hxxps://steamcommunity[.]com/app/2972800

Analysis

max time kernel
344s
max time network
330s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2024 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunity.com/app/2972800

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	215	https://www.patreon.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8eb4bbd10cf0bef5	3

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Roommate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Roommate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Roommate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Roommate.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3016	msedge.exe
3016	msedge.exe
4972	msedge.exe
4972	msedge.exe
2464	identity_helper.exe
2464	identity_helper.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
4252	msedge.exe
4252	msedge.exe
2992	msedge.exe
2992	msedge.exe
3132	msedge.exe
3132	msedge.exe
2480	identity_helper.exe
2480	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1240	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1240	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1048	Roommate.exe
1048	Roommate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 4692	4972	msedge.exe	85
PID 4972 wrote to memory of 4692	4972	msedge.exe	85
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3112	4972	msedge.exe	86
PID 4972 wrote to memory of 3016	4972	msedge.exe	87
PID 4972 wrote to memory of 3016	4972	msedge.exe	87
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88
PID 4972 wrote to memory of 1872	4972	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamcommunity.com/app/2972800
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcff346f8,0x7ffdcff34708,0x7ffdcff34718
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=904 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,10841513491527358771,4507130045672456481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2764

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4832

C:\Users\Admin\Downloads\my-femboy-roommate-win-linux\Roommate-Demo-pc\Roommate.exe
"C:\Users\Admin\Downloads\my-femboy-roommate-win-linux\Roommate-Demo-pc\Roommate.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:1048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:3032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:4324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:3204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.patreon.com/Nutekuu
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:3132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdcff346f8,0x7ffdcff34708,0x7ffdcff34718
    3⤵
    PID:2152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
    3⤵
    PID:4536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
    3⤵
    PID:5036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:3688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:4528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
    3⤵
    PID:2960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
    3⤵
    PID:1872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
    3⤵
    PID:2788
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
    3⤵
    PID:1040
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
    3⤵
    PID:1032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
    3⤵
    PID:3344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
    3⤵
    PID:1632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
    3⤵
    PID:1204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6792513732052005872,4857782974094403097,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
    3⤵
    PID:4424

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27fd880b462c0db528c3fa935998e092

SHA1
3a3fa7d6779810c4fbc233fa24617fc17b5e05cd

SHA256
103ae0ecddfda19a9ec0982f28bbd2ee111140ada3ab7bfa5a0049df4a5e19ca

SHA512
bdff522714046c759919be644948ea7ceda09f14d14fdd1b4dde97d82b5064a60bed8c7a53440471ce74b9a748972b42f95ff7c798ac60e5784edc96cce8bdcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
22KB

MD5
cae0a3bff6c55245d9c41f31ffb59d80

SHA1
ebd40dab223720af9a3f7f6fd8a1d979a50ffa92

SHA256
0373c3d6ccd255a22794c4d134d7072a5eec32cd132571889538389959075abe

SHA512
f0fd812b0c5db1655a224729c1d2f8bca5dbd797f333ddeb4c8779a0c7db7e142f02bbbb209971ba324613bd6c467f2dde4f940c246236752cf47e9c53fc73e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

Filesize
22KB

MD5
8edeb5a220fe2ebde6e724ec46a47b01

SHA1
4cda11549a4866dda172d7e9eda415ce3f84fa3c

SHA256
25426e5097ffb53fe93f88b9e6fd457aece2c01ae06c9cc02aa6d0f59e04b7a3

SHA512
279187e4788378c7b27a7d606293622be31423a76a749d9ae03c2b359b91482f937c466b1288545f8d2251b8df306ada2c30ba5d1d186b63946aa42327000118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

Filesize
107KB

MD5
42961d8987f2ba5a1e46fb556a629c1e

SHA1
d4b59ccd0d3e1c6a76e8623fff14b79a3fff1191

SHA256
35aa2fdfb965a1314ce366f9c7aca56d925ce885a59891e7e930d8b6e7ab5f2c

SHA512
56d1ecf15947d66145533c866102e93e13ff48a988d8badd714704eeffc40dd80ca4e30b0652909c2034d444c712f6787485d77eee86db0e0142768d7a6f5797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
92d34602b38a5c0c8077ac9995a8e315

SHA1
cb1c7178817eadfc4b32a403afe8d5f13c6dc4d9

SHA256
a043068c37f055c659d4527140628f8d913dcd5ae25ddd39e648b4bb76171ce2

SHA512
3b1fabc47e0cf325f236ee68e800ad1d9545ab16cfb0038ecff92eb0f43d4126d2c7a1c7a43ffad1fb9e6ea0837de3383b368444a91e44b926430d72d19f399b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fdcb0daa38ab18eae100320fc2e1a17a

SHA1
6fad9d2e91a6f7bf1549eb3a94eacb57971cd390

SHA256
afcf70d288c28e1d6944524c8c438159b31d0737095b1121e795e53cb6a96b04

SHA512
52dda8db5b1a6b1d041935b8b0c401aafa57ce540feb2f03446a458b40f1a8adfd1bb17cc025393f307eab45fbf194c706b06bb5c474a36ddaa70b8d658a28f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ae651f709897d77710dbf1ff8321476d

SHA1
c4d624cca23421073ef245f1b021b2fcbe3fa089

SHA256
7e454d8647f941d3b1f01cf534c775bf2a79a1c2b2acf307f7ce9ac13c6a6f55

SHA512
dcde5bcbcfa86b445fe565a9489394d5d076dde6833de5b5a344e0b7f2dc05e70a3bace4971df9050953f602a3999f1515f6a1ddca05ebcf38b174a45c316c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6070c0c1c9c29e3dde3346db9b2fee88

SHA1
9a6f7181d373d079198565977bed025bb608ec34

SHA256
02fd0c958a2ac006794095c023c89b2bd1b969f6c17138d3d59f1c43c2923ac6

SHA512
4e36dcd9b1cf6eafddecea9d47c8115bb474ac57e0f6720db8b512063269ef65576d294d925fd64de0916e9e64520f4338e789a3eee4688252fd10e16d56d6c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
1e8246f1330f96c53777f382ebcb98c6

SHA1
f1e0861a3c800c355224b1d2c86f5d333c805e43

SHA256
613180a3feed26df23f42ef5b4c9cb0bfe3802e82a8a972abac532ecc5f0db7f

SHA512
d598ec137983d2158d2f40ca5fb5a9ed19102d7d75dda4cb1a90a5fc435958ad6129f704403d240a62e4ca7ef1c0dd96dff56528e7adc9c5b18324fb8cc3da98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
d4b1eb2a9a2ce947f1ea2f03e64d37e8

SHA1
9a3c9407ab5754a073314d679a0f53c15626d297

SHA256
0d7dcd69a50f542b0a091bf9c67afeb2a2ac6e522c6674f85ff0338679905b0b

SHA512
534b2157b6cd1abee0dd64fff0f80d1310a2f24fcf7b3851954f59ab80d45529389062b903c5f7feb0f0cbcb8d882bddc71bbbcef612eeec992de0fb51ddefa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
32KB

MD5
ff7c73f8ff81d443319e5e27cc926686

SHA1
6f8da400be30af56152d0acd8f3fd8f590d6583e

SHA256
c4f07ec898211c5d043a6ebcc3c59992133ba9b2cc11009099a33f5b536de9f1

SHA512
99486fda42fb853f961af4f487c00f1d5951b137605948ccfd39ecf49708abf37feeb9a55e6e131ee298d01ab13b0fbfd71ad1b099ace70c73a63e3f32e3e25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
c428c362c8f2bf0ef3eff378bba91310

SHA1
ab710f37caf40382379b7f78d5d512752b3b482b

SHA256
b36a7902d0289ac9849298190685b04fb4c4294f1c9d63df8a9c87d99bde920d

SHA512
514684f721327ac59464e20e3e1385d78645086bc51651d8d3eef38cf7cdf059d6406cc745ca0c08e84f2f5819c8cfa276c87ddf4f48a16ed85e73197f00a6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
710aa35badfc6d3706de37a17fad9900

SHA1
7a461a68863582f5f0a7c39048fb7cf5dfb8d4fb

SHA256
5d2c8b2263645d55a1568f30a8dd4eb8beed1ffb9e8451592ef115cdba263d34

SHA512
9186285507877b70279d105ffd9eacb08c1091a60dab0a4217f3f64ab95accef4f1737801e8771f22a5f5996fe04dc6c6eb5872380c3389b6ff0cee7117e0e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
4KB

MD5
70dffa0cdb95c992421cce635ceeabc9

SHA1
c7ab023fb7d7092f925796b5e96e98df92a1c77c

SHA256
0953dd206b70b9b37b5a9fe7221b9d34aa5cd1b5a4586311c431607798e74dbb

SHA512
e87fbb0aee77e6d7c70d8151ffb3fd4cb3ac08779b0429b04c8369e32929076a3b2b8d3ab10675a0523f65844988d086ba099867391d72987e7ac09fda7d635b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
295B

MD5
9d1128f723589e8a23590b6e948a6621

SHA1
bdcb343aa577f9b1ea96b0d743400c74600e0197

SHA256
c56afb66c2f2a351dfc22d17868bae127c04f454c62853c697e1c72cf0c7c0cf

SHA512
ff256267a769da2093f38a89e4a80ea284c4baf4cd7041bbf545129ddc8ad38e7cbf730c407ac9e43301ab5263a5542ac67b48dde11c8818190151639b224fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
32ec5304c4390a9e4d63408475ea320e

SHA1
eb34a2a83342ad3ef3b6a842d3af894dd1bbdd8b

SHA256
06118322266554507558a5e6f877bf6dee9523f87022f852bfe49ea1a4f8c48f

SHA512
8f5992b9cba29a5b050e59507dcb8cec5c3598335d1875e5269e3aeaa1371a405740b00bfae92d3c912f0ccefb2810cd6f00811508ae8c9b6d227dd973e37c87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7290e04066a89658dcf565d35812410f

SHA1
57aa25122619be22156616701192be26138a91d4

SHA256
f4d85bf7126460a4129e33f6e7d9abd91f32c42725834a61b476e396dd3fb473

SHA512
155abd2638f779e05f00db154969c3633f636299a775347e055158875403b26d983fb64fe4fcd5169b2da681be5405c505743911556f4c735ec2880ac9cc0052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
932B

MD5
67ed5b3d24fa30038306242935c7399d

SHA1
35540cf97fb691082708857bbcfb7827c455ccb8

SHA256
b631fd82c6cb3b9c95a92b1bba94361b0405ade62ac90b427702a3ebc8d7e69e

SHA512
2b6a48fd87b8537b650090b77cce6f08116d929314bd3ea7c1f98b1c6cf05ea7d2d3be4eaa6b03ec213941662f499a762d7b772b4e46861960f5667ab4b19dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bf9a8bf1e72f4e686332961dbbeae730

SHA1
91665e279ab98ac1eddfd69c0cae2a68cd7503a7

SHA256
515cf123468ae1237e5381539b705f911d326997d7c220d56a7063369986c449

SHA512
4f6a110952302855e1096d960d083d13b511d045c21543549fed4fd5cbd01a78b389fb1cb75e9c3442ca6085ada5de164a1bed05f21643453b1dc613ace2be37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
260c118a71fab2975bd5bfa06373127d

SHA1
617b04b991951451eccbd95677868b12631e9bc0

SHA256
b66d65e0c2f090c85412f181d11a7a05b8afd031c553208ba670900d0f99a65c

SHA512
b774b5490be5c0136162688f401ed2ec1236e689300267b5bb0ea1618d3971bd5a790b17efe35dd42d480b489fabc1ed86caaf8688e88caceb5f7f326231f763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3602266259e839f9c1404acc9dbe8ff3

SHA1
93a70abe45ee62c322c6a84ca16d748f30eca596

SHA256
ff185ff6c9230203ddecfd96c2e6742a1dc36b57b6a9a93900e4bd778da9addf

SHA512
100ff07b49c15451808622ce237d857a39a861eeaaddf1bd490f04f047c85c3d22821d25d5c4011aaeb5f49c5fc816caccb458ef50d04d95275b7ffe5a535afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1abeb4c484b07ff60613c77b1ed40da3

SHA1
a28b90fc07b54468b5971f7721a07d1a4f03e115

SHA256
7677119f47587017343caefecd1666ddd5ea96c0d9a34e8511602b892c4021ed

SHA512
f35634b98dcabdd4a172c90df85d5935351828dcb20089ae32aa06bde488b81fbf01b8a02f1bf421509b7f1d3b3eadfe092a39a2c17b890a3bee190f635d4898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cde894cc3ae19654016381548a2ac600

SHA1
1205331a67799c12813dbeda5cb78959cba18b38

SHA256
95f6134c3cec67677368525907df334cfd36ad3a9bbab8d3255825619d3b3d09

SHA512
e1cb32e1f28b8c334210907cdfd81a991d97cc2d2cc9ec263b30523e60534ccabee4d7fad2afb6ec350cd6316c762a097ee2d57df281e5838a2b61f185572488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
37b862774a51489612d655cb6344cf14

SHA1
bb56e553c0bbbc21f736ecd14b02777bfb54e27c

SHA256
21d83798f18c6dbcf194ca3e604a554119f408714633cc8f398b8820ae47cf4c

SHA512
5d534957f1d60149f2616dee1bc63201ad8eaec5dcae63f963e1de8412b8fe76d7358c904dd5621f2045abdc064742b3ab1865a9e342ba23036f0a43e0d63ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5bffac9e111bd65342f460f02f470446

SHA1
3c9a75957c7834976619ec908e845522f3c6606f

SHA256
982662a34de3ac9e77955a38b00d264d685575fc976908cfc575fe23fc364aff

SHA512
8f569cfa8a5d940e8331f833c08ab4128a9530da5c85efdf4a73d343e75ec50663e671fbe69b171523c364d1a1a8d587c7f1ef706c143431f22d1f0482f90487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
958d25fe6a691ae9b7a746903f498295

SHA1
2dabed38fa347ebb11c42f95aaf4e19ed69bb998

SHA256
7c6e04c91280e15f587b313090961e53c2277b8da0c13f0a461b604e5f333e59

SHA512
f0a5a91385fe0af27b98b55e4ade72b70933bfe2a65d7e653bd15e0396c2da0a52b02e84f0ea192c8d615c31e95f3d7e572331b20cfd4b4fb2be3f9212fa9225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce87f22efbcaf9a8bef489ecbb659906

SHA1
11f52c2946945bc66645ea76885dd9d712bbd99e

SHA256
5000444c1b792132d25779688be1b09f6f96b26356d3cfa0c8a2a5df074d1262

SHA512
dd34e8b6629e745e45346398b8a1178b6e1fc2be24db725361da1082bb2af8c404781fcc472743a2342565ffed584908887f8d28384e274b362e4b8078060995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1641845ef714ecc01f6efa895fc338b6

SHA1
531aa7883509e8d99b36c6b252539bf31903dadb

SHA256
967a396ad5b698d132d81134a2a32e65af90bcb08d11150a0107261572a9c7f8

SHA512
02502cc5e07fdbeab143f5c22b01f53fd7a256298043d8c0f74b53c2c5ca1308633f24ec307360216e934e3dbcd9c1b395f320d00c2982fed2e52db62ea83462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c2c8693b83f5d5711b6a55afa37d4600

SHA1
a7c0945082b153f4aad4c770ec2ded67a152d941

SHA256
f945132b6ce3af60b38969c836cc9e2ec1f370885c3757b5bc14c4cbb347dd90

SHA512
70d1d906c644557b32a9099baad795499f8ae81e9514713182a1094eaef0727b24d897de21342ee09b318eef4c00de7a175bfdec7f8c14c1488dd4d6c5f3977c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b9d22077e59dda20900dfa36fee2a820

SHA1
25dbddc3271d843e302faa8e6ea1b7c0d421519e

SHA256
8cea3c8dc77dfcb6b8b2dc06210c0992beab6b5f19d1d8439ac76b989eaa47a5

SHA512
2cbdf0089eeb968cb7b736ad53e388255e6ab1c2e70a58ea4b660b3285fa8068df44abbcd67bea308510ae64057277411eeefa1b93bc154e4bacaf9419ccd974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
92f588d0a7fe99396b17b8faa8cd60b1

SHA1
2c30a355ed62b3db88cae6261314d1b13284b516

SHA256
381c71a2da0b4b1562f09ad603e7b6ec729e8d83aabb6a3e97768f7822f15149

SHA512
cd6dc226334393e105523d8d7b45b4d53759972c88022831787842c119b01a98e13962b528fc75f67952689f75d24d9b968a208a6fd056885e98f229d905d0e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
face7c3283d60d0118dd925bbcf69c16

SHA1
732b305b04fee290f8888f85f47485c2548c3260

SHA256
4c8d146b9de40ecf8f72e53003b4112e1bb22f9324d2da2827bb987680de1a10

SHA512
f0ca9542afc17ba08cefbf78736a1378e9b4c469a919875a9ba604ca838b3c4ecaf3d13eda26f9d878cb590ba85919049d896446b95e77a9bdacb61e780dd913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13377546771263066

Filesize
20KB

MD5
fae8ca7cc888aa80d0bde68424a80873

SHA1
4598c100b048dc10ed036f263796aa174d41de65

SHA256
10649a9bf05c9581db59d83d1bcc798148c02eb2c089c10d474eabad33cc3f91

SHA512
edb6d872c51a37fc4d88428571c80849ae3231a3e06da65907a8cb50f106d8ec9ec3262ecceb09b2a70de6e92c5659675d522b1f674b247ab7c8e9664cfa3c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
256B

MD5
7fee175a1c04cd6c769daf02392d6392

SHA1
46e0cd17ab86e7d2422a38cb841f579d0a51d301

SHA256
c03eb335b5938338c09548dab261dca8c538beedf27f6cfadf6c174dd3e3e8d3

SHA512
506e61d95a6f4496b5635758d5a855f173bf39c54c5b544e77bad7e4f5f538920cfa584d166c9c3395dce6abe4384736a59a9f1d49ce0099f4e6427726cdf439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
e52137faa98db638516d4d04f4f0da5d

SHA1
9cb435b833119ed2c9e4c8b2d41e184ba43939fd

SHA256
208bf6ab1adcaff1f7a57bd979bfcbe0cee2469edb9447e726f7800edfbdf61f

SHA512
11436e61f80c0f8b8ff770d5add9def0476b560683ab9da384ad8ea526aff3bd5a5fe23798e7b061dd63860e6809aa81cf6654edefe20d4e7e6b61c88275472e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
3977351934e815a469710e355e6eec21

SHA1
7aef0a2d68addf1c4537429fd1be801a097e073a

SHA256
280fe90b23fa26be20edcffa747cd5ec21e3e0f374d19f5b64d25fc18247a9b5

SHA512
1a4fa232bd09dfb84e29282dc88d0ecfd72222cb000ea64d534f775b26775118a9b7ba278ed36aea50642932a9bdb914f688f2b4bd7217255c8db55b0d20dce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90cf140d150834a4c83d93e2e089a51c

SHA1
fa047f47dee4fedb2a2d38f441861ad98115cfe5

SHA256
8d4cdfd47fca503d871610ee8ca5d0212b539f361f4b461c5d6aab57be340c5c

SHA512
1f547c00fd3a28e02111e73501cd03823528958c3a02f7e57401136b33b78ee6b5447a196330b77bf92b722da750d3a14e96ebba461c1823595e7e11039a0035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de26fe5df8b035d29cfc635ba0099379

SHA1
e57964ac546c3ede514905ee9049643dbf709bfb

SHA256
a87809e32b1a7225c4e7b4ded7b5b04c499f284d4e237db60a302ad6e600d58b

SHA512
d3b8cb4f6f8a84395b8c1454bd42133a00d143d3af30292c42b60f0b4aa18cb7599821f91ea7624dc1b71746a1c46120e4ca0ddc85b8fc432c459de5091230ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
23c52d4be0ed3e2b842e2800ec3becdb

SHA1
fbbdf015099e7f577cac89a4b054dbbc49931e23

SHA256
7db50ec6392b875c3bf699179e7ff082e3ead2e5fbfa6c906f5ab3a59269d468

SHA512
6689af4a9628046d568b9c659e26ded2405b783690f9d8298e22f9c1eae72fb10bf238086d0d8d0922290223e286a234d440864f30fd843fe833066d800a3e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d37fea026973241477bde187316b59e6

SHA1
d2e06fbb6e069e8c84968781ebfc3b2164e2f961

SHA256
37ea31557fb7063b46876d8608329eb5227110a4f1b7db273d13ca2645b724b8

SHA512
e717829a8909407568a3130131ae476498e0bc53ca749ec43bd1f1abf993eb02859a123568419d67caf014b7047c691b09f93a0c62ee6c830e4f0f379acbc769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1ced81f494f355de93c399f9f90bb4ee

SHA1
186ad66152351f3b2410c03131e3447da7ad6e65

SHA256
92780d01aacecd26659163abd73d05b5bd0830ae0035f05bed55012158b71b05

SHA512
6368912496b6b39910b208db1ba3f6a5afcdb93d2f100aab86486dec266b2a8580b5051da8730739900b1710db4936a63e10ff5b70d9cac745c402367bfbf3ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
86ff5b30137898690c2feba7d8492f75

SHA1
3b98b4ff2b01abc4e37eb0c2badbf3488c21ffce

SHA256
4aba8866e830019b6ec119613c5c08a80ed60b737df9ea94c5b6df888ab54b1b

SHA512
297a6226bd925e15ce1988b283756f0d2a2e994ee16d5001ca93384e92658add973c6314eb6e6ad17458ee7db1df2fbd258a075f0cda0dcf574c6bc03cc6abcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5836ea.TMP

Filesize
540B

MD5
98fa1cf63ea384a12fe3ae09cd8228bf

SHA1
9af1e7a81d0b797b9a9ac2665d29b7e084f9d0f1

SHA256
2f5b8ceca94816b78916bcc462040ecf9d319e52a62940b38e5877f80d34e1d5

SHA512
073dbc6f686a155dad7c2f433e74c1c46ac1d33019ecfbde858bf3fb8dce80a10c81d5ff37a75a9077578d500e6ce4667d845a9a3b3dcfb02f1b2d9afdb7bf17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
51bdf61ba7bf2cad04e799834f4e74a5

SHA1
418b16a839790f309c32e9f3d7ecaf31aff5dd34

SHA256
7fe33f32d838cbd14f2cd31499e8e37252a33fb72abff4c9c9f0edef7dd627c9

SHA512
5c9c068eeae6bc6b9a5e29453c12582b13ab8432465c46fafe8eede124791ae9027ac24ad16adbfd73513f436cd27a96d2f9024611a772a6587c506866817a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
06db785f937732cd67945cc8b8e42076

SHA1
2c98eaa38ade20091e838df8e2ce431cea9393ce

SHA256
624511258f08e2b1fc2383ee2fc7f1e7d75f8fc08888c372ebe2f163844952ba

SHA512
19ec8d18068c1873bf0571cf2d5128e2b822678322789722c378123061f1a512ae070957ffd00fc5cb857c593966cea46da2b472cde6f4d470f5ef81a06161d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
96KB

MD5
0706005da59209ab42e5b1e8350c49dc

SHA1
6fc75488d3e106c4990def709a0e067abf93c6a8

SHA256
715959046084d69f53bf10cf23fa365a3d2e68b22b7a8900a07a4389c3f36cc1

SHA512
16e9963606d67b002b25ef642d3e74a05fe076e57bb77fb1c262c6cd333769031b9a7a53e26fd001cad9aca14b3212f04b6f5f3b398374dc661bebe9b8bb2035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.9MB

MD5
b79c6dfc76cf00b001a697f41cc63744

SHA1
28baea7db7e00fb56091f96499b2c217292931fe

SHA256
04cbead9d2714b7f1d14b189c4b94382d428dcbf99e5818d88fe6ee362028a29

SHA512
df5032b3ddd0399e7b4d9ae98d5fee3a3ba6f5b42bb995b0f8b429ff32f67a4dbcad0a4c734dbe77aa753c1d8fa0a9a8d3d0e49c27044e72e89d80a352907dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
184KB

MD5
ea37747a917118a6c2a12eacedfea458

SHA1
cfa3be5d02d72f4eca329e1519863cffa53fe91c

SHA256
45e67dc5725d36145c69448c483c1862a7902ed546f8cb88f9ef680225f215e8

SHA512
b96f1a40a36b653c58c22e9c91ad7abb58d6a5e44f245b415550e7dfce0e9e23a10a7a35af685d2380b49b634dbe2758a9a5c16e92be4737eb7e283228fbc987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
4893b32637d333104a3ad4669788e363

SHA1
6b52bf72edf9b517d7f60009438bb96f58a68590

SHA256
e2b84f564bfa9f4085a84dd6866fc4af2810b544bc409b0a9f7377f09905ac51

SHA512
ff70924f6cda6db50fa22f4871e951232e2db1465e9e92f7a83c9d8447e5b8ca055908725eb8e6e358a03fb74b04b82b68807dd299f388cc4af38014f02ecdcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
623B

MD5
6f3e5f0fd1f76fdbd4c45d084c651afc

SHA1
c4053b848e1f7b6570bff75a05aaa871f5848d2b

SHA256
44c4c1e852196072bfc5056f313ef2946d38736ce7fc2963a994a6331f3ea9ad

SHA512
64a475e2c9ec3098843d94cad3035ca890d375a9928421d2355966900f64ddc2dddfa85303b68d53069bd5e05356f3d51ad43e098870076f779dda489a740e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
3701357fe749ef133f39e9208d7ca4d1

SHA1
a01ba6c2a3d0ef4fdd8a6eb680e744439bf38591

SHA256
79b05a41d528594d3abd50b849252da5e46bc8965ba904461a7c53b0ef0a38dc

SHA512
390f81135404ffc10a70fc6cc86bcfa1855bc45f027a7dc7f8e67aba90bd26390db918e06f74dc05428dee9185c1443367600599d55977ff4af24fb6a01a3191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
63d74a6b8e3a723fd54a12bd83e246f3

SHA1
676e0e70782a0cd682a60a50cfe9e3d050dd50a1

SHA256
2e4933a29a44f2f1e20bb508cf8ee7359760c6f82573a7054d006a7558eb662b

SHA512
2856928132f22e85e607974bc96c74f4430f2ad81e305aad4942ad05d1f9ea0b700ec3f7d9a1c99a8195523ca157114d91381a8d571d3adfb4b485ac7182aa1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ba87a95e61745886afdf43766a2d3673

SHA1
e6931a658015a5157f4b204c0acacee05b2e4796

SHA256
dd15ceece352d96c1a472d032ccb06d47231a7a102934e9da7e48ce30e87225d

SHA512
eaeef112d3890ed1d8004562d838d07d2d797e3b5deb10f8ebf180f6db9cb3794f2d937b47d54120008712a8297acd7502a53eba6a68f3ab0f3ee5d7a2839075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e19ebf4f7a3eff5f004b60585f4b984f

SHA1
5ded4fecb7855c0e012523a684264f88f6a1f23b

SHA256
dbb5566cb94822891fa367f93ef13381afd42f153d991e0668338e21e05be706

SHA512
5e788c7b32c338232df1460c3f39951ae4e9897402155532ad2214b446595c70a64f69ec8f36b8b6bb9d8353c3b2b6e54c0ccce16691bc5544d7192ee1a02672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7d24520cd270948fdecc6b5fae915042

SHA1
ba7891170e7a458c9465fd8f13629e3682f766cf

SHA256
32741162f63388aa6e1130171c5bf3871046b67dd1ea2d77ae47c967eedd5bc0

SHA512
142463d21e399c4214e5b774a3cd55b697c67a2662289438bea47576a7f58614b8e077ee316016fd1889aed90ade8f850037db6103ccf923d821ce80a69c2e11

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e7020697cd0adafebd66faa6bd5e86f2

SHA1
8bb0f84e065474ab66480f548518ca1f0b8ba10c

SHA256
03175cfab46064fa1ba99eda91d902ee421584ddbf4ed5c948070a3f14386005

SHA512
3c2ce117fc016c1e3e8a59bad0a13099e79181a6951e46c2a86f9d79f0f23038807899d5466352d83b2439aedc7920c61e270246921c9bf2adc1029ecfee5e12

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a0ba4b1adcc6ee411b8598cffccc82c4

SHA1
608a5eb2e71bab7bf1c5e2ece8cce9890ee87653

SHA256
287f78f04e59cc40e33fbb16b11ac64221d6c687166f9a438d35a8e3c0f274cd

SHA512
1f7172c189ffe1f0a8bd6fdaadc59a9517d8e41accf26a2338c620d1bd59dd6aa17d037efe97e7ab08a234670461fb35677ff83836d0c38dc2ed343444d88352

Download Submit
C:\Users\Admin\AppData\Roaming\RenPy\Roommate-1713512540\auto-1-LT1.save

Filesize
19KB

MD5
83b8b8e40a8a1f5e7ea1c6af8321bd29

SHA1
40e2118569105468790937d0de894d1422296ea6

SHA256
e35a0d4cc87b93fc633dab81d53bd6b1eba09e4d66d9a33b8b90bc679ed088eb

SHA512
ef6f170a54ea97f37cb23a7bd519aef8d9925ea2c69a5f93d79d4bb8b1abafda60f0247f30a6f28cb0ebb219bb9e524a4407bacbd790a87146b4e20f73b29756

Download Submit
C:\Users\Admin\AppData\Roaming\RenPy\Roommate-1713512540\auto-1-LT1.save

Filesize
19KB

MD5
622fffcff5b3a65a535bca6c6b469e06

SHA1
841f28d678ccbb5f66bc0c38eb53ebbd07cc2639

SHA256
f9d213468b3a89178ea412cbc275b3bfaf3d9926c8159bd8401872e5e8f03f1b

SHA512
d6a7b63ac6e927cb1dae98ad82bd1899b2b59cab13a842b5044ac57ca66c82e495f26ad5cbc05256c91994e02669dbeb4428a71e27bc34afbba5a0702e7632c5

Download Submit
C:\Users\Admin\AppData\Roaming\RenPy\Roommate-1713512540\sync\text.txt

Filesize
5B

MD5
f4020e91252aafd4b18d8acd17f883db

SHA1
748d77dbb8bdb0dd330c099e7fde82da053fb1ff

SHA256
314ad142957febe390cc7223b4deb1d1b21c187f84f6e7257a23fe46c27fcae3

SHA512
301ddd0e34cbd842dae99a2cc4ccbfeb6ee8b3def39c214a719fa9edc26d7142749bbe6e992d26353dc167febbab0dbc05476b68a86ad93cab5f299f0aaf916d

Download Submit
C:\Users\Admin\Downloads\my-femboy-roommate-win-linux\Roommate-Demo-pc\game\saves\persistent.1733073466.tmp

Filesize
1KB

MD5
c1413f711e7a9ee69f6f179f81324b59

SHA1
ae0d5c2e993fa16e11ab7aece539692be487265b

SHA256
f0cf908c9d28b7cfa32df2484d7e146263e076103bf69421d857ec4c5bcac124

SHA512
c0b458d04bdc281a38d8d6da5096f0456da65130a3ca6f768883b649af47653d2ae376a20653e6ce2378e2fa4d4649a15c0e969b6db77c92d10b49dfe5e823ef

Download Submit