hxxps://github[.]com/GitSumBitches/RR-Menu/blob/main/RR-Menu[.]zip

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/GitSumBitches/RR-Menu/blob/main/RR-Menu.zip

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
3300	msedge.exe
3300	msedge.exe
3048	identity_helper.exe
3048	identity_helper.exe
3408	msedge.exe
3408	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3980	OpenWith.exe
3980	OpenWith.exe
3980	OpenWith.exe
3980	OpenWith.exe
3980	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 3960	3300	msedge.exe	31
PID 3300 wrote to memory of 3960	3300	msedge.exe	31
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4496	3300	msedge.exe	84
PID 3300 wrote to memory of 4912	3300	msedge.exe	82
PID 3300 wrote to memory of 4912	3300	msedge.exe	82
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83
PID 3300 wrote to memory of 4060	3300	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/GitSumBitches/RR-Menu/blob/main/RR-Menu.zip
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3f1946f8,0x7ffb3f194708,0x7ffb3f194718
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,8250383065089004540,16698993803711439635,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:396

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\49d88b57-8bbb-41d2-9152-50dad46d3bcc.tmp

Filesize
5KB

MD5
ca4559ec167162707d830816d145964f

SHA1
97eff8f7e13716b466e761562574e6d2efbc9833

SHA256
8d6a57dca4155225df6af79afdf011671c595d36d545ea9675105cfc2d1416b8

SHA512
1d6b9b5373408ce80618ec1e197b8316939dde20cdc8441181300e4d8b0dce3dc45730cf658f12e3cc4ad183ca63ef2c974d86559d5a0ea5e404a9074cef7cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
160e77e5f1d7c00bb0301e0f1adf7a98

SHA1
bcd5f27e4cbecac67f6e58a30c92478c1c36cf01

SHA256
da2762e2c032fcbc6a1f656b9bb47f3673bbb88f7c60521f3710f2deec184747

SHA512
cfc1a5b8f94ca8f2f3e44233b0b90032dc13acec0adc49e0cb822e9724cb66ecb8e0bf14bcd1bb7229385ae671b2842b973e96b7205db62d5df8ca10e22d56e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
454e7cd4fbb0751ffa354ec86870a258

SHA1
716d6739a2a278446c3e9c16cb72d996d042bc89

SHA256
9cbad050449dd86a473ca97a90c4b4f6076f3174f52ae515de52cb4793f3d5ca

SHA512
83e6e36c576ef32a555d6a6e3ed9fe4ad51d7681bbfcc6421c29b15cadb0bcc918e4a9d6388ca0e1a1ca750830164ef64ca8015d07a0a2b8ec81fb17c5bc6f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
10403c2aedc5108d809a7f2c919d5ef8

SHA1
98174c6f286ea01e0bb61d3a729240f18c92ddd8

SHA256
5b2cea10440f6f08e9ff132aa806f7ff9934f3cd39c554556f39772d91898d6a

SHA512
96cf4fdc29b4c026a993c5b4d375ef44074d61e0fd9cb0d87d7858eb9dc0f0672c1dd3370148779f4b850a7872f0f368df2d41cd9af56257c2b4fde507899d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
857b206127cef5399bb178069c177369

SHA1
c9547e5fcc82c0cdf1299bbca13391a967af28f4

SHA256
0ef2455124072ec5867e82abdf6379f0e6d15434dab64e4578acb0256085e043

SHA512
ff83dd19aa461c497241054793cf61b3865dccf97ebe9c1e77bbbf0403149b091d93168fcd18671b029c7db5e6580091973d1bfa5776e75f8182b6732eeaf9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
29213338df67d29d6454ee5d61ad3970

SHA1
8c69ca76a2e639060d5ce835a9600e6ea3764a83

SHA256
d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51

SHA512
14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b804f5307f8243612fa5cc2afd2aa479

SHA1
9a24252c7ef84b6fdf06acaa81ef3c42d69ad8d2

SHA256
03b39a1044d2a9dd58c60b66a9720047b17ec906b9247706d9c79203dedaa058

SHA512
5104c2c011c7a496ae8e7368f44ea0a25554bf99a1cffdf989275a7da1d7c31a23700ac3327971a27a03f7a1b9640afdcf744b1ad2ab9c6f86d110570dd123c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bfe5.TMP

Filesize
864B

MD5
21eee03824df0fd14823f4021dcf8068

SHA1
2b5c65b14c6a26fe19a7c732652f1f2861121425

SHA256
789b672198c606a75a96c011df253302feb0feed0d79dee2f55c996bf885e0be

SHA512
78b5ebd6e8226e35d6b25796c87062c41af7d78404559934236fbe1c9397f179bef126ef9159c115f67f1d77d59d2876cdf828c661ac3facb5cb12c34a7484c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
9d7489341d3ef373ce7c448e13d5d41a

SHA1
ccca0cc4589457754c7d0ea085c104be0fcbe077

SHA256
4ab5ea9c674330eee78052171c3faf0dc5f011b423f800406b90d13398306e8d

SHA512
3c6de39e1d14500b2473fcf0563e323de01777c4d59ec4f6f51f04f1c3a5217e2bf8349880fa5d6f3f2ceaa34ce0414d3c3ac94548f34d9abc9c63b0f6c605f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a362b0c1ecba63d15c44be938ded9ebc

SHA1
f8b4be8427e77c459e72099745a1682ecd5aa5d9

SHA256
22d99d3d16fa6cfa4a49b0960e0d4def4fca844ed0c3a225272c9ea6098c1fc3

SHA512
27011da405ac7c3249f58f9359d416768044d173b8ec38e7a6f2d363643ceeac729ed68c8f8871aa8ac0a00bc575c946f4595e9cd523c44a7e86989ac5cee455

Download Submit
C:\Users\Admin\Downloads\RR-Menu.zip

Filesize
14.2MB

MD5
19a1ec98494d88a4e3acecde225932a0

SHA1
4e6cc96674040663b1910b704ae1f32edd960f5e

SHA256
7dc70f78e55ab4091ba2e00ca946d0168a43fb1030e2dd92fe156a87c59199d5

SHA512
1771d20304b1a89d6c1fc1a843a0b235ab9db2d9100cba69b36c96a88fa39b9b11b199aa7cf5f19099f177a587329ea40a4b8222abc16cc942ab71b8161465fc

Download Submit