Analysis

  • max time kernel
    45s
  • max time network
    43s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/02/2024, 10:51

General

  • Target

    https://www.xdlab.ru/files/tagscan-6.1.16-setup.exe

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 18 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.xdlab.ru/files/tagscan-6.1.16-setup.exe
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1408
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdfd846f8,0x7ffbdfd84708,0x7ffbdfd84718
      2⤵
        PID:1448
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        2⤵
          PID:3076
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:848
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
          2⤵
            PID:4616
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
            2⤵
              PID:1612
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
              2⤵
                PID:2384
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
                2⤵
                  PID:5020
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:976
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
                  2⤵
                    PID:4076
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4736 /prefetch:8
                    2⤵
                      PID:1956
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5936 /prefetch:8
                      2⤵
                        PID:2768
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4016
                      • C:\Users\Admin\Downloads\tagscan-6.1.16-setup.exe
                        "C:\Users\Admin\Downloads\tagscan-6.1.16-setup.exe"
                        2⤵
                        • Executes dropped EXE
                        PID:1412
                        • C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp
                          "C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp" /SL5="$601D8,3721640,721408,C:\Users\Admin\Downloads\tagscan-6.1.16-setup.exe"
                          3⤵
                          • Executes dropped EXE
                          • Drops file in Program Files directory
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of FindShellTrayWindow
                          PID:1628
                          • C:\Program Files (x86)\TagScanner\Tagscan.exe
                            "C:\Program Files (x86)\TagScanner\Tagscan.exe"
                            4⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SetWindowsHookEx
                            PID:1384
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
                        2⤵
                          PID:3860
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
                          2⤵
                            PID:1124
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
                            2⤵
                              PID:4288
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
                              2⤵
                                PID:3844
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3924
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4312
                                • C:\Windows\system32\AUDIODG.EXE
                                  C:\Windows\system32\AUDIODG.EXE 0x53c 0x538
                                  1⤵
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:1948

                                Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Program Files (x86)\TagScanner\OptimFROG.dll

                                        Filesize

                                        74KB

                                        MD5

                                        f511cd6623d8b75955dcc4d503ac5817

                                        SHA1

                                        11b147dc1f6e06b3d3ef49be9a800f03a428814a

                                        SHA256

                                        de02e5a27a8ff0920187ff83b39b9b9866444fe58d3e57e4bbdb5741eb64563c

                                        SHA512

                                        b93be1955b2486cc6560911c41091001296cca75aa43f56265e2c3be6d7a97f51890cf48822f8215279eac83baf69caee0f552135dffbc669f949a7a784fcf95

                                      • C:\Program Files (x86)\TagScanner\Tagscan.exe

                                        Filesize

                                        2.2MB

                                        MD5

                                        16db98bcc3ec4358c172f37b0a98251e

                                        SHA1

                                        67b0348e974fcf91ca8a91ca979b627093c3889b

                                        SHA256

                                        a3ade065b6bdd93fa1dd9702a72b912c95fc325050dba319532511e93673dcfe

                                        SHA512

                                        2b3dfab9a945b3425458fd565cce0d2cdfe4e84ea8d89d1dfbf32e93110a3a1d14ec1ac04b478c9738fae2563383c295ae1081c64a9884f9634933a2fae80a33

                                      • C:\Program Files (x86)\TagScanner\Tagscan.exe

                                        Filesize

                                        5.1MB

                                        MD5

                                        a6e1b3c4d826ae23dfa4827a26b8e2cd

                                        SHA1

                                        34ec55b9c914c71c7ff4c612290c8212bb5d1b15

                                        SHA256

                                        50cbdfc93f07c02ebc8ff5bc8c1977a8276903f4a08f7121fccdd13147dafc85

                                        SHA512

                                        5987e79a4bc18ce8ca48c7d1a889f22635c1ee1535af674c05d056be541607bfba8c3dc967ee52a5790ea1facc571915b1ab280b2ab946ff737d0b3fa572bf0a

                                      • C:\Program Files (x86)\TagScanner\Tagscan.ini

                                        Filesize

                                        2KB

                                        MD5

                                        5117b55a6f083ab175f310c5e1cab335

                                        SHA1

                                        11344ad7cc633304159469d8d3535885a060fd62

                                        SHA256

                                        b30974349a89e89fbf587b486611f597a4306676a57e986a4ced16246c7d65ec

                                        SHA512

                                        0aa45339017dfafc3d48ffa828ec9b62328a26880b256d80c7a36b071f946270054b6f46e87c7249e7b5edee3f7f0c65e9762d920712004a08e97180153aad4b

                                      • C:\Program Files (x86)\TagScanner\bass.dll

                                        Filesize

                                        126KB

                                        MD5

                                        7b9496fab92a79476343ddedd4c76bad

                                        SHA1

                                        da14d2c772136adceee342960fadca6b82ba8e04

                                        SHA256

                                        a6e6bf75f452a5bd528cae33b1b4b5dece1e7dfaf5ae6da9dec822c7919776fa

                                        SHA512

                                        2bbccc92a8c77d1cf105fb7e9c8f576ccffe8b100b22e017147bc33d1346e3dea00c365472a65dc776ebbb969981b34fa1b5e576d7cd1c8fdfbe3a9ec89171a2

                                      • C:\Program Files (x86)\TagScanner\lang\English.lng

                                        Filesize

                                        16KB

                                        MD5

                                        7c730d15a066e6223167d066ad7d4100

                                        SHA1

                                        6d4a7830458d28bbfea1cd4c049a084f6b3fc6ed

                                        SHA256

                                        dd440ee37a786912b35adf2206de7ac7461a12546501f5c000dd05da14594467

                                        SHA512

                                        10edfba1b187fc3b4b3a479bbf284b75caf3aa30edeb742366698860b0f9a5a2461813d6a60bdb747313623cde95723ab4e6add09d04a7efbd82ff7d8fd47e91

                                      • C:\Program Files (x86)\TagScanner\libwebp.dll

                                        Filesize

                                        484KB

                                        MD5

                                        4a41d21a4a78cd320bbc74bca6dd957d

                                        SHA1

                                        5b6393ad08471cec791a4e237d6b46bf88be4362

                                        SHA256

                                        6ef8c9f5bcb173b87ddfb87c28f1ee1354a732df6c49ae04a03b5511050907ef

                                        SHA512

                                        16be3efde088f092abffbfe5ce052cbd56966fd9e6b1314838858b856977df458ca2d145c5ec6bbf69d75b59f87c223aa9c1a2a96f6b778c03854cb93513414e

                                      • C:\Program Files (x86)\TagScanner\plugins\bass_aac.dll

                                        Filesize

                                        192KB

                                        MD5

                                        64712f96809f4e3d14c032bc22c3c39b

                                        SHA1

                                        2162da0743e6ed856cd2ee26227b5b6f11940ede

                                        SHA256

                                        019dbc4918ad949a769ab8073497e131127049431baeabfeb3e8e93cc7ad2e17

                                        SHA512

                                        bb23582d1d2bd504f3e7adc0add587194981a8bbde4e800809eb054fd30d7c2dc8748193e364f44c632894ed0e48df4ddfccd94bef4f2f7443b3903821bc649c

                                      • C:\Program Files (x86)\TagScanner\plugins\bass_aac.dll

                                        Filesize

                                        115KB

                                        MD5

                                        077723c296eb3965ef304abc2b27ddd4

                                        SHA1

                                        9c5427c7061ec47c714feacd1621b4106fc844e7

                                        SHA256

                                        4140c253ff2dad794aab8c2dbba45d2c57d204014b6785ceebaf6ff7b42d35b5

                                        SHA512

                                        f627e95cb8c1a90e8a754d6c9b0fbb3e0b9c694d7df282cada57e317d8f77a65516d9d0e6b94ccafc8c17ebbc057e7d0b3f748cbc41509010fd9b6007b7d2f0b

                                      • C:\Program Files (x86)\TagScanner\plugins\bass_mpc.dll

                                        Filesize

                                        20KB

                                        MD5

                                        b65fd48f2dc05acbb3daef2cb5ecebd7

                                        SHA1

                                        cc3cb36ad01f7a17f850b5fb93485b1c280edff5

                                        SHA256

                                        05e2fa705d1e0c9d0d6676ee5948ed30797a7ce0cbe26d4284100f17ba50fd43

                                        SHA512

                                        e5f29025d03a905e78f092715d3d1243f75b905a2612e02f273f29c5df44241c1f22f373bd9289dfc4dbada4878226131ef3050cdc122ad5203044217409eef2

                                      • C:\Program Files (x86)\TagScanner\plugins\bass_ofr.dll

                                        Filesize

                                        5KB

                                        MD5

                                        b3cc560ac7a5d1d266cb54e9a5a4767e

                                        SHA1

                                        e169e924405c2114022674256afc28fe493fbfdf

                                        SHA256

                                        edde733a8d2ca65c8b4865525290e55b703530c954f001e68d1b76b2a54edcb5

                                        SHA512

                                        a836decacb42cc3f7d42e2bf7a482ae066f5d1df08cccc466880391028059516847e1bf71e4c6a90d2d34016519d16981ddeeacfb94e166e4a9a720d9cc5d699

                                      • C:\Program Files (x86)\TagScanner\plugins\bass_spx.dll

                                        Filesize

                                        35KB

                                        MD5

                                        6c282646b74671bf9c99361d238dfda7

                                        SHA1

                                        04f8188971d766a5fe649a79b98c82359f9de9f4

                                        SHA256

                                        72b842141069b6cb4a7af7401ce19fd5e76874064a94b09449a2888e0348cc0b

                                        SHA512

                                        0b5fd2f0a765667a95a891cf981b7822a94dd996e772ab87ef976c2d3f8d84884371ff3a265955881e749aae80d7b87c2ff361443f2eea6f709a85af79dcf6e5

                                      • C:\Program Files (x86)\TagScanner\plugins\bass_tta.dll

                                        Filesize

                                        7KB

                                        MD5

                                        1268dea570a7511fdc8e70c1149f6743

                                        SHA1

                                        1d646fc69145ec6a4c0c9cad80626ad40f22e8cd

                                        SHA256

                                        f266dba7b23321bf963c8d8b1257a50e1467faaab9952ef7ffed1b6844616649

                                        SHA512

                                        e19f0ea39ff7aa11830af5aad53343288c742be22299c815c84d24251fa2643b1e0401af04e5f9b25cab29601ea56783522ddb06c4195c6a609804880bae9e9b

                                      • C:\Program Files (x86)\TagScanner\plugins\bassalac.dll

                                        Filesize

                                        11KB

                                        MD5

                                        1e17ff3b6790a1afddc17a6e370cf45c

                                        SHA1

                                        b6953d98372a91ed123fcb48428c1e21c7f67f41

                                        SHA256

                                        7e9d0b214d97d29553453ad06d4e65cfec9b5001746d991f3d7a42caa0e2e5c1

                                        SHA512

                                        3a5cb6433894145e97133f70795e4c7929c86644db5480f487e8eb7a6d918ff4afcab3e9b279e74aee3a17fd74a67bbe81da92a02692e7e1555c2cd4eebeeb8d

                                      • C:\Program Files (x86)\TagScanner\plugins\bassape.dll

                                        Filesize

                                        38KB

                                        MD5

                                        c7a50ace28dde05b897e000fa398bbce

                                        SHA1

                                        33da507b06614f890d8c8239e71d3d1372e61daa

                                        SHA256

                                        f02979610f9be2f267aa3260bb3df0f79eeeb6f491a77ebbe719a44814602bcc

                                        SHA512

                                        4cd7f851c7778c99afed492a040597356f1596bd81548c803c45565975ca6f075d61bc497fce68c6b4fedc1d0b5fd0d84feaa187dc5e149f4e8e44492d999358

                                      • C:\Program Files (x86)\TagScanner\plugins\bassdsd.dll

                                        Filesize

                                        15KB

                                        MD5

                                        da1fe7594bfa7a6ef0cb86b5c6d11230

                                        SHA1

                                        576113a1707bbee9e849a4d04ce16692cd9b59a5

                                        SHA256

                                        775282e625cb37e57ce275a54e1a9beb22f4c4d54788c8a6de7f27ba4d715368

                                        SHA512

                                        0b497bb08c4aace83983daa283cebf4875da43b13b5f9223de7f0d941a66aee931c645158bd76af883a18c1d7339fef7fcd9917097a3989e6b60b9b3cc6a0ae3

                                      • C:\Program Files (x86)\TagScanner\plugins\bassflac.dll

                                        Filesize

                                        38KB

                                        MD5

                                        9f48dd702ab5be002f9223e3b45a2261

                                        SHA1

                                        10bd5feb780ead88ced4a50e67caed97ebf58367

                                        SHA256

                                        ce95f0706d725b0105fe5bf53349e5fcda4b8e49b0a187f058418874a200fbeb

                                        SHA512

                                        a4709ecad5b6a3928ffe613b5c20d114552da57950cc3b5fcdfd64e7369482e071164636281bdd4d4a50771cf3a3f1ec052deb72e80b48dbe22a6591f01445f9

                                      • C:\Program Files (x86)\TagScanner\plugins\bassopus.dll

                                        Filesize

                                        75KB

                                        MD5

                                        740214d5d3068c2a725d9e5e1b961ed3

                                        SHA1

                                        318f14ff0cba66987654f70aa64e0f3b1685f104

                                        SHA256

                                        d23e509dc530e03603903bc4041c5bb112c7f9901a755134df7e58edbdfc1e95

                                        SHA512

                                        a6cbfd455b57400b10f4a49e2c6694ccaef88e656748afa89c566856b4d24a4eaf27a6390e2a0def8b038efe003537ea452c074be043fbcdb726273cf8ab73e8

                                      • C:\Program Files (x86)\TagScanner\plugins\basswma.dll

                                        Filesize

                                        17KB

                                        MD5

                                        476bda1ee12c760a29e4ee43f593f878

                                        SHA1

                                        082b0f14c6c14a436fd85da865d2123ec2906c9c

                                        SHA256

                                        e1eb85821ebc1cdb879fbaa564c9d0a416aa7d4cb27fe8f4831c3956775c754c

                                        SHA512

                                        db0618a1072e9a21097c28c3805e11f13dc7b86fc47f008c7ba256a53dedbfb910383245ef7b558a03613c5bedd898c6d24fbaac09bb88330098ee9d18828171

                                      • C:\Program Files (x86)\TagScanner\plugins\basswv.dll

                                        Filesize

                                        39KB

                                        MD5

                                        f9ef28dba8f4641b1506b630c550bcfe

                                        SHA1

                                        8a019ff4d5f3b785bddcb5728589084831acdbfe

                                        SHA256

                                        ab82a641bd264d512d19147b70b5d28393cca43de16c5edb03ff030a725a4c6c

                                        SHA512

                                        0ad880cc94e2c47c89355a25a94d1087bc5bed584888997b9fb3aa6e55a3a391ec6e45dd06e24673974ad82cdb6b2f4ea9f560292ebca948ce82408ab1af20ef

                                      • C:\Program Files (x86)\TagScanner\scripts\Change case.tst

                                        Filesize

                                        148B

                                        MD5

                                        1a2b355108db0bb31b68c8587d28aa71

                                        SHA1

                                        567c8bf90cc516770658ff09ae749b2f8697afa7

                                        SHA256

                                        578680f431bd53a5fdd0924fff74e2094f214613d6313f693742faddbd1b87b1

                                        SHA512

                                        ad8171ec2aa25db4855e46ef140714060068066ce293011e2d991509be15c0934d78be96be3944fb241c3ddc50b18465d4f83d032b672cd5aa174d61a5154466

                                      • C:\Program Files (x86)\TagScanner\scripts\Discogs cleanup.tst

                                        Filesize

                                        554B

                                        MD5

                                        cba2d5bbf5c73a0897012c535e18d1fa

                                        SHA1

                                        1495a54115c63b7774b2e88829c81c731aa0d7bb

                                        SHA256

                                        20c337b22ce758b4800e5a81c68903176f5b804292f7a0aab89ac01d5d983cb1

                                        SHA512

                                        b8d6647a6ae803d5d8315bd866bad1f8847f8b1d3dd30748c696f858e223498639d3137f6d5b55772999a5d4a44441d280e00ed27a0c419fb146c49db52c13bc

                                      • C:\Program Files (x86)\TagScanner\scripts\Normalize english.tst

                                        Filesize

                                        1KB

                                        MD5

                                        7d7abbbe62b4250fab42468601bb44ee

                                        SHA1

                                        2b54c7577372f39f38700942b9b392b50de197de

                                        SHA256

                                        6e091f302caf015214051bf3688fbf4714c146c8280fb048d5cfae728cd46c5e

                                        SHA512

                                        5b28e8fd932c2420c7d2f54476354b4a7b07f312f33208b5cc7098e26e7482bdca39ae5940945bfd2c575efb139ad39e1346a9c64b8aa38779f79aaecfa88d2a

                                      • C:\Program Files (x86)\TagScanner\scripts\Standard values.tst

                                        Filesize

                                        939B

                                        MD5

                                        0e73c2a851a3b772da634a3bd453d623

                                        SHA1

                                        5593f54fd4a238050e3bc8f0f7f12b6d4d21e89a

                                        SHA256

                                        53072c63f6a7e576dd33b03e82f37fbbc2015cdea18d3df587c7c3dd8f29c3fc

                                        SHA512

                                        6914bb01d2dd0a653a000b391732d330c3290d5bd7cc21b4e72c9d13011997f211e9d7495b03c2a3c71f5c7038ab1560e48dfe17935a0e67bb74b6570bfffefc

                                      • C:\Program Files (x86)\TagScanner\scripts\Transliteration (Cyrillic).tst

                                        Filesize

                                        2KB

                                        MD5

                                        64667031b075952812c74feaaacd78b7

                                        SHA1

                                        d957546bd68d48af48670db7a9e73286a59cda62

                                        SHA256

                                        e7dd459a47811aeabccb4c28a74704a621421f5c69833fe9625f446bce1757e6

                                        SHA512

                                        43842f5d8c013b84067d109d5e96a42bf02cdb15f5a628f3a048464288299f1b0c64a9ee9a1d182c6cbc6e55665e93454ea97a5bfdd6ca67e96028499d4fd29a

                                      • C:\Program Files (x86)\TagScanner\scripts\UnTransliteration (Cyrillic).tst

                                        Filesize

                                        3KB

                                        MD5

                                        b8a438b2a779eda330eb2ee3ec5f1e04

                                        SHA1

                                        895442ea46f802badde0ca33a71f3dfac2e43667

                                        SHA256

                                        16808ef926d53e3483473182431d1b148b40067ef31762d9f18c7ee1f17f7e76

                                        SHA512

                                        5e9adebbf7424ff2794ae0e543f44cd2911d2cd0c3e9702674cf379287362017427f5370b1e94aa09b95af93418e35171b6d82ef154585fd802d01e47ae5dfac

                                      • C:\Program Files (x86)\TagScanner\scripts\csv - excel.tse

                                        Filesize

                                        349B

                                        MD5

                                        6f8f6951b533fe0501d6e5cfffb2c7ec

                                        SHA1

                                        409a181357c7e90191220275cfd26799e8ea3e37

                                        SHA256

                                        53342a357efd92a1a49391116bd1e3b6b78f6246ba5d051dcad0f6e812bbd71d

                                        SHA512

                                        24af039d589c69eb432c4c3e5f7e531d77bb8ee040c5f2d308a91021119eca4e48b6f279ab7ccc0e4e7849d0a6479078f51ceb453e27f37e8f885293445fbbfa

                                      • C:\Program Files (x86)\TagScanner\scripts\csv - simple.tse

                                        Filesize

                                        316B

                                        MD5

                                        a13c656816876b2798eae7b2e5ee89b8

                                        SHA1

                                        ef27689b8be314a4fcaf4b8a05f884910344750a

                                        SHA256

                                        8f3a1bc7f71086a87f640c788a0aeed640c4a212d3ff9b2bf3d9d9ced95fc042

                                        SHA512

                                        0139d1efc388c23c38fcd5860ebddd50a64dc5b5e32ad8b1b044a55211bfe0710dbae9070284acd682260619e2cd4e65957b841857d02a4d3af75a75a2d81a2d

                                      • C:\Program Files (x86)\TagScanner\scripts\html - extended album list.tse

                                        Filesize

                                        3KB

                                        MD5

                                        16890c25244dbcca445e7e63a5ca0cd5

                                        SHA1

                                        d99adbe4562dbea24452c8a4b9637a5611369d7b

                                        SHA256

                                        30e25ada3ed33bc3b0bccce9e61231d726423a20f24bbf2a05c2f66fa218f004

                                        SHA512

                                        7d7235a8d4d62e75edbc711d66a0f66f89032de292c49e0dfbbc5a9c6f07e792c91306ada4e8c5c2b77fa73fcfa3b83d6ad43a6d386f60b3817c6f66e38cda35

                                      • C:\Program Files (x86)\TagScanner\scripts\html - simple.tse

                                        Filesize

                                        2KB

                                        MD5

                                        5a8d9e6c6b2f353b1f6fa982b522d659

                                        SHA1

                                        2392140f296052cca0841ae5936791ba198309ef

                                        SHA256

                                        3fdf463afe8488d32eb9144210718389bb8c42d3b6c19a301cfd5750e2c22a75

                                        SHA512

                                        d89fdb3541b93fa7bc9e32e4d89f71a6a21a6d9a467c9453075cd8d96fbfae7fcce8376ffc92938a5729a713dbd7c6efe920e5a552e736a1e0629fee95f69a4f

                                      • C:\Program Files (x86)\TagScanner\scripts\m3u - playlists in folders.tse

                                        Filesize

                                        373B

                                        MD5

                                        5861d684e2067c6afb9df5f113cea987

                                        SHA1

                                        8616b46658e94863725c1a1424fca107ae412a1f

                                        SHA256

                                        6c450f8b18ab9ccdd42e0ded166443331e02d17d5a293c2d63d26343097b643a

                                        SHA512

                                        f1dba3f7f58e235b795a83570057efba4afdbbca4ecff747a8ed8c8de5c21639b4220535d3120a3093336c8ac9a17f14a6f4c24b1bf1c554b4e9f7db6a08466a

                                      • C:\Program Files (x86)\TagScanner\scripts\txt - folders info.tse

                                        Filesize

                                        649B

                                        MD5

                                        d567b405d2366902a8ad905ef353e6c3

                                        SHA1

                                        feb4cf16fb2f4b9e85c7f5381bd6fffe9e10d407

                                        SHA256

                                        25a96bfa56b9eb1327d9aa63bb873bb64c38934df93d893a7cd44d6914370c07

                                        SHA512

                                        481e2026eedc8cb1a5eb4466a725aefa19693217f4e9c36b2955f0638f9e9d125f65d7f0a1a6c897efcefe96b51d42547deea8f8d0ff9c6093dcfe8895782b9f

                                      • C:\Program Files (x86)\TagScanner\scripts\xml - albums list.tse

                                        Filesize

                                        1KB

                                        MD5

                                        8b363933d460c7d858202eb7bffba2d3

                                        SHA1

                                        4e6abf260ab8cf5c5c3cc3e9f7b7304f1e28620d

                                        SHA256

                                        cf5b845dcd6e6e74c2444c5f2dbe2f0914434db78b2b7a3450069a74a11ebd2c

                                        SHA512

                                        d9d525aba63235aa695f5ad57045a79ef10ef20ec15aee834546dd5b24527f9d3221406e430f85c718d1d1838836f74a2d8049a5b1e2eadb6a869cd35ff6df24

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                        Filesize

                                        152B

                                        MD5

                                        3bde7b7b0c0c9c66bdd8e3f712bd71eb

                                        SHA1

                                        266bd462e249f029df05311255a15c8f42719acc

                                        SHA256

                                        2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a

                                        SHA512

                                        5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                        Filesize

                                        152B

                                        MD5

                                        9cafa4c8eee7ab605ab279aafd19cc14

                                        SHA1

                                        e362e5d37d1a79e7b4a8642b068934e4571a55f1

                                        SHA256

                                        d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166

                                        SHA512

                                        eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                        Filesize

                                        180B

                                        MD5

                                        7ec7b033c03f6e5ad823aa20da6d2e03

                                        SHA1

                                        303dcf10b73db22de8a82e351d70110e5e13a4ba

                                        SHA256

                                        794a3e7194ff4c9e960d0439e9eda4a3ee9dbbc0e59801fa1b4d823252eab2b7

                                        SHA512

                                        ea8c614762350eb9efc76b5871119a0e01ba44ecc015eb8407761a8a454af36654a84ae4e08ce2abb63200406111ea7e03567feac9b6a2a4165237be62ac012e

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        d4fe67d435fc7dec1ff404508abe19b9

                                        SHA1

                                        fd9761f1d23515e36fed10ad2a042c4f3f49d6d5

                                        SHA256

                                        1641e769deabfea000e90889ee1b42cae7e0d87547ff223ba3cd69b7aecf3b59

                                        SHA512

                                        8a286c7e15e7d23d244e0bf6a306a64767736e089ca8173eccb9fea870438deb280aaed9916cebdbd61210cec0ebfb5021720874540800df22d7a7fb21ef9339

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        79d9b7456b1929b269cab70967ada00d

                                        SHA1

                                        0ab47b698fc68cc53432dde0d4bfedc84ce2b99a

                                        SHA256

                                        f2a5c56e955b821dc4cf6829180fe32ed289d3e426abd41747e9b874bfcd1c66

                                        SHA512

                                        3c7d2636df8cb0801de77ff08ce0ce64e6dd0c89000381f26ceb776ea89ec0900b4acb15892c9d43d4ed83e0affd5ad86cc3e208bf12c4cd6ac1e8d534d6a829

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aa4d7f12-1080-4b65-96f7-9d1adbe342a3.tmp

                                        Filesize

                                        6KB

                                        MD5

                                        a82fe3ba4e6e00c3880dcae87d03747d

                                        SHA1

                                        375d03e589309d25436a39e46871ca8d93c0b11d

                                        SHA256

                                        cb5cb9bd080e86df5f0307e11471b04ab850b5251fc7a099df72e1c644d92fb2

                                        SHA512

                                        c6dbe06fac14db68ec0b32d25eb423866fdad595eeeca7d8ac2182359cd177733d094e43fce212fd0770cbd87fd9e8a1a842b175bf9ea94abd63e4375f45a6e6

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                        Filesize

                                        16B

                                        MD5

                                        6752a1d65b201c13b62ea44016eb221f

                                        SHA1

                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                        SHA256

                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                        SHA512

                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                        Filesize

                                        11KB

                                        MD5

                                        c84254e2d0641be8222b410b170d74a8

                                        SHA1

                                        c16e9cd76eaabadcda8c932f0a64f06125e4a595

                                        SHA256

                                        049a6d556cf70b8e2588dea83fa6ec453630c98f31d49ef740c4691769761401

                                        SHA512

                                        297fd38e4941e103df96877796a14eb2588ca8ae951e7e63c01bff49b0a273c9456169220a2404818799819f9f6ac5306625c146d31dd522c9a255e2e5e49b75

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                        Filesize

                                        11KB

                                        MD5

                                        0f3b0d7fefe1df190c61220c8676e77f

                                        SHA1

                                        5e0b9fcd8f939a14df029cdecef617de95d7bdcf

                                        SHA256

                                        dc422d6486bdc898a060cde19ab0630097af4c0ec22dbafc8b6371abf4b0e68b

                                        SHA512

                                        22d1236b30232644d1371b1a22a4904c893f12ddf5931a9ed5f1306284108d031b9e9deaeab0431d037b35ad88e5957e113ad90e6d5ef4a67dba6624c9a786c8

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                        Filesize

                                        11KB

                                        MD5

                                        2ab11ded01c658c23291694d94582181

                                        SHA1

                                        53469ac5472042db7a31151c0f6d57f2ea0b1b23

                                        SHA256

                                        667c9dff8edfae3b7fdad585b986461a82f777150965796c5690e297c6d787d0

                                        SHA512

                                        2f5c0fce8999b79b2d18d1f8f83d72d9fabdeb442ac7b3008952c6b88879cf5c4858fabe41c6f766137e6e184fbee3659f2b83b72873cfcf69854dce790e480c

                                      • C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp

                                        Filesize

                                        2.4MB

                                        MD5

                                        84db4b4205f705da71471dc6ecc061f5

                                        SHA1

                                        b90bac8c13a1553d58feef95a2c41c64118b29cf

                                        SHA256

                                        647983ebde53e0501ff1af8ef6190dfeea5ccc64caf7dce808f1e3d98fb66a3c

                                        SHA512

                                        c5803b63d33bb409433b496b83ca2a7359b4b1835815386206283b3af5c54d7d1cb9e80244a888638c7703c4bf54e1b2c11be6836f20b9fea157ab92bfbf365a

                                      • C:\Users\Admin\Downloads\Unconfirmed 317131.crdownload

                                        Filesize

                                        4.3MB

                                        MD5

                                        2d0e3b9ab93ce26b08ce3be4bb927e2f

                                        SHA1

                                        716209cd92975a40459e8a4ce336646541e3c287

                                        SHA256

                                        76c6d901e705e067895f46181ff0ffc35336bdb7e0f22ddcf367da01ac4032eb

                                        SHA512

                                        0403c98e859efeb96a813c119b382c650c15cb0b0a338cf17b9ee61172be9b847522e5f3b478ccedada99de9f05a4e44868d51d275f65bc7be99fe46bd922957

                                      • C:\Users\Admin\Downloads\tagscan-6.1.16-setup.exe

                                        Filesize

                                        64KB

                                        MD5

                                        e66a50c399c779786e9d06f0c9daa92b

                                        SHA1

                                        cb4fc6ecda650d83ede59183200285ce6dd090bc

                                        SHA256

                                        4f79024119cab896eff20a5de32246af9bb09f687e0f988bac8595f47884ade8

                                        SHA512

                                        e28c5c2f8ebcad6fa1c6a9bec73a38f13070b398366acdf0620d164c06f02b36750ea4031cd9b485e142e6535194123e1c8fa1fceff9fd115c2266aee1110e40

                                      • memory/1384-389-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/1384-494-0x0000000005EF0000-0x0000000005EF3000-memory.dmp

                                        Filesize

                                        12KB

                                      • memory/1384-472-0x0000000005EF0000-0x0000000005EFC000-memory.dmp

                                        Filesize

                                        48KB

                                      • memory/1384-476-0x0000000074720000-0x000000007472B000-memory.dmp

                                        Filesize

                                        44KB

                                      • memory/1384-477-0x0000000005EF0000-0x0000000005EF4000-memory.dmp

                                        Filesize

                                        16KB

                                      • memory/1384-467-0x0000000005EF0000-0x0000000005EF6000-memory.dmp

                                        Filesize

                                        24KB

                                      • memory/1384-482-0x0000000005EF0000-0x0000000005EF4000-memory.dmp

                                        Filesize

                                        16KB

                                      • memory/1384-480-0x00000000741C0000-0x00000000741D3000-memory.dmp

                                        Filesize

                                        76KB

                                      • memory/1384-458-0x0000000005490000-0x0000000005491000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/1384-461-0x0000000005EF0000-0x0000000005EF7000-memory.dmp

                                        Filesize

                                        28KB

                                      • memory/1384-460-0x0000000074760000-0x0000000074776000-memory.dmp

                                        Filesize

                                        88KB

                                      • memory/1384-441-0x0000000005490000-0x0000000005491000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/1384-497-0x0000000010000000-0x0000000010007000-memory.dmp

                                        Filesize

                                        28KB

                                      • memory/1384-500-0x0000000005EF0000-0x0000000005F20000-memory.dmp

                                        Filesize

                                        192KB

                                      • memory/1384-502-0x0000000005F20000-0x0000000005F21000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/1384-501-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/1384-514-0x0000000005EF0000-0x0000000005EF4000-memory.dmp

                                        Filesize

                                        16KB

                                      • memory/1384-496-0x0000000074100000-0x0000000074113000-memory.dmp

                                        Filesize

                                        76KB

                                      • memory/1384-513-0x0000000005EF0000-0x0000000005EFC000-memory.dmp

                                        Filesize

                                        48KB

                                      • memory/1384-471-0x00000000741E0000-0x00000000741FF000-memory.dmp

                                        Filesize

                                        124KB

                                      • memory/1384-492-0x0000000000F70000-0x0000000000F8C000-memory.dmp

                                        Filesize

                                        112KB

                                      • memory/1384-390-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/1384-486-0x0000000074160000-0x000000007416F000-memory.dmp

                                        Filesize

                                        60KB

                                      • memory/1384-385-0x0000000073390000-0x00000000733DB000-memory.dmp

                                        Filesize

                                        300KB

                                      • memory/1384-386-0x0000000000F70000-0x0000000000F8C000-memory.dmp

                                        Filesize

                                        112KB

                                      • memory/1384-468-0x0000000005EF0000-0x0000000005EF6000-memory.dmp

                                        Filesize

                                        24KB

                                      • memory/1384-466-0x0000000074730000-0x0000000074741000-memory.dmp

                                        Filesize

                                        68KB

                                      • memory/1384-512-0x0000000005EF0000-0x0000000005EF6000-memory.dmp

                                        Filesize

                                        24KB

                                      • memory/1384-505-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/1384-508-0x0000000000400000-0x0000000000990000-memory.dmp

                                        Filesize

                                        5.6MB

                                      • memory/1384-509-0x0000000010000000-0x0000000010007000-memory.dmp

                                        Filesize

                                        28KB

                                      • memory/1384-510-0x0000000005EF0000-0x0000000005F20000-memory.dmp

                                        Filesize

                                        192KB

                                      • memory/1384-511-0x0000000005EF0000-0x0000000005EF7000-memory.dmp

                                        Filesize

                                        28KB

                                      • memory/1412-394-0x0000000000400000-0x00000000004BE000-memory.dmp

                                        Filesize

                                        760KB

                                      • memory/1412-101-0x0000000000400000-0x00000000004BE000-memory.dmp

                                        Filesize

                                        760KB

                                      • memory/1412-67-0x0000000000400000-0x00000000004BE000-memory.dmp

                                        Filesize

                                        760KB

                                      • memory/1628-102-0x0000000000400000-0x0000000000679000-memory.dmp

                                        Filesize

                                        2.5MB

                                      • memory/1628-393-0x0000000000400000-0x0000000000679000-memory.dmp

                                        Filesize

                                        2.5MB

                                      • memory/1628-73-0x0000000000B50000-0x0000000000B51000-memory.dmp

                                        Filesize

                                        4KB