bandook | 22e2ab1e6a152237fb0cef6a0a24a8b7711c1ebb6c109625aaf85546075f5f56

Resubmissions

01-08-2024 16:05

240801-tjv3wsycmp 10

08-12-2023 18:12

231208-wtl9vadcd4 10

Analysis

max time kernel
1800s
max time network
1799s
platform
windows10-1703_x64
resource
win10-20231129-es
resource tags

arch:x64arch:x86image:win10-20231129-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
08-12-2023 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Profresca_Factura.exe
Size

15.6MB
MD5

67890e34ff5481d0192a2325156d529a
SHA1

10b3af966a24dc34187fdd5e527531b3bf34c244
SHA256

22e2ab1e6a152237fb0cef6a0a24a8b7711c1ebb6c109625aaf85546075f5f56
SHA512

a7431523ec48430fef07597eac54a61af62c57c2fe9ae99d7b633ceb3cda7b1e0ab73dddb1c5de61da24a36d70c9b59c027f797628a9d28796805a91e5306afe
SSDEEP

49152:QF3eSw1ZnrHiKM2fPzVHc4sTWV0PcK7P5vPHQ9LXTKXhJ+4xPlMmL/6uDJ6gYmZa:QFuSw

Score

10^/10

bandook rat trojan upx

Malware Config

Signatures

Bandook RAT
Bandook is a remote access tool written in C++ and shipped with a loader written in Delphi.
rat trojan bandook

Bandook payload 10 IoCs

Processes:

resource	yara_rule
behavioral1/memory/744-17-0x0000000013140000-0x0000000014DFC000-memory.dmp	family_bandook
behavioral1/memory/744-16-0x0000000013140000-0x0000000014DFC000-memory.dmp	family_bandook
behavioral1/memory/744-18-0x0000000013140000-0x0000000014DFC000-memory.dmp	family_bandook
behavioral1/memory/744-19-0x0000000013140000-0x0000000014DFC000-memory.dmp	family_bandook
behavioral1/memory/744-20-0x0000000013140000-0x0000000014DFC000-memory.dmp	family_bandook
behavioral1/memory/744-22-0x0000000013140000-0x0000000014DFC000-memory.dmp	family_bandook
behavioral1/memory/744-24-0x0000000013140000-0x0000000014DFC000-memory.dmp	family_bandook
behavioral1/memory/744-31-0x0000000013140000-0x0000000014DFC000-memory.dmp	family_bandook
behavioral1/memory/1204-53-0x0000000013140000-0x0000000014DFC000-memory.dmp	family_bandook
behavioral1/memory/1204-59-0x0000000013140000-0x0000000014DFC000-memory.dmp	family_bandook

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/744-14-0x0000000013140000-0x0000000014DFC000-memory.dmp	upx
behavioral1/memory/744-15-0x0000000013140000-0x0000000014DFC000-memory.dmp	upx
behavioral1/memory/744-17-0x0000000013140000-0x0000000014DFC000-memory.dmp	upx
behavioral1/memory/744-16-0x0000000013140000-0x0000000014DFC000-memory.dmp	upx
behavioral1/memory/744-18-0x0000000013140000-0x0000000014DFC000-memory.dmp	upx
behavioral1/memory/744-19-0x0000000013140000-0x0000000014DFC000-memory.dmp	upx
behavioral1/memory/744-20-0x0000000013140000-0x0000000014DFC000-memory.dmp	upx
behavioral1/memory/744-22-0x0000000013140000-0x0000000014DFC000-memory.dmp	upx
behavioral1/memory/744-24-0x0000000013140000-0x0000000014DFC000-memory.dmp	upx
behavioral1/memory/744-31-0x0000000013140000-0x0000000014DFC000-memory.dmp	upx
behavioral1/memory/1204-53-0x0000000013140000-0x0000000014DFC000-memory.dmp	upx
behavioral1/memory/1204-59-0x0000000013140000-0x0000000014DFC000-memory.dmp	upx

Drops file in System32 directory 3 IoCs

Processes:

svchost.exe

description	ioc	process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\microsoft\IdentityCRL\production\tmpidcrl.dll	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776	svchost.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

Profresca_Factura.exe

description pid process target process

PID 872 set thread context of 1204 872 Profresca_Factura.exe msinfo32.exe

description	pid	process	target process
PID 872 set thread context of 1204	872	Profresca_Factura.exe	msinfo32.exe

Drops file in Windows directory 4 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

svchost.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\ExtendedProperties\LID = "0018000E86684E58"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02zuspyniyihxsqd	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-8 = "Microsoft Malayalam to Latin Transliteration"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\ValidDeviceId = "02zuspyniyihxsqd"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02zuspyniyihxsqd\AppIdList = "{AFDA72BF-3409-413A-B54E-2AB8D66A7826};"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-3171942101-2809460380-3727589934-1000\ValidDeviceId = "02gjoiemmgfcadbt"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02zuspyniyihxsqd	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-3171942101-2809460380-3727589934-1000\02gjoiemmgfcadbt\DeviceId = "<Data><User username=\"02GJOIEMMGFCADBT\"><HardwareInfo BoundTime=\"1702059767\" TpmKeyStateClient=\"0\" TpmKeyStateServer=\"0\"/></User></Data>\r\n"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-3171942101-2809460380-3727589934-1000	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-3171942101-2809460380-3727589934-1000\02gjoiemmgfcadbt\AppIdList = "{AFDA72BF-3409-413A-B54E-2AB8D66A7826};"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02zuspyniyihxsqd\Provision Friday, December 08, 2023 18:22:42 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAnn0nOtIjSUCPqU2in1ZR0wAAAAACAAAAAAAQZgAAAAEAACAAAADUsGD8Pk1WPU+S7+yEI4LACeHRJsdWaDtDEXIMJwNaLgAAAAAOgAAAAAIAACAAAADEIrGvsX/liWws5x/KY9j86NormO8cDholsDa3cSAFrSAAAACsZ4ExIJezotB0MVpi3ZBWMunKvaenCyiTcQHbq+0S8UAAAAAN6FH+SdMX12OwhrI2lqNK014OwhdmO5D4s7A/caA0u4yfbRWfVfigUopi5/MW2ur6/0edTK6qFqkGQizMk4PF"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02zuspyniyihxsqd\DeviceId = "<Data LastUpdatedTime=\"1702059763\"><User username=\"02ZUSPYNIYIHXSQD\"><HardwareInfo BoundTime=\"1702059763\" TpmKeyStateClient=\"1\" TpmKeyStateServer=\"3\" LicenseKeySequence=\"1\"/></User></Data>\r\n"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02zuspyniyihxsqd\DeviceId = "<Data LastUpdatedTime=\"1702059763\"><User username=\"02ZUSPYNIYIHXSQD\"/></Data>\r\n"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\ExtendedProperties	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-2 = "Microsoft Script Detection"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-18\02zuspyniyihxsqd\DeviceId = "<Data LastUpdatedTime=\"1702059763\"><User username=\"02ZUSPYNIYIHXSQD\"><HardwareInfo BoundTime=\"1702059766\" TpmKeyStateClient=\"1\" TpmKeyStateServer=\"3\" LicenseKeySequence=\"1\"/></User></Data>\r\n"	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-3171942101-2809460380-3727589934-1000\02gjoiemmgfcadbt\DeviceId = "<Data><User username=\"02GJOIEMMGFCADBT\"/></Data>\r\n"	svchost.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\diariolibre.com\Total = "348"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.diariolibre.com\ = "919"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\diariolibre.com\Total = "919"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "804"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "657"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1034"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1521"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{C6FABB24-E332-46FB-BC91-FF331B2D51F0}"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 ^ 0008 1 0009 2 000a ~ 000b : 000c a 000d aw 000e ax 000f ay 0010 b 0011 d 0012 ch 0013 eh 0014 eu 0015 ey 0016 f 0017 g 0018 h 0019 ih 001a iy 001b jh 001c k 001d l 001e m 001f n 0020 ng 0021 oe 0022 oh 0023 ow 0024 oy 0025 p 0026 pf 0027 r 0028 s 0029 sh 002a t 002b ts 002c ue 002d uh 002e uw 002f uy 0030 v 0031 x 0032 y 0033 z 0034 zh 0035"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "CC"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url2 = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\diariolibre.com\Total = "1069"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\diariolibre.com\Total = "1032"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\diariolibre.com\Total = "555"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "469"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 50d683c8042ada01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.diariolibre.com\ = "555"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a7aebdf3032ada01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\sidubm.table"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 206c1059362ada01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\es-ES = "es-ES.1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.diariolibre.com\ = "1006"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft Speech HW Voice Activation - English (United States)"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\diariolibre.com\Total = "973"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1077"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = da65eaf9032ada01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.diariolibre.com\ = "176"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Voices\\Tokens\\MSTTS_V110_enUS_DavidM"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.diariolibre.com\ = "1223"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c6f13a7c052ada01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://signin.ebay.com/ws/ebayisapi.dll"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\diariolibre.com\Total = "155"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3171942101-2809460380-3727589934-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Anywhere;Trailing"	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msinfo32.exe

pid process

744 msinfo32.exe
744 msinfo32.exe
Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

4360 MicrosoftEdgeCP.exe
4360 MicrosoftEdgeCP.exe
4360 MicrosoftEdgeCP.exe
4360 MicrosoftEdgeCP.exe
4360 MicrosoftEdgeCP.exe
4360 MicrosoftEdgeCP.exe

pid	process
744	msinfo32.exe
744	msinfo32.exe

pid	process
4360	MicrosoftEdgeCP.exe
4360	MicrosoftEdgeCP.exe
4360	MicrosoftEdgeCP.exe
4360	MicrosoftEdgeCP.exe
4360	MicrosoftEdgeCP.exe
4360	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	pid	process
Token: SeDebugPrivilege	376	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	376	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	376	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	376	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	60	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	60	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

4444 MicrosoftEdge.exe
4360 MicrosoftEdgeCP.exe
376 MicrosoftEdgeCP.exe
4360 MicrosoftEdgeCP.exe
2052 MicrosoftEdgeCP.exe

pid	process
4444	MicrosoftEdge.exe
4360	MicrosoftEdgeCP.exe
376	MicrosoftEdgeCP.exe
4360	MicrosoftEdgeCP.exe
2052	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 28 IoCs

Processes:

Profresca_Factura.exeProfresca_Factura.exeMicrosoftEdgeCP.exe

description	pid	process	target process
PID 4724 wrote to memory of 744	4724	Profresca_Factura.exe	msinfo32.exe
PID 4724 wrote to memory of 744	4724	Profresca_Factura.exe	msinfo32.exe
PID 4724 wrote to memory of 744	4724	Profresca_Factura.exe	msinfo32.exe
PID 4724 wrote to memory of 872	4724	Profresca_Factura.exe	Profresca_Factura.exe
PID 4724 wrote to memory of 872	4724	Profresca_Factura.exe	Profresca_Factura.exe
PID 4724 wrote to memory of 872	4724	Profresca_Factura.exe	Profresca_Factura.exe
PID 4724 wrote to memory of 744	4724	Profresca_Factura.exe	msinfo32.exe
PID 4724 wrote to memory of 744	4724	Profresca_Factura.exe	msinfo32.exe
PID 872 wrote to memory of 1204	872	Profresca_Factura.exe	msinfo32.exe
PID 872 wrote to memory of 1204	872	Profresca_Factura.exe	msinfo32.exe
PID 872 wrote to memory of 1204	872	Profresca_Factura.exe	msinfo32.exe
PID 872 wrote to memory of 1204	872	Profresca_Factura.exe	msinfo32.exe
PID 872 wrote to memory of 1204	872	Profresca_Factura.exe	msinfo32.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4360 wrote to memory of 3868	4360	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Users\Admin\AppData\Local\Temp\Profresca_Factura.exe
"C:\Users\Admin\AppData\Local\Temp\Profresca_Factura.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4724
- C:\windows\syswow64\msinfo32.exe
  C:\windows\syswow64\msinfo32.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:744
- C:\Users\Admin\AppData\Local\Temp\Profresca_Factura.exe
  C:\Users\Admin\AppData\Local\Temp\Profresca_Factura.exe nnchwwghwgehwgewyeywyeywyye
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:872
- - C:\windows\syswow64\msinfo32.exe
    C:\windows\syswow64\msinfo32.exe
    3⤵
    PID:1204

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4892

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s wlidsvc
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:168

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4444

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1364

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4360

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:376

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3868

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:60

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2732

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3412

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

Filesize
26KB

MD5
6f6a6e38715c9b3838f95e03fa0567f3

SHA1
40bffba8deebcfa89ff78591d1697290a8f8145d

SHA256
b1eab91db2cb293c153d0cb5ebf1ac3a9d50ac75d050403e8b9e1ec68881bd5f

SHA512
b1ecc5e8aff711a0ec8aa9d8415e1b26b06bc8e5607f26baba34506c30849b091e2fb3ea7051471000640c869aa9024e09749cbeac5595c16a4806d15f3221c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\77NNKFND\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0K8KIREN\480893689121134[1].js

Filesize
132KB

MD5
b84985d67f37b710d1000e9a0eacb7ae

SHA1
c1b8441aba540f7f631d3920148964b2552f6be5

SHA256
eaf4f826c4a4db17612db4b0747092a4313eb9aafe96f4477b85a8a31525799d

SHA512
ce915e2cc43d6e1733c79ea6e9bfe2958cc23dde873c7c26ff171f2b3fd8bfd782a97bce6aabd35cdcb1beb541955f541d5ec9b2fed2e3e6f3c83b75d44e5166

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0K8KIREN\OneSignalSDK[1].js

Filesize
8KB

MD5
a87c48d211877c49b878679b2e3cdab8

SHA1
e75653dd0156806682e39abe8b1323ed40d840ca

SHA256
4191d89ec03bce5dc273716075335e31851031184b0fff0ab9fc900a8442019f

SHA512
82b86ad20101588be6ea4fa557920144692118665c4b1bbe7742ac293f3326872297adc5c0724e5e47639586471bdbbb7eff090a68fdcd00ebf57f99d6448efb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0K8KIREN\analytics[1].js

Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0K8KIREN\api[1].js

Filesize
850B

MD5
c6229ba9136ec29d2e66c73f7226384c

SHA1
783ad330ba03a36db09e93190a87eaa64bf79483

SHA256
dac86b036b4b73a6fefc6a011cb3f252fdf0ac4f2baf098d36e31e1e7484f19e

SHA512
4aad87315015e07de4ddbd7e2e8aa6f82cc9e23d525655925713d6cb7f55ecf264aa3b4d2ea98df9755520449ca65efc39cfd8db7316fcc0b730316846151530

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0K8KIREN\f[1].txt

Filesize
431KB

MD5
e467c4e3a51dd42aa70edd95ee8f9fa4

SHA1
b49ea27bd5c11267fbd1c6afd39f2be136fdb861

SHA256
c417bdd5756646f7102a004458c6aa90e7a4c7ff04631494f0a9b8099619343d

SHA512
3ebf3c2c50b0c26089edfd9641b6747187024a64ee73e7a546efa8cf4bb78d4cfc569395168462d7dce1bcecfa2fd0c163bdf21c89ee1e05eec849ec5e8c6433

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0K8KIREN\firebase-analytics[1].js

Filesize
22KB

MD5
c0cd2f3a4cc7f7af2a533d5c4eefabb5

SHA1
9e3c649ebece5b24ae5d9b93cbf24715b0a48c0f

SHA256
d29f2257c27098de11362adbeaa38e91ca74239d8b072c4038a6f4a37034f552

SHA512
c5d3f21625e00789bb6a5c6504efef84cf5b60f1071fcbcf97a759bb9b033fcd1daaeb4fde78e1995813709ac9f54f97fc09149b1ece1630b1a6568f2f9ec350

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0K8KIREN\lazyload.min[1].js

Filesize
7KB

MD5
865244108a1e97c36ab020f6c65e95a2

SHA1
47a9c4082f54f9f8042204234539460504ba73e4

SHA256
59fa8dc7ab1d6fe0ec44019c2df58bf70250c712b11ceb13ebbf378cff74419b

SHA512
b9eac1c8a28e3a38d61beaa530a0143ba4bb2f55b4501943155223d5fd138e32992073880d233503228d69f2eb59b5c18d340d3ead8d87391bd6bc17e776c119

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0K8KIREN\recaptcha__es[1].js

Filesize
503KB

MD5
f8d33449db5d5b7edb28fee695065758

SHA1
2705d0622b8cf4e66548544727ff0492fc63dc2b

SHA256
01218618b339f54cf70581b7ad27d30923b0d37aa7a4e6fffe9654ff4d9bf9f2

SHA512
9b1fd911cdc5cde95ac3391d9dd6ce99d6957a9b0aa55046e4361f8522d6f576ea9a1f6eb71aee79897afa41d5537b325fd889b337d75cf6826e435b86fd5238

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0K8KIREN\slick[1].css

Filesize
1KB

MD5
f38b2db10e01b1572732a3191d538707

SHA1
a94a059b3178b4adec09e3281ace2819a30095a4

SHA256
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5

SHA512
c11e283612c11dfeec9a3cb42b8a2acdd5ae99dfabe7ffba40efef0dd6bbe8c5b98ae8383d3eeff3a168124c922097eddd703401ee9ac6122f1ebab09bbf7737

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0K8KIREN\sodar2[1].js

Filesize
16KB

MD5
2cc87e9764aebcbbf36ff2061e6a2793

SHA1
b4f2ffdf4c695aa79f0e63651c18a88729c2407b

SHA256
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

SHA512
4ed31bf4f54eb0666539d6426c851503e15079601a2b7ec7410ebf0f3d1eec6a09f9d79f5cf40106249a710037a36de58105a72d8a909e0cfce872c736cb5e48

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\58XGL0UZ\5d734cc91abe9d6ef2e80ede358affd4[1].js

Filesize
234KB

MD5
5d734cc91abe9d6ef2e80ede358affd4

SHA1
400abcef22dee20f2c8eb2acd6d8d386ce9f2b62

SHA256
a147e4b3858f31500b210adb3ab7fe6deae8b1c4b23ff6b06ccd69671a5326e5

SHA512
ad914dfbe4199c4102c9990ca807e1e32dd6dfa507b278831c6f8f3cb7e6df5ede34137fa6b8bb95343dc74d3d8fdd2ffcbeb6a3e4be22cbfbc4855740ecc210

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\58XGL0UZ\91df96b123f44c535c92784c3b832c4d[1].js

Filesize
104KB

MD5
91df96b123f44c535c92784c3b832c4d

SHA1
dadfb1f5b91f182691427686331e300b06bddab6

SHA256
03fa4ae4cf70387dc56826b09871b36bbde63343d0c1838f39fecb3bcd7eefce

SHA512
c34eab8a99f5d058c6773d58805f80cf37ce1c607aaad63b24eb1b5ff66088e74c109df986325bc5f256022b9f391940bba21e3391463deba0336f9eda13c706

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\58XGL0UZ\Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow[1].js

Filesize
38KB

MD5
509fc31da1611d556288e9efeaac7ffa

SHA1
f41923d59672895d3b295f5630665aadfd08f1c0

SHA256
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

SHA512
1343d77eca31aa1a975f669651f8d7da9ead4164d6c44127f0fe6ab090a1800c95273c608c67ae6c99a3d1670da6ce2e922881c9f5577f71a5dff30daf3fac83

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\58XGL0UZ\beacon.min[1].js

Filesize
22KB

MD5
565eb88b90415391668a5cb7cfb4557a

SHA1
a7d074dfd994f6ed3317551db84b21d3eef10d32

SHA256
b0a16378462c7afcb27d8e14cf50e2cd3a8980af2895d20622640b096920719e

SHA512
6bfedde71653310d0b6aa750ff6149a1fd4d34fff64c1cf07e28aa57e5977d0f4003b4c4e086476dda92d78e69dc09ffabe0f65643ce470ff15e5e0157178a90

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\58XGL0UZ\f[1].txt

Filesize
91KB

MD5
2dcb5756d6491a40df8c50bfb443c1ec

SHA1
2469cdfaf82b85406457989e0c99cf4dfa3ad540

SHA256
4bf4a1bdb667b6a6693e71ddc1ce6739684bd731e4656792148badd0e3327203

SHA512
6c61f780b53ea8869d3b9e817ab7646f30389cfcda9483257e906113e7fe44931d81d98a41c079970f6ef138a379895a52b8a9091afa7975e785488dc558c7ca

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\58XGL0UZ\firebase-app[1].js

Filesize
18KB

MD5
ae04a04ab4e9466f276c47b437d05511

SHA1
56a32882f21ea3fb2052e95426c046f220ea8184

SHA256
6b4a6cd54064047e724feb169b143122d028130888c42197e729e7435677d42a

SHA512
c6fdb38e979a80ef016e7c81eadf24e5a95dbca53d2e0b0e573745effdc1b7ffb82139fe2c00f29ebde5f50b6f2642c2cfb37f992f7aa1e4cf4ca19654f4c739

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\58XGL0UZ\firebase-auth[1].js

Filesize
160KB

MD5
bac02ceaae3098311462d7b2234443e7

SHA1
42c6990ac40e3518672603bc49ccd19bd7aeddf0

SHA256
94923e6bc5a8f914c42253c2785f9cd32f73c81005bbce76d85d38d538ff7af9

SHA512
08d6c1be56d9ed7800c6fd626705d14b462b61bc2d53b05df5bb9d3d6bc3b23870d885f9c0bbb347207d4292a079e2f581e79aef945718da8e82af1e8c379bcf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\58XGL0UZ\lazysizes.min[1].js

Filesize
6KB

MD5
47a1e1741d958418c4634fd8fa81c985

SHA1
d7cbd2ca6ae11988cdf076e2f22017f9e1138a8c

SHA256
8254bfc40b2323024fe8419a154f21354836e89ff07172e43c773fd2ebfb51d5

SHA512
65082d9ff13844bb2e7a95ac84f4503dc169763a6b0629ecb13281edaf10308f87826ce3a18d7c9b8b9c48649007e036810ad108f54d2061dcd7231f94d52f1a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\58XGL0UZ\onesignal[1].js

Filesize
2KB

MD5
c6aa5d43cd13af7dcd4017653ce4efa9

SHA1
35261b52005504060f49f9aa1ed94b188ab478c4

SHA256
174f6514a31934e3b7d25b2072fc0d6e381fac7d71f94bf485fd1c909441fb9c

SHA512
ea688dd30551ff34bba547ca330b3ff5714047b4e5c87d924f950706540852bdc30da3c5b80d7a74e26343d172877701ec4938b577b33634ddf6e89e5e900795

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\58XGL0UZ\tag.min[1].js

Filesize
36KB

MD5
62506fcb5ece91e892379b43bab0509d

SHA1
de1a25454d279fd262faacfbbed282e564577e9d

SHA256
cbe78b5535a5277551718887851e65488ed240de88929b1c0dbd14b712809ffa

SHA512
3f2a5ae8e079816f67c8471240eda00e2e254155c231c358831e3c33731447c57821b62454987f63c153527e4bdbf9621266ea6889076a544743260ffe5f9b3f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BLB9LUFE\api[3].js

Filesize
909B

MD5
5fb720fa001a2c7f28f59d45d5f20a2a

SHA1
56e887243c46842612e6863c8464a7721bd28f36

SHA256
4904de094ad576cb06f9e69ea077c72b9b16ba41b494fe71da089cbe27cfb1c8

SHA512
a819c5072941a2101bdc683ece2353d001a2f9f5b9f799a944143881341f4210bda45268f4ec74e2255f8cf6c78c38a9026a88da2f5de8712d570c7456244800

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BLB9LUFE\chartbeat_mab[1].js

Filesize
23KB

MD5
ceb950b6f7251e26812f9440a391073e

SHA1
920206a4e3d43202f9f59e8cce137d6123664de1

SHA256
cb83af0eec1fb71fb35196225c4a4a8964b7e47b52f9a85679c808907abd2b09

SHA512
b7bbff44677b3ff3aa0ecb9cf70db615f7ff948f3768bb0c77844fd55d44a26a25df00d10b7d3b48e39c8f030404cec00262fc6153f389fcf0f155c186c7b908

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BLB9LUFE\container[1].htm

Filesize
6KB

MD5
6aaaf8e11a32fd37fb419e3a4ce9696c

SHA1
1fd88f2ee4de5422e0c344debefe3f2b5abb2592

SHA256
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

SHA512
748b27bdb7c7fa082d7be6c69f56dc33302105784391320a5cf960531c594097bc406fd3f4690e4cf74f4016f4d56804a4296e9bd885562eb66699e1318f7000

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BLB9LUFE\fbevents[1].js

Filesize
201KB

MD5
9788522169ec68bd3f39cede6dccf02b

SHA1
8d11a22fdaeb3fa6869389ee437943feacd9e8e2

SHA256
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

SHA512
d12f630fd1e0d1027d6082004fb81b49253acafa69b79b4f343f13abb16d8f0e433c2362ac50d14ecc640cb1de6baa38fc0372bdbeb5be5c72bd7120197bd7ce

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BLB9LUFE\ga-audiences[2].gif

Filesize
42B

MD5
d89746888da2d9510b64a9f031eaecd5

SHA1
d5fceb6532643d0d84ffe09c40c481ecdf59e15a

SHA256
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

SHA512
d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BLB9LUFE\gtm[1].js

Filesize
219KB

MD5
953e4f34d2788e96880f39a0715df1aa

SHA1
e4bc50752bfaf9cd5303b957dc5a878627d87ea2

SHA256
81cc30306db7b47a37e68647405021e7fd8a9271e5f30e0e0b3a1d9dcd7a9afc

SHA512
99a181ac7a3b40d5fb773e473dcb2a436e89df9db520919a38003e61faa2627042c2e93f92b1a7b527fd3ccc03529a03c09f460cc248702ae16adadd7eb0fb44

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BLB9LUFE\jquery.min[1].js

Filesize
105KB

MD5
acf808d7985f912de23af3d7663a4179

SHA1
c7c14304c096d547032d6994e4b88a848af51db0

SHA256
5be28e1c4e149d7f1916f6a72eb0af7b91aa25205f5fa206fc0040868e152177

SHA512
d2205fa1d469d59130ed18e912511b36e96e77c3890ac7f7719d6ea171dbe8a52c37b12c3bef987b6a6287e64c069c01b7308cb268b7053d67f86008c5f1d108

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BLB9LUFE\js[1].js

Filesize
261KB

MD5
357ccdf7d915804dcd50d05502a53e05

SHA1
25ff66ad194c44760bbc463c87626af2429e30c9

SHA256
1491d631d97d97d9f21b5e0241f09e788b306b09ab28d898975fcbd76d11d5a8

SHA512
3f371d36b229392a0fb7eb4b571f77476108c21054fe87fee57d02cdad7d93ce9dd84b1b6dba2e0127d8aab0353889f16689a19016b6e1dda9580b1419313717

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BLB9LUFE\portada-lite[2].json

Filesize
29KB

MD5
6d91ae4fff302145a1985e449725d934

SHA1
5a6da9bec3fddd453ac0791b128ea72835d30e57

SHA256
090181740efed948436c636b181b53646e860d93f4dadaa13491fe39ad363a76

SHA512
567ac831226dc137066163be2714fd0c0ed56a6f96082a29cf5ba346442017bc6a860ff476fb2f5584d0b31951353644eb5837f866a00c18fbd7387a48495326

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BLB9LUFE\script[2].js

Filesize
131KB

MD5
fece4c4e83c7baffd2f950b48db14c41

SHA1
4cea77a20c9205f8d7fa8b9efb4d8418a9278162

SHA256
477c3e389eef8c86e238bdc145ad296a65777027799c801adafad72765b4447d

SHA512
9106bd4f58a794466a2db56195c0265bb9e33569bb5685a9e0b5a15860142479fca97c9fac6fcb2d30d7ca55bb2108555caa398ee212c5cca554cbae6af7f1bb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LXJD3OWB\GlosaHeadline-Black[1].woff2

Filesize
41KB

MD5
0e7be69750d6a6483a28cc4d95e4d288

SHA1
7e5e3b974d6d57390c728567c3a9c64c99f50c56

SHA256
5b30e487d0b202774413b2fb969465833dd21c0b325bf3ae85e2b5891eb3c229

SHA512
99bc5e1a016b7f97adc26792a17714ced9b8e2e016c939043318c261601b146be57e7b87d758e4c41bcd63ab5fc080429b194b7fb4f10e8eddd1dcfb8e0748a0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LXJD3OWB\chartbeat[1].js

Filesize
37KB

MD5
bc080f6a89fe2b0b299fc53732c52d86

SHA1
d4a54fcaa3f16601464f8917202d1ca00186e74e

SHA256
2241d391f10f461a915b6ef47bc0c8103bf0e7289aff47e1bcfed5ff2a84d119

SHA512
56d0103528870e5f60c0042b86ae346713ca767497bc184bd3e4534ae907eee3af263540b7dfeb84013679e5a2c07f2a523e990a880d7f709d3d682163eeac08

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LXJD3OWB\core-midlv3[1].js

Filesize
87KB

MD5
295b35196428c47b17ad584dfc9ced06

SHA1
832b465222be629881ddc36e5f6b1cb195185297

SHA256
3fefb4b6970910b61ad08fafda01e3dcc8ee14ec6e64ae66060e28539bb86076

SHA512
1709f4cc0d5c3e2ca59f200b7845ff5fbe47dee981d0e16d4321b1557a13731c2e653eee45e1a42cf654f7c6c1662a068a8537ec49d89eee845ba4b37cc141aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LXJD3OWB\firebase-firestore[1].js

Filesize
369KB

MD5
55bf9ea6a9fbb6f2d4f93686457096e0

SHA1
90a1998aeaa0899e8abf163fb27a91cff70cd073

SHA256
a593c6ed1492c53212dbef4090b4cf8539be068af0c9666fa37cf7d99879bb88

SHA512
ffe7fcebfdac16c7be9d1f2d7aa9f79b3e2d84618d87c879b54536293c6a6f86306f3c3286c6d56d41afc16c2386da4fdbc8e8ad73ce4d64cd1dbed2f8c44242

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LXJD3OWB\ls.unveilhooks[1].js

Filesize
1KB

MD5
f489117ce79e4de480faa5dc1ddfcb8d

SHA1
637a348ef7fe4b27048a61501ca34d6bab8ed315

SHA256
ac23413c3c52e976bb98ed2a92c94586828b7cdf95dc47772ce287ee92b84291

SHA512
d0fead041d4a67d152e5abb88dae5ed9c9decc3d07848502d641da0589391807ebc0db8f01c9206d683b10205104330846e42545cd1082c5dd9f59bc0787520d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LXJD3OWB\ping[1].gif

Filesize
43B

MD5
ad4b0f606e0f8465bc4c4c170b37e1a3

SHA1
50b30fd5f87c85fe5cba2635cb83316ca71250d7

SHA256
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

SHA512
ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LXJD3OWB\portadav6[1].js

Filesize
5KB

MD5
19de4bf34d5ee485a574d9fc99991ea2

SHA1
5f22b389070efac5fa05cca8f847f2eec2c9d953

SHA256
e329613b3ed858d72d6a6d487faf5911b69516db891fe633cbceff6f3e012570

SHA512
bb168c191c7f3059d00e487a0a5008f3fb0abc3ac677879d02ac301f3c4050c1538ce7748b18a34d6fa7c04a5b27b2da418e0831f6a6c1810b2b400411dfc295

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LXJD3OWB\runner[1].htm

Filesize
12KB

MD5
1d3d22df067f5219073f9c0fabb74fdd

SHA1
d5c226022639323d93946df3571404116041e588

SHA256
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

SHA512
0b6b13b576e8cc05bd85b275631879875a5dbcb70fd78e6c93b259317ed6fd5d886f37d0cc6e099c3d3a8b66fea2a4c2c631eb5548c1ab2cd7cb5fa4d41ea769

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LXJD3OWB\slick.min[1].js

Filesize
41KB

MD5
d5a61c749e44e47159af8a6579dda121

SHA1
3b41b3bc956685015a347a2238e71db29dfa0dbb

SHA256
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740

SHA512
5ed98cb4311c373da3ede92bb47bce551e22c30683ea8fc55097baf99abe1e0702b24de48f8b9241047cc1e4364158f5a343e4e8fc182e8866db4e99ccd7ee6e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\D2ZQ54KE\www.google[1].xml

Filesize
90B

MD5
519ce6be7afee1be7b26c1212c047703

SHA1
3e4c55e08d86dd62b0fff7cd97aa7e0da6255555

SHA256
fb3bd7011dc1bf07c676de696b7ddf4e98cc7208892b22ee3b0382f88c74ec83

SHA512
0d3a149ee9cb7f420a43a84412727c8fd98898868891a0abf2c995cb51ba423bd257df344a7374d689baeab07e783debffb7cc24cd7aca91f01cc4d7dbfb6cce

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
1KB

MD5
5958b4a842fc0d6e8d3df340d310ba8f

SHA1
e13cb02ad6a74d7ef4fb5dae6b504e7acfc68fe2

SHA256
ca9a34b4a90f6078b780188d026e1c200efcd558832d8c2c9c444b75ea05292b

SHA512
958be4ac287a76a7e6a6eb6a3aed2fec625ad33fbee5a25b1cd1221a9754c3f51214eb23c49c551c6d16ff982e61f0b90c4e18f9ca625cfe73f6f74bbce8ee2d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
395B

MD5
a6d2ded7b0d42db9ce65e8da8f4341e1

SHA1
f77a21b3d148c424e6497f3c63ce306d9b58eec4

SHA256
e6b754172be9c95e18a16d3cdd4ac59ed4fe7fb0933d86bf251222a6b826738a

SHA512
71ab122d04a067ce25d5e3587f90758eb7f8aae1d2cccd24993723f1841031efcc54ec8ab1add27a7f3de366ec931ea4133414c211e1913e4ef68683274ee91d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
942B

MD5
ad7ea37c50ceebe9e55e61bd201635bb

SHA1
ab083bd8536d1088690b710f8abb6034216e4f01

SHA256
6cd482974fa7e7620e7c1c43d90b78ab12bfec5ed31fe819468220a021861e6a

SHA512
b716f4d1990b87c484fc5108494e88b3c4815b0ad1d5eb97779a1cfb5d3dc711e5dd20142f8580cf4ea6a4495f9466116a161bd70f9a04173d62e3902b476fe0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
3KB

MD5
f78f8c2b9e7aceb6da87bf074bd0541b

SHA1
facda6eb984b153c357a89741b9d5bc0953aa9d8

SHA256
3d36cca99277863b7d188bfd0a8500aa8049b104433e1ba4424d5e15e7022a28

SHA512
3f6429faae984d40e15b001e2f9cee4a5c871f5638b1ed4814109e34e89934b93afb0a19c93c25fd42a5fe694ea477bf18295a28d3f88a9276d87e01d107d3c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
3KB

MD5
f78f8c2b9e7aceb6da87bf074bd0541b

SHA1
facda6eb984b153c357a89741b9d5bc0953aa9d8

SHA256
3d36cca99277863b7d188bfd0a8500aa8049b104433e1ba4424d5e15e7022a28

SHA512
3f6429faae984d40e15b001e2f9cee4a5c871f5638b1ed4814109e34e89934b93afb0a19c93c25fd42a5fe694ea477bf18295a28d3f88a9276d87e01d107d3c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
08962b9793530e12a51a925c599e0cee

SHA1
bf0ad71b15372cf4b019c983e32d5468c2c3e75a

SHA256
27cb6ff164021613e33e166977f82be7ef9fee93e4b52c39846be17f23195333

SHA512
11149e278dbe0433e55690911a4eff5c41f59de3c8c77083eba79215e6031f7babb27bbcf460a29e296dc50a4339ae342e79a94391e85e3fe4cb0eaf0b90f7f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
cc7c1f8ae6d53241f8e17c70b214063f

SHA1
8809ca33f1ddfa4a23442cc1b4bf583cfd95067a

SHA256
2fbb1f528d5cce461753c69441f791009015ef6ee2c3932d38e67aae13b8815c

SHA512
97639535400a1386efbcdeef3e8b9d745eae6337dfc855363e568775c07d06d40cc488da30abd50caf56e3140fe9b5966e7baff803ccf16c8637c3bdb1f7a88f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
1KB

MD5
2b7c208d6347e8b3ef3dc86a60e6681e

SHA1
1a41fc9bea817ca26c89c39aeae95b2bfc9a8256

SHA256
4e0b145828a0def71a9a7a2591e5c18a54a831f2f47cbfa0603bc1b3bacfd50f

SHA512
69c2f4a0f92d11eb3e3df6c61dcad481b4e427727511e19e60ddd227145533b702e3a89a63242276ca7a2a97ed02944599de940680ce637f9b44cf935dfbe260

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
1KB

MD5
2b7c208d6347e8b3ef3dc86a60e6681e

SHA1
1a41fc9bea817ca26c89c39aeae95b2bfc9a8256

SHA256
4e0b145828a0def71a9a7a2591e5c18a54a831f2f47cbfa0603bc1b3bacfd50f

SHA512
69c2f4a0f92d11eb3e3df6c61dcad481b4e427727511e19e60ddd227145533b702e3a89a63242276ca7a2a97ed02944599de940680ce637f9b44cf935dfbe260

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
3ab952bf7ce8d9d74fbe1929e5ab2b41

SHA1
1c28ada990d3c302d9b47af284917fe5f0b75065

SHA256
57e9f70fc39ddfa53a3d5b456caeffdfc9c4df9a1b44a0cb0edb353958ba89ee

SHA512
4e97389d7f2b6ca6eba383930adf8991fccde3b1ca7575f31992f97b048adfb175f40888079580a9f60762389ad344f31f7a2cfefd4ddaca9b5b7eb6b3da484a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
20218d5c174152324a91fe0a4bef0c97

SHA1
497a04b47c10ec3c0dd96e17e2d3e91d1dd7ac02

SHA256
4364ae0af4dcffb341e0e0955d901fc754ce8a324deea1793ec6dea21914d5f0

SHA512
47ab0d6be4ccc906f758f2cf7a0c58dfec9ca5405ae4b18c19f62474d1e91cd431da9d382a8d2f556ccdbed7e458edcda89267e41865dc7f4f69188ab33a84ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
1KB

MD5
564dea11c89e8dc7aeebec0e9002dcb8

SHA1
110d3922be1f599652315cdeb3013faf24545c26

SHA256
f9895bab77cd1fb9e4141cb42291b69451e1f50fd133faa372693ed639153848

SHA512
4592dde85a020b51493d0663cd21dc6a6bc7a156174c86a2c2d0f7b01e4e23f58160755a4ccdc72c030f385f0bfec2fffe1e236008fa2b078f9187dedb824ee1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
33afd3ac5d5ed396d4e72d96f1368246

SHA1
4767d5c48f9ece73fb3052ee30c05bc503a09252

SHA256
b1369974459a741da81a6cc270b9b308a2903ab1a89df1d07f0833f28aa06b2b

SHA512
3c0923a8fe9fe39de7962217bffbad38a9df69338f9ae3a52f4865f6140d84acb2d299293bd2a249280e594819d144e23bd6d1d57e62eb9b5f9617c8f1b6920e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
dc0390b89ea7353e8e371eba5473021c

SHA1
6707acb4d98a7da369beaa79c332a46deb5fad14

SHA256
4dc7591ffad80e5d8d56dd2cfc17ed889e4356b288cf071683b240db583cf059

SHA512
b37f1eb5ba52ca2208f518b7c390d518bb85be3c01df5061e567893726285ce63f4a48518323f0631544cef63d6e30b4ffd9272d1c08a99a4d6a01278ae35dde

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
5644a10d2f8cf51a3e6c47a6f6c19321

SHA1
ee9c411dc4226f897cb9744bdc4d297671088412

SHA256
899c7c3635b7a9e788f2caf51cdd1374546f50e39631d6e7f744059f9947f73e

SHA512
43c216f37aae36258c3125d1bd645441616ac65e6431ac4cf7049e33efdc6eb63f127b32329884570a25c2f22dcd35eafc6484eb4b6b369dfda0eb85256c1491

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
79eb87d999aa6df6e0f9728a53d27f9f

SHA1
cfb28695fb2f495e4e22ac5c5169352caefe1b45

SHA256
8de75fc783b7d5b48a4877b6a80c0bbae8d19fc5ce3f5df8576f25d6af8d8706

SHA512
773e2278212e3c41bccf4cd4a7646fd0e4ef403ed660e4d5c6fd670a7e5a389a4d3c7be501eb14ada53632926c4a2b5c501cfd74646924c3abd93b4449f49b3f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
1KB

MD5
5ab55cf203c5e31c1f9b9ed73661725c

SHA1
da9764d1af9ef3e8441c4c78e3623e5941a27a90

SHA256
3e14d0787f6ff5a2a529422a9d737c3badd29a466f4ece56166cc1b066cc5faf

SHA512
b8add6fb101024166357df7b618e91657fd287d595e715f13f9e6dc44314c1da695cee540e8dc625bbd3dd99a9f241e869c8fa8bd636b743e7614fb1c63620a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
1KB

MD5
17f6338597899f6373b3351f1c59eece

SHA1
1dbaa01d8c3646f5157b681af9b0a0c3e5a7f8af

SHA256
eb9065be3a9811cc5e3131d37326d3b9b4c2eb57f08960f1a9d830ad8257a83c

SHA512
042acf19042fbc7a9c58f362f43933af88f70f76c0a01504ce849ffc4d6d8398f4869157d295870ca86b1cadcfa1934230748b216cadda06bd7ce44c0008d0bd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
1KB

MD5
f8f0e21bdaff6c82a4bc1aefbfbc3fbd

SHA1
9607833ab1082991240a2c5d477db76a98233076

SHA256
e913a116de6723eac978cad5cd59031201270f79edadf9a51f92ec4a336e767a

SHA512
3d684385357e5291bd33d12592f8c9f6433808e38ca5a7acc8642af1fb4fe380471d1f1713a39f3dcd0090f9a19769abb69a140311296ac8575c648b994fbebd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
aeaccd38d6bdb9b2c9921a7a0a609536

SHA1
8faf4e982b9796f8239414ff0743867e6f0e36f8

SHA256
05b99bff04e2d29463dfa7bc8ec39fbabf2f2ad20d242b57ce79f430bbae700a

SHA512
a535b2a70fccc2fbd5903c561a8e05fec6b6ff4496b45cb9b26a198ec560a6d5ef57216e9294a1827236f84d036b6ffbed19a7df559b6bb1140887c30c1cd0b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
925f1f49f56c6fcad2e759b049aeed12

SHA1
6139206c11e3b6249e6289d51d8e7bf5dedcdc06

SHA256
92de3e31e3cbe6152b62d7cc96ce2113fd492db50dd3aefc9805359a415030c7

SHA512
51ce3bdef0d15b3f07c4fa705db02178e51dfbb14881f8b1a813a4b9b5289ae1768a888111a69bbe13af58c8ad031e29f308129d14cc06a57f40355108e5fb23

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
e47b02ef51aaee9d2b836582a161d221

SHA1
1fc20bdd2fe4698b9ff41563f030eea6179d36c8

SHA256
4f603af96434703ce7dd2ee49414a09efadbb0107fcd7a52e3604f3456ab1fd6

SHA512
2ac2e6719ece0f69c14ac4db20b52db6bc488114aeb7de715b87e26e42ae4f968a28ea439bc9c851979042763ab4df61e6811ee3e10091bb7bff60960ba95f62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
fc3da8fa6974189a9b0f682ac541ab55

SHA1
1ffc0721f7a8b155d49e3326285666cdff605de2

SHA256
d83f1c1b6b83918ac6c6d22d2e7c1dd047ac9badb5aef927b30bbd03910ae4f2

SHA512
618c9dc9241c7bbeb1dbaa8be2fbc881db2d901a28fab028ae6c3fd53995eca930b8126ea9ed9f6b44a269e0419b40a2a927bcaaf40c296fd76a76eb0b464b8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
fc3da8fa6974189a9b0f682ac541ab55

SHA1
1ffc0721f7a8b155d49e3326285666cdff605de2

SHA256
d83f1c1b6b83918ac6c6d22d2e7c1dd047ac9badb5aef927b30bbd03910ae4f2

SHA512
618c9dc9241c7bbeb1dbaa8be2fbc881db2d901a28fab028ae6c3fd53995eca930b8126ea9ed9f6b44a269e0419b40a2a927bcaaf40c296fd76a76eb0b464b8d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
2KB

MD5
e43955028ea0fb5c3822bd940aef2b2e

SHA1
68054e823bb13c62785705b3ffbf89b70dcef29c

SHA256
d17e4541e4ed805065946fbe97742d11f3b7ad489f5ec6c7733741a1830675ed

SHA512
32aaf00bb038b7b4055b32c40f9bdfd50ccc50fbfc650eb681948973854c757e180eb712b2bdb7f25222c3d628bf86bb8aff08b1797e0651f40500805d424bea

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SGGDC0WN\www.diariolibre[1].xml

Filesize
1KB

MD5
ce23b2a7754935a35f6bfcb7f2f38325

SHA1
aac7f8b1986379ea0b99d333afd616412455b97e

SHA256
127eb0427bb62620c02087a7f6314553a6b04efc646254d78635e6644eb45fc1

SHA512
5371925203b4382cd32fa2bf7b6798c3e933ef10493a139021ff5ad46a30a7c0c2b943b77fd4fa8cbc099ad00a6ce3b67164d1ba9d67ce4b730ec28def100ef0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\OMCYRD4Q\www.bing[1].xml

Filesize
1KB

MD5
35db179352686f19bf72d6e18651b86f

SHA1
d6af11f2331348e9783897346826ea9d954d3043

SHA256
e783652989bc47beaf5d10b746d8a7929cb2985b7767a6880958678dc4aa2f35

SHA512
9c32dba2dbf80610d205d3896a2c7121ccb62ac860a49d3d86bdb8979129ca86f689847f9f270bce464dc4b1b63a7850202d6a211f221323bbcb3e418c07c4e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\J8YIDGNJ\favicon36x36[1].png

Filesize
2KB

MD5
8e5751e12b6ea05ee55c5f1b4c97d119

SHA1
9cd26d706150bd53cc80776aac2e4bf338607345

SHA256
90fc41b1757094441e7649fcc7abe9db080dba39f68e563e9c115a2ac450b1ae

SHA512
155b5b989a9421758fb9b37858f2e224dd5b39c4bc15b99f34f09e734515ee0e58baf9992d0c4bf35f472894aa52edeb4fe80b852865789bf5f329d94b42c1b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NDKLX30Q\suggestions[1].es-ES

Filesize
18KB

MD5
e2749896090665aeb9b29bce1a591a75

SHA1
59e05283e04c6c0252d2b75d5141ba62d73e9df9

SHA256
d428ea8ca335c7cccf1e1564554d81b52fb5a1f20617aa99136cacf73354e0b7

SHA512
c750e9ccb30c45e2c4844df384ee9b02b81aa4c8e576197c0811910a63376a7d60e68f964dad858ff0e46a8fd0952ddaf19c8f79f3fd05cefd7dbf2c043d52c5

Download Submit
memory/744-14-0x0000000013140000-0x0000000014DFC000-memory.dmp

Filesize
28.7MB

Download
memory/744-15-0x0000000013140000-0x0000000014DFC000-memory.dmp

Filesize
28.7MB

Download
memory/744-19-0x0000000013140000-0x0000000014DFC000-memory.dmp

Filesize
28.7MB

Download
memory/744-16-0x0000000013140000-0x0000000014DFC000-memory.dmp

Filesize
28.7MB

Download
memory/744-20-0x0000000013140000-0x0000000014DFC000-memory.dmp

Filesize
28.7MB

Download
memory/744-24-0x0000000013140000-0x0000000014DFC000-memory.dmp

Filesize
28.7MB

Download
memory/744-31-0x0000000013140000-0x0000000014DFC000-memory.dmp

Filesize
28.7MB

Download
memory/744-18-0x0000000013140000-0x0000000014DFC000-memory.dmp

Filesize
28.7MB

Download
memory/744-17-0x0000000013140000-0x0000000014DFC000-memory.dmp

Filesize
28.7MB

Download
memory/744-22-0x0000000013140000-0x0000000014DFC000-memory.dmp

Filesize
28.7MB

Download
memory/872-13-0x0000000001620000-0x0000000001621000-memory.dmp

Filesize
4KB

Download
memory/872-32-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/872-55-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/872-46-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/872-48-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/872-44-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/872-30-0x0000000001620000-0x0000000001621000-memory.dmp

Filesize
4KB

Download
memory/872-28-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/872-26-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/1204-53-0x0000000013140000-0x0000000014DFC000-memory.dmp

Filesize
28.7MB

Download
memory/1204-59-0x0000000013140000-0x0000000014DFC000-memory.dmp

Filesize
28.7MB

Download
memory/4724-3-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/4724-1-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/4724-41-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/4724-2-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/4724-4-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/4724-10-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/4724-11-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/4724-12-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download
memory/4724-0-0x0000000001450000-0x0000000001451000-memory.dmp

Filesize
4KB

Download
memory/4724-25-0x0000000000400000-0x00000000013A8000-memory.dmp

Filesize
15.7MB

Download