b48e063d31c5ce48d07547272022

SHA256
352cd06c81f57b68c7f96de10dba5b414d3491194869aabe7d5edffc35b1d6e4

SHA512
b7c5422d899dc0425930a4f46fbc19659472445e148f797b6a424b48624fcf08844b2f897505e676e77dc3cc2837dfccf14a7a8d4064cb9e6ab3c093e2d11455

Download Submit
C:\Users\Admin\AppData\Roaming\glogg\glogg.ini

Filesize
996B

MD5
3647739598b2000160d1917398b8d070

SHA1
0ffeb012d9e6e229bf0552a7098ae1ff804501d5

SHA256
fb53ff1c4df7c899ece2fae8f97cf4d47a2b64516188362aa80aae7201096308

SHA512
6a5f6ded29af9226b643c8b7a03d29ac84a84ce4fc24071bfe05ebab9d436bfad30d1160560e8f6f70707521498a24a4bf079e37c315a0fadd8ced8a305d2c97

Download Submit
C:\Users\Admin\AppData\Roaming\glogg\glogg.ini.Nn3420

Filesize
219B

MD5
262eba34fadccb22437fb79eeace096d

SHA1
d3cb922cb0949a034b3cc3edcd60426e46a977c0

SHA256
14db6fd11ac4402a462f55f3002270ce73e17384dfc82f83f7690724b6c7d190

SHA512
5a0674f236448fb6caba4ae5ff80d86e6150061a5471879012172e9a9c513102dbfb9f772b9641a88b56b3c1612020d5bcb0a00f1751c14cec557c849853da8d

Download Submit
C:\Users\Admin\AppData\Roaming\glogg\glogg.ini.lock

Filesize
20B

MD5
4c235efad981203bbc54c07371060022

SHA1
976e1192fce6def77e3e914e8bddf74fc04ff724

SHA256
689d4f99970dcb1d96c4c259c161814d64306c2f8226f05e3cb2e5e55d9d13ea

SHA512
f662b0e79a8a2b91df5f2741928fd0cb174671e699ac6464a7a6be00080975e0b1f392c3e8ce56177d9330f4163dd8882b0bf783a4204576ea77459ea8a24e72

Download Submit
C:\Users\Admin\AppData\Roaming\glogg\glogg.ini.lock

Filesize
19B

MD5
d3748ab4abb0e301a71ea818ed78379a

SHA1
07242f6a105e7e01702ab0c39d6c50a0977d6b51

SHA256
515d600d10f333baea12902f44bf3696f628435b16458bf8951512f23eb585ff

SHA512
afbbcb64871bf2db4154ca70a1a99df45ff3eb23ef21130eb8071d0340ed8b5ba0fdf82ba93ffbbd9a2acbcc7716c02b675c89f66c882a2fb36084f9214b23e4

Download Submit
C:\Users\Admin\AppData\Roaming\glogg\glogg.ini.vv3420

Filesize
92B

MD5
8e6b007ebc80749d51feccfafaf24123

SHA1
fb2a4f080d37ba178ce8d99282118785c8752c8d

SHA256
1eb7c1deb1c508c8aea729fcf23cf8db97f234b9c56f89c7ae0c32f7b8e75dc6

SHA512
87206ff37ab63ebd0e6f6aa6961ff83b44f616ee2233ac8007f0a792fd0db7144d8420dbe16980494ee0215110d86083c10ebb561b493334b45112227884ce33

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 420790.crdownload

Filesize
6.5MB

MD5
1f71c2da992a77adc264f6173f2005d6

SHA1
b943e14c5bea9ec4b7e527fb2fcc0d4d02b82697

SHA256
08fe13b713327bef93298b6d11717a93bbaa9d49165995be93f4a3282e76b22f

SHA512
cc6ed1b8bdbdd8e3d5040ed52f62a8241ab176a3f2dadfaedbd743687da3307fc0b0d128110feea427168cb3f782fc3f7ede3420d8d2f311ad6cceddae0c3b21

Download Submit
\??\c:\program files\glogg\glogg.exe

Filesize
1.9MB

MD5
3cd8305b89a91971cd92409ed548c453

SHA1
8f5733029fbb396c1166a0373a6857cad57c7306

SHA256
e309efdd5828b158ce0626c055c7dc7db7a62ca0d489bf0d63a63d2f0c2c3d25

SHA512
3b6daf4d04bfe7c14728aba871a9de81f3051e21976784d1a112adde4ed1127aca39e6e1ea0c4dfef7b3f59ada9ac4ec0518e439e891e9d4a995fd9bcf77b4de

Download Submit
memory/840-601-0x0000000068880000-0x0000000068D75000-memory.dmp

Filesize
5.0MB

Download
memory/840-644-0x0000000061940000-0x0000000061E05000-memory.dmp

Filesize
4.8MB

Download
memory/840-651-0x0000000061940000-0x0000000061E05000-memory.dmp

Filesize
4.8MB

Download
memory/840-654-0x0000000000ED0000-0x0000000001491000-memory.dmp

Filesize
5.8MB

Download
memory/840-650-0x0000000068880000-0x0000000068D75000-memory.dmp

Filesize
5.0MB

Download
memory/840-643-0x0000000068880000-0x0000000068D75000-memory.dmp

Filesize
5.0MB

Download
memory/840-647-0x0000000000ED0000-0x0000000001491000-memory.dmp

Filesize
5.8MB

Download
memory/840-628-0x0000000061940000-0x0000000061E05000-memory.dmp

Filesize
4.8MB

Download
memory/840-626-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/840-627-0x0000000068880000-0x0000000068D75000-memory.dmp

Filesize
5.0MB

Download
memory/840-620-0x0000000068880000-0x0000000068D75000-memory.dmp

Filesize
5.0MB

Download
memory/840-600-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/840-606-0x000000006A880000-0x000000006A9E9000-memory.dmp

Filesize
1.4MB

Download
memory/840-605-0x0000000000ED0000-0x0000000001491000-memory.dmp

Filesize
5.8MB

Download
memory/840-604-0x0000000064940000-0x000000006498B000-memory.dmp

Filesize
300KB

Download
memory/840-603-0x0000000069700000-0x0000000069833000-memory.dmp

Filesize
1.2MB

Download
memory/840-621-0x0000000061940000-0x0000000061E05000-memory.dmp

Filesize
4.8MB

Download
memory/840-602-0x0000000061940000-0x0000000061E05000-memory.dmp

Filesize
4.8MB

Download
memory/840-614-0x0000000061940000-0x0000000061E05000-memory.dmp

Filesize
4.8MB

Download
memory/840-618-0x000000006A880000-0x000000006A9E9000-memory.dmp

Filesize
1.4MB

Download
memory/840-613-0x0000000068880000-0x0000000068D75000-memory.dmp

Filesize
5.0MB

Download
memory/840-612-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/3420-531-0x0000000064940000-0x000000006498B000-memory.dmp

Filesize
300KB

Download
memory/3420-530-0x0000000069700000-0x0000000069833000-memory.dmp

Filesize
1.2MB

Download
memory/3420-528-0x0000000068880000-0x0000000068D75000-memory.dmp

Filesize
5.0MB

Download
memory/3420-564-0x0000000000E10000-0x00000000013D1000-memory.dmp

Filesize
5.8MB

Download
memory/3420-561-0x0000000061940000-0x0000000061E05000-memory.dmp

Filesize
4.8MB

Download
memory/3420-533-0x000000006A880000-0x000000006A9E9000-memory.dmp

Filesize
1.4MB

Download
memory/3420-527-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/3420-560-0x0000000068880000-0x0000000068D75000-memory.dmp

Filesize
5.0MB

Download
memory/3420-562-0x0000000069700000-0x0000000069833000-memory.dmp

Filesize
1.2MB

Download
memory/3420-565-0x000000006A880000-0x000000006A9E9000-memory.dmp

Filesize
1.4MB

Download
memory/3420-563-0x0000000064940000-0x000000006498B000-memory.dmp

Filesize
300KB

Download
memory/3420-559-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/3420-532-0x0000000000E10000-0x00000000013D1000-memory.dmp

Filesize
5.8MB

Download
memory/3420-529-0x0000000061940000-0x0000000061E05000-memory.dmp

Filesize
4.8MB

Download
memory/3420-461-0x0000000000E10000-0x00000000013D1000-memory.dmp

Filesize
5.8MB

Download