hxxps://media[.]discordapp[.]net/attachments/1113265176767123517/1130630314176286830/tikmate[.]app_7254670388381093147[.]mov

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17/07/2023, 23:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://media.discordapp.net/attachments/1113265176767123517/1130630314176286830/tikmate.app_7254670388381093147.mov

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4976	vlc.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4500	msedge.exe
4500	msedge.exe
3948	identity_helper.exe
3948	identity_helper.exe
1364	msedge.exe
1364	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4976	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2316	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2316	AUDIODG.EXE
Token: 33	4976	vlc.exe
Token: SeIncBasePriorityPrivilege	4976	vlc.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe
4976	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 3748	4500	msedge.exe	84
PID 4500 wrote to memory of 3748	4500	msedge.exe	84
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 340	4500	msedge.exe	86
PID 4500 wrote to memory of 4936	4500	msedge.exe	85
PID 4500 wrote to memory of 4936	4500	msedge.exe	85
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88
PID 4500 wrote to memory of 4536	4500	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://media.discordapp.net/attachments/1113265176767123517/1130630314176286830/tikmate.app_7254670388381093147.mov
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bfea46f8,0x7ff8bfea4708,0x7ff8bfea4718
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\tikmate.app_7254670388381093147.mov"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15002946659122174771,15438877972606864592,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x2d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2316

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f47b83c67fe32ee32811d6611d269c

SHA1
b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

SHA256
ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

SHA512
6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
2ea2a137ab8c47d20337451e220ee9e2

SHA1
be65afcbb079d07ad4431f833ddf3fc5dadbe77f

SHA256
e56c5843fc2abc37cb8023a951b5b8151e973458d78b79d20ac02f7c98cd9718

SHA512
90802d3473fe6ca799318e88e9a1a13838ab5b8fd4add7ef1e52b4e9fe9aca3886eeb0bd82d0dfc108a156178bec952b2e3dc924195ad1012a33eff5d9470b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eaeb23cf0cf786c49c71d97efc09d135

SHA1
8e81e07db9f78f246e06c38879b4c6e57cd7ea92

SHA256
3d21b87854da0e04da6ffef2de3535c3807f5eb415414198ae07e6d272133f07

SHA512
d08da808a1fb12776f238d6252ebb74a41be86e1369afe4be0955dfba74a2a5ec1109c69afefb9fbd2e5c986207f5f8a4d9b9e9707812af3d1287c3aead7994a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
94ab6e884756fe4afd7634d2131485b2

SHA1
72347b55079594909ab7396510181557cf0ad12a

SHA256
a1c82543893f68f334f90d9283ad4fbf4b0449a9f59fc9d4c300db347557a67f

SHA512
7624f0c2a1a2b0de92b9d56a036dd6e9666e92355032c17b19b6e438282024eafaedb547610a13994f12d522e321ce55b09e66bfc24c25fbd54ec6d61835d5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5544c64f2a8f49dabc19eb84267b1c9b

SHA1
c5b78d63a8bab1c7b985f7ea2f268d0d7809071e

SHA256
a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f

SHA512
38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0f743486e8116f6eb2963ac76e172249

SHA1
876173e1fa9decd400ea91549d2b8da153c391b9

SHA256
9f15366aafb3b5a2d7020cc8f2badf35fe4f27e88f9b32b15ef81666d48e4fa1

SHA512
546a695fb5d1c5bbe0a390bb3566f33890b7eb623127b62617f54831013f1111607b5f71847c6e5c478d64df4fedff11de5ceeccf7885b9695cc6da6ae642a0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
aff4f38f304546c561ee279cfbd46b6b

SHA1
eaa33937a545130a244bd7e44698a3fe448839b4

SHA256
897bdb728c655c91624992c0799ca920d252b6fa9688331113d2b1fbf7685105

SHA512
631e771010712d5ce0b795cb7e97a9698338d6a0caa554cc90d9322f553f9282dcf0c1cfd7a9da68f219bd98efac6751fe7f0ce7be650a31794ee9bfb98e10b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b2fd36b6f91d97e1c2cd3dc7429d7428

SHA1
1bff131779b3311b243859bdd9bcde34b4dbe4dd

SHA256
0d8f9f905ced8373416d3a71f56fa1d66f4c25946db39ba2be3f2fa39c098ab9

SHA512
22d98bc6d5428766df4e408acd37111ca5aa29d7b0f047088e4a5191a22583ef217fb14921f1d32568efa7f0b46583cf1af58c64a53b3d10f4ba50dc75fad064

Download Submit
C:\Users\Admin\Downloads\tikmate.app_7254670388381093147.mov

Filesize
5.3MB

MD5
b56c6129dcff56019167fb3a799bf00d

SHA1
246b3880b50f36d539d7e6d0d1ea069f876bd3bc

SHA256
42fd481b9e874b6ce1cc7bc9429f1c7a68c8fd188a82a767bc810b33382c9a12

SHA512
21875024f1131fcc4e379fd993b047d6f99caeb1a6aaaed743ad1b092458cfd3cd203a4bf610c0b1a072332cc2631ecb0ac1665dd8f3d8a0cd38bece3bdd4c09

Download Submit
C:\Users\Admin\Downloads\tikmate.app_7254670388381093147.mov

Filesize
5.3MB

MD5
b56c6129dcff56019167fb3a799bf00d

SHA1
246b3880b50f36d539d7e6d0d1ea069f876bd3bc

SHA256
42fd481b9e874b6ce1cc7bc9429f1c7a68c8fd188a82a767bc810b33382c9a12

SHA512
21875024f1131fcc4e379fd993b047d6f99caeb1a6aaaed743ad1b092458cfd3cd203a4bf610c0b1a072332cc2631ecb0ac1665dd8f3d8a0cd38bece3bdd4c09

Download Submit
memory/4976-306-0x00007FF8BA940000-0x00007FF8BAB8B000-memory.dmp

Filesize
2.3MB

Download
memory/4976-291-0x00007FF8BB2E0000-0x00007FF8BB2F1000-memory.dmp

Filesize
68KB

Download
memory/4976-275-0x00007FF8CE670000-0x00007FF8CE688000-memory.dmp

Filesize
96KB

Download
memory/4976-276-0x00007FF8CE5C0000-0x00007FF8CE5D7000-memory.dmp

Filesize
92KB

Download
memory/4976-277-0x00007FF8BF980000-0x00007FF8BF991000-memory.dmp

Filesize
68KB

Download
memory/4976-278-0x00007FF8BF960000-0x00007FF8BF977000-memory.dmp

Filesize
92KB

Download
memory/4976-280-0x00007FF8BD6B0000-0x00007FF8BD6CD000-memory.dmp

Filesize
116KB

Download
memory/4976-281-0x00007FF8BC6C0000-0x00007FF8BC6D1000-memory.dmp

Filesize
68KB

Download
memory/4976-279-0x00007FF8BD720000-0x00007FF8BD731000-memory.dmp

Filesize
68KB

Download
memory/4976-282-0x00007FF8BC4C0000-0x00007FF8BC6C0000-memory.dmp

Filesize
2.0MB

Download
memory/4976-283-0x00007FF8BC480000-0x00007FF8BC4BF000-memory.dmp

Filesize
252KB

Download
memory/4976-284-0x00007FF8BB3D0000-0x00007FF8BC47B000-memory.dmp

Filesize
16.7MB

Download
memory/4976-285-0x00007FF8BB3A0000-0x00007FF8BB3C1000-memory.dmp

Filesize
132KB

Download
memory/4976-287-0x00007FF8BB360000-0x00007FF8BB371000-memory.dmp

Filesize
68KB

Download
memory/4976-288-0x00007FF8BB340000-0x00007FF8BB351000-memory.dmp

Filesize
68KB

Download
memory/4976-290-0x00007FF8BB300000-0x00007FF8BB31B000-memory.dmp

Filesize
108KB

Download
memory/4976-295-0x00007FF8BB1B0000-0x00007FF8BB21F000-memory.dmp

Filesize
444KB

Download
memory/4976-294-0x00007FF8BB220000-0x00007FF8BB287000-memory.dmp

Filesize
412KB

Download
memory/4976-297-0x00007FF8BB130000-0x00007FF8BB186000-memory.dmp

Filesize
344KB

Download
memory/4976-298-0x00007FF8BAFB0000-0x00007FF8BB128000-memory.dmp

Filesize
1.5MB

Download
memory/4976-299-0x00007FF8BAF90000-0x00007FF8BAFA7000-memory.dmp

Filesize
92KB

Download
memory/4976-296-0x00007FF8BB190000-0x00007FF8BB1A1000-memory.dmp

Filesize
68KB

Download
memory/4976-300-0x00007FF8BAE20000-0x00007FF8BAF90000-memory.dmp

Filesize
1.4MB

Download
memory/4976-304-0x00007FF8BABF0000-0x00007FF8BAD5B000-memory.dmp

Filesize
1.4MB

Download
memory/4976-305-0x00007FF8BAB90000-0x00007FF8BABE7000-memory.dmp

Filesize
348KB

Download
memory/4976-273-0x00007FF8CE5E0000-0x00007FF8CE614000-memory.dmp

Filesize
208KB

Download
memory/4976-302-0x00007FF8BADB0000-0x00007FF8BADF2000-memory.dmp

Filesize
264KB

Download
memory/4976-303-0x00007FF8BAD60000-0x00007FF8BADAC000-memory.dmp

Filesize
304KB

Download
memory/4976-301-0x00007FF8BAE00000-0x00007FF8BAE12000-memory.dmp

Filesize
72KB

Download
memory/4976-293-0x00007FF8BB290000-0x00007FF8BB2C0000-memory.dmp

Filesize
192KB

Download
memory/4976-292-0x00007FF8BB2C0000-0x00007FF8BB2D8000-memory.dmp

Filesize
96KB

Download
memory/4976-274-0x00007FF8BC6E0000-0x00007FF8BC994000-memory.dmp

Filesize
2.7MB

Download
memory/4976-289-0x00007FF8BB320000-0x00007FF8BB331000-memory.dmp

Filesize
68KB

Download
memory/4976-286-0x00007FF8BB380000-0x00007FF8BB398000-memory.dmp

Filesize
96KB

Download
memory/4976-307-0x000002CC33290000-0x000002CC34A40000-memory.dmp

Filesize
23.7MB

Download
memory/4976-309-0x00007FF8B9160000-0x00007FF8B918F000-memory.dmp

Filesize
188KB

Download
memory/4976-308-0x00007FF8CE5B0000-0x00007FF8CE5C0000-memory.dmp

Filesize
64KB

Download
memory/4976-310-0x00007FF8B9140000-0x00007FF8B9151000-memory.dmp

Filesize
68KB

Download
memory/4976-313-0x00007FF8B8FD0000-0x00007FF8B9045000-memory.dmp

Filesize
468KB

Download
memory/4976-312-0x00007FF8B9050000-0x00007FF8B9115000-memory.dmp

Filesize
788KB

Download
memory/4976-315-0x00007FF8B8EF0000-0x00007FF8B8F5D000-memory.dmp

Filesize
436KB

Download
memory/4976-314-0x00007FF8B8F60000-0x00007FF8B8FC2000-memory.dmp

Filesize
392KB

Download
memory/4976-317-0x00007FF8B8D10000-0x00007FF8B8D24000-memory.dmp

Filesize
80KB

Download
memory/4976-318-0x00007FF8B8CC0000-0x00007FF8B8D10000-memory.dmp

Filesize
320KB

Download
memory/4976-319-0x00007FF8B8CA0000-0x00007FF8B8CB5000-memory.dmp

Filesize
84KB

Download
memory/4976-321-0x00007FF8B8B50000-0x00007FF8B8B65000-memory.dmp

Filesize
84KB

Download
memory/4976-324-0x00007FF8B6540000-0x00007FF8B6634000-memory.dmp

Filesize
976KB

Download
memory/4976-323-0x00007FF8B8AF0000-0x00007FF8B8B03000-memory.dmp

Filesize
76KB

Download
memory/4976-325-0x00007FF8B7F20000-0x00007FF8B7F4A000-memory.dmp

Filesize
168KB

Download
memory/4976-326-0x00007FF8B7F00000-0x00007FF8B7F13000-memory.dmp

Filesize
76KB

Download
memory/4976-328-0x00007FF8B6D50000-0x00007FF8B6D62000-memory.dmp

Filesize
72KB

Download
memory/4976-330-0x00007FF8B6D10000-0x00007FF8B6D23000-memory.dmp

Filesize
76KB

Download
memory/4976-333-0x00007FF8B6C30000-0x00007FF8B6C44000-memory.dmp

Filesize
80KB

Download
memory/4976-332-0x00007FF8B6CD0000-0x00007FF8B6CE2000-memory.dmp

Filesize
72KB

Download
memory/4976-331-0x00007FF8B6CF0000-0x00007FF8B6D01000-memory.dmp

Filesize
68KB

Download
memory/4976-334-0x00007FF8B63C0000-0x00007FF8B653A000-memory.dmp

Filesize
1.5MB

Download
memory/4976-329-0x00007FF8B6D30000-0x00007FF8B6D45000-memory.dmp

Filesize
84KB

Download
memory/4976-335-0x00007FF8B6C10000-0x00007FF8B6C22000-memory.dmp

Filesize
72KB

Download
memory/4976-327-0x00007FF8B77C0000-0x00007FF8B77DB000-memory.dmp

Filesize
108KB

Download
memory/4976-322-0x00007FF8B7FC0000-0x00007FF8B7FE3000-memory.dmp

Filesize
140KB

Download
memory/4976-320-0x00007FF8B6D70000-0x00007FF8B6F8D000-memory.dmp

Filesize
2.1MB

Download
memory/4976-316-0x00007FF8B8ED0000-0x00007FF8B8EE3000-memory.dmp

Filesize
76KB

Download
memory/4976-311-0x00007FF8B9120000-0x00007FF8B9136000-memory.dmp

Filesize
88KB

Download
memory/4976-272-0x00007FF7A9B10000-0x00007FF7A9C08000-memory.dmp

Filesize
992KB

Download