hxxps://github[.]com/riosoftwareofficial/Rio/

Analysis

max time kernel
106s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/riosoftwareofficial/Rio/

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
32	raw.githubusercontent.com
33	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4564	msedge.exe
4564	msedge.exe
2648	msedge.exe
2648	msedge.exe
4476	identity_helper.exe
4476	identity_helper.exe
5456	msedge.exe
5456	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 3756	2648	msedge.exe	85
PID 2648 wrote to memory of 3756	2648	msedge.exe	85
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 2244	2648	msedge.exe	86
PID 2648 wrote to memory of 4564	2648	msedge.exe	87
PID 2648 wrote to memory of 4564	2648	msedge.exe	87
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88
PID 2648 wrote to memory of 2216	2648	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/riosoftwareofficial/Rio/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0dd46f8,0x7ff8c0dd4708,0x7ff8c0dd4718
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2208,2487634484695095110,12917257262927905159,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Temp1_RioInstaller.zip\RioInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_RioInstaller.zip\RioInstaller.exe"
1⤵
PID:5956

C:\Users\Admin\Documents\RioInstaller\RioInstaller.exe
"C:\Users\Admin\Documents\RioInstaller\RioInstaller.exe"
1⤵
PID:5404

C:\Users\Admin\Documents\RioInstaller\RioInstaller.exe
"C:\Users\Admin\Documents\RioInstaller\RioInstaller.exe"
1⤵
PID:3628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d70eee1412c162644b6e9ff8fa6d4a9a

SHA1
289b7f0a35cb0ec68e114aa26eb2863231b3231d

SHA256
3b752c3831b1067cea646fd994a153cf9673b7914ae0d685a7bf863881f17b4a

SHA512
784cf441c57e7bed3f75f4ccbd25db9c8d73b6daaa8bc37cf30b2aeebc48a7cb7b0d451bfaff20cb2f9076504751ed76018d7602343b6444d2ef7f6a2d0f8bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
656B

MD5
c39a8374436fbb6d1fe78100e67d2e56

SHA1
b7cdf242da7a4ea9c9f5d6eb636a820342b60058

SHA256
bf6af2a678b609e9ee581f7dec69c170d3e535c2843f2d7584bf723e6a283438

SHA512
63f35ec1646ba66334351a9cb5688f8d499fe7202539dfb8773f592dcc8ccce10798ef0afc240620a5f730d9d5aa9f03fe979730d45caed9e87f58d7138a5970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e3e4e8cda40a6d226c28171457e6bddc

SHA1
718a7bb9c8cdc8da899352206ac9815958a47fa7

SHA256
9533c97ebbc0a92eca8409ed144540d62e62eccd7999f61d9d1eb182bc847b4d

SHA512
866fa46d73c8fa9f4597d55c546ceaa0f3448b1cc8e57f1367b9d700ed5657c164d2e699c7b184fb623a44c425f3c90003207ecfb07918abfb5213720626b2f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1f111a94cb9469b317d9fd6c83f616e

SHA1
acfe59ac3d89c3341486ba54445c5f8182d44fe6

SHA256
ca1125f03f7accffc6f7f6d1be2876de64b2d4dd7c05608f6da9c9fcf75e0778

SHA512
e8071fd438121b86a13e6ab33f30302c7152e752b00fe4d33894c78e501221f03b56692e480e43889c0e6d680f2eb63cc13fc36353c208a0e179d7f57ea756ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ffbf4ef5f426d790e0027009de2c0697

SHA1
fccd6c02385ba278296f41205a931b8851dc0269

SHA256
dc14c17809ffedb7a91cb9541cba408660f9e67686b64eb2293c360096fa8abb

SHA512
53d5f4bac5497ddd9dce0d447b854ef2c692b75c4eb69f2fd06572af8dcdda630fb342aac49b585eef340cf8efcfcf2d5236cae5e5eee5dddffc51ce9e60165a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35c1c548ced74ac5b0ef790b1996bb93

SHA1
4be8a0f5c0e809a526152b305ba0c2ebe170dd2c

SHA256
1312e74179433b7fd0f717b8ed483d28701c73864ec3234fe8d86e980130ef98

SHA512
83aed64888a22c70dda52a9633ccee8ab53e49e3f1ed0ea3f7b2adfef19327f98e1ee8009a3a0479de0f6b00599264e4f0f02a32c595ffdde4ec1607f96bf37c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b2ae7bd04b36a09b9749458ea2764b5

SHA1
ee2c64d0befcaa89ca1248b577ffb2553e72741f

SHA256
e9d58d297257138a34c13ed376a9243c7de0a0813d2a04fd36b6fad06133414d

SHA512
8f7676f57298ca3d4fccf7b6299d1da921a6f74c104758dc0a332dcb71306d8864295b54c9f41be5ef8046dff96b586db5d07d2279e20c3d463d8605d64ce865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
33d3da71ca1e45ec010d03a04cfed4cd

SHA1
dd639333660dbdaa250c65b30a682617fb1d36e2

SHA256
45bb8812ef712a02b7b84c930c919544862d26f96868a7f57bcb25918a8048ea

SHA512
2485c099c8005b8882cda13ec9002b1193e77cc4214f0a16e253d7380a878ecad36116646c149cb6603b4ee1a6fcb46cac5546758674908f6f01cf949967bb6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e280.TMP

Filesize
1KB

MD5
2d163bbd506e6de4fa0f4a6de4ba1e18

SHA1
a4b217fbc4c531f84a0d6bea3346944db1d6a1ef

SHA256
d9fb94846a9584b3b15a8dc4e2cb13000be30053f302003ebaeae40045d13cde

SHA512
49a4d1e5e9ebc1149e250c3ca025488b5cb5f9b78610adbb11d568209573255069f05a174b1b7532fa04ab69e22f536ed59a5cbd5656baad183a7bcaec502bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
887034c75804c05a2f7c0ab4b1f7d8eb

SHA1
aa7689a8e3b325f61ca0d0ff09413b16c0e5b992

SHA256
23523157897c71f146c4f8bf72858aa4fcd7cb1a97baa4bbbb366102937d2522

SHA512
61eeb17c727bbd2942aa8a583dac5546e90fc7fbdfd484558b3061039ff3e5e82b31e3ee0114f92f405338f8401de24b0283afe929c73378f9b7301f9390cb72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ed237db5318dc496cc79d7d45cae381e

SHA1
cdf678b48fa9d682540659920f90f5f54e76663d

SHA256
615e66f7aa5099da6b4f7cac0e980e14f771e052e63b7e218e0149a89a70b3cd

SHA512
b7dd9d89f9f842a3ca9b16b64dffb93b371b408eb002e442fafb6c9e59b9a3533e27a793e3125f1eea7f21181feb158d0c1afba4be1aab2709b4b9f2f6406eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3cb74aaef6134d3b40c6c084bcf60ced

SHA1
cf67ec0cc9b14740550cfd4c4b7379263ed8af8c

SHA256
24e36740a53080e449b88a4917236cd71a9198f47d315ee8bec990793a6fb03a

SHA512
066f403fb2bc0a9f8951b7a5760d4aa3635e09f888b8c5eb2c33f45fa6c35714fe9521e5873acab2b404be466c146fbeffafc0236011fe1085f4c2d85d92961e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bbedd99e314ed81ca20f03ada92d8308

SHA1
dc2c89df08ed633773d9ec36515f62703df0bd58

SHA256
0a6045cbcfb4bbd77826e4324795287600710be9df0a032e35f3512b155d412a

SHA512
ef44d98d43cdb6b68c5901e7ac3f6b8a866ab8fc1c26f22df6325ef5d9b1fb525d80997bd2c8ae12155f41e09d225588569099d8035d71fb5f829dead969742a

Download Submit
C:\Users\Admin\Downloads\Rio-main.zip

Filesize
664KB

MD5
80ba9b56e7072c8fa8b541edce8ac0fe

SHA1
99145a1e76fb55e8195d13c33bfe011f91eab078

SHA256
2560cb9b3259ad804d1b39fbb22fb77af27969ce07051bc9cc3d68d45beef38f

SHA512
d4db6b5b805b60556b1c0bf740064e1dca5ac87c27062fe4a3d4dc5dc60dee4ba7927542a62c4632f5519938263a5477f2b40137a864842a237dc0bca469738a

Download Submit