Malware Analysis Report

2025-08-06 00:04

Sample ID 240223-mxwg9aeh91
Target https://www.xdlab.ru/files/tagscan-6.1.16-setup.exe
Tags
discovery upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://www.xdlab.ru/files/tagscan-6.1.16-setup.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery upx

Downloads MZ/PE file

UPX packed file

ACProtect 1.3x - 1.4x DLL software

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-23 10:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-23 10:51

Reported

2024-02-23 10:52

Platform

win10v2004-20240221-en

Max time kernel

45s

Max time network

43s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.xdlab.ru/files/tagscan-6.1.16-setup.exe

Signatures

Downloads MZ/PE file

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\TagScanner\is-S4QIO.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-1KOBB.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\plugins\is-DGNGU.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\plugins\is-5N9NB.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\plugins\is-MUUBK.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-RNQB3.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-DIJM0.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\is-RN650.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-16IKE.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-5OI1J.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-BFRMH.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-GGRGP.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-9LGTO.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-QNG7R.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\scripts\is-MOKMH.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File opened for modification C:\Program Files (x86)\TagScanner\OptimFROG.dll C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-75HH7.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-SPUFQ.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-42OE6.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File opened for modification C:\Program Files (x86)\TagScanner\plugins\bassflac.dll C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-39DUJ.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-1QBNK.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\is-SJQOF.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\is-UD2PQ.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-N9DM0.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-6KL17.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\is-96K2F.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\is-VL1VQ.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-7IK4B.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-V0CO5.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-UH3BJ.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\is-NS8IK.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-P2PEG.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-B2P1U.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-6OK51.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File opened for modification C:\Program Files (x86)\TagScanner\ssleay32.dll C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File opened for modification C:\Program Files (x86)\TagScanner\plugins\bass_tta.dll C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-Q4CS9.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\is-A70QH.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-VCI8B.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File opened for modification C:\Program Files (x86)\TagScanner\plugins\bass_aac.dll C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-PD2MN.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-HJKBQ.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-DBNPH.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\is-VRJ6T.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\is-4VK6I.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-DE9AD.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-AAFRT.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-QJ0B4.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-70HDD.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-NPAGE.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\scripts\is-TD4FJ.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File opened for modification C:\Program Files (x86)\TagScanner\libeay32.dll C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-KLUOP.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\plugins\is-AH1GT.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\is-2UFE7.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\is-GRM9O.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-M6B2N.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-0VSMO.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\scripts\is-J81VQ.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File opened for modification C:\Program Files (x86)\TagScanner\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\lang\is-GVBD9.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\is-2GP4S.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
File created C:\Program Files (x86)\TagScanner\help\i\is-TPG0D.tmp C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 317131.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp N/A
N/A N/A C:\Program Files (x86)\TagScanner\Tagscan.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\TagScanner\Tagscan.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1408 wrote to memory of 1448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 1448 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 3076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1408 wrote to memory of 4616 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.xdlab.ru/files/tagscan-6.1.16-setup.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdfd846f8,0x7ffbdfd84708,0x7ffbdfd84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8

C:\Users\Admin\Downloads\tagscan-6.1.16-setup.exe

"C:\Users\Admin\Downloads\tagscan-6.1.16-setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp" /SL5="$601D8,3721640,721408,C:\Users\Admin\Downloads\tagscan-6.1.16-setup.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2142407060509028225,16865418415790909728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1

C:\Program Files (x86)\TagScanner\Tagscan.exe

"C:\Program Files (x86)\TagScanner\Tagscan.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x53c 0x538

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.xdlab.ru udp
RU 92.53.96.135:443 www.xdlab.ru tcp
RU 92.53.96.135:443 www.xdlab.ru tcp
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 135.96.53.92.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
RU 92.53.96.135:80 www.xdlab.ru tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9cafa4c8eee7ab605ab279aafd19cc14
SHA1 e362e5d37d1a79e7b4a8642b068934e4571a55f1
SHA256 d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166
SHA512 eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6

\??\pipe\LOCAL\crashpad_1408_WLJMEXEGVDKLDZPB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3bde7b7b0c0c9c66bdd8e3f712bd71eb
SHA1 266bd462e249f029df05311255a15c8f42719acc
SHA256 2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a
SHA512 5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 79d9b7456b1929b269cab70967ada00d
SHA1 0ab47b698fc68cc53432dde0d4bfedc84ce2b99a
SHA256 f2a5c56e955b821dc4cf6829180fe32ed289d3e426abd41747e9b874bfcd1c66
SHA512 3c7d2636df8cb0801de77ff08ce0ce64e6dd0c89000381f26ceb776ea89ec0900b4acb15892c9d43d4ed83e0affd5ad86cc3e208bf12c4cd6ac1e8d534d6a829

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\Downloads\Unconfirmed 317131.crdownload

MD5 2d0e3b9ab93ce26b08ce3be4bb927e2f
SHA1 716209cd92975a40459e8a4ce336646541e3c287
SHA256 76c6d901e705e067895f46181ff0ffc35336bdb7e0f22ddcf367da01ac4032eb
SHA512 0403c98e859efeb96a813c119b382c650c15cb0b0a338cf17b9ee61172be9b847522e5f3b478ccedada99de9f05a4e44868d51d275f65bc7be99fe46bd922957

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2ab11ded01c658c23291694d94582181
SHA1 53469ac5472042db7a31151c0f6d57f2ea0b1b23
SHA256 667c9dff8edfae3b7fdad585b986461a82f777150965796c5690e297c6d787d0
SHA512 2f5c0fce8999b79b2d18d1f8f83d72d9fabdeb442ac7b3008952c6b88879cf5c4858fabe41c6f766137e6e184fbee3659f2b83b72873cfcf69854dce790e480c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aa4d7f12-1080-4b65-96f7-9d1adbe342a3.tmp

MD5 a82fe3ba4e6e00c3880dcae87d03747d
SHA1 375d03e589309d25436a39e46871ca8d93c0b11d
SHA256 cb5cb9bd080e86df5f0307e11471b04ab850b5251fc7a099df72e1c644d92fb2
SHA512 c6dbe06fac14db68ec0b32d25eb423866fdad595eeeca7d8ac2182359cd177733d094e43fce212fd0770cbd87fd9e8a1a842b175bf9ea94abd63e4375f45a6e6

memory/1412-67-0x0000000000400000-0x00000000004BE000-memory.dmp

C:\Users\Admin\Downloads\tagscan-6.1.16-setup.exe

MD5 e66a50c399c779786e9d06f0c9daa92b
SHA1 cb4fc6ecda650d83ede59183200285ce6dd090bc
SHA256 4f79024119cab896eff20a5de32246af9bb09f687e0f988bac8595f47884ade8
SHA512 e28c5c2f8ebcad6fa1c6a9bec73a38f13070b398366acdf0620d164c06f02b36750ea4031cd9b485e142e6535194123e1c8fa1fceff9fd115c2266aee1110e40

C:\Users\Admin\AppData\Local\Temp\is-U5B68.tmp\tagscan-6.1.16-setup.tmp

MD5 84db4b4205f705da71471dc6ecc061f5
SHA1 b90bac8c13a1553d58feef95a2c41c64118b29cf
SHA256 647983ebde53e0501ff1af8ef6190dfeea5ccc64caf7dce808f1e3d98fb66a3c
SHA512 c5803b63d33bb409433b496b83ca2a7359b4b1835815386206283b3af5c54d7d1cb9e80244a888638c7703c4bf54e1b2c11be6836f20b9fea157ab92bfbf365a

memory/1628-73-0x0000000000B50000-0x0000000000B51000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c84254e2d0641be8222b410b170d74a8
SHA1 c16e9cd76eaabadcda8c932f0a64f06125e4a595
SHA256 049a6d556cf70b8e2588dea83fa6ec453630c98f31d49ef740c4691769761401
SHA512 297fd38e4941e103df96877796a14eb2588ca8ae951e7e63c01bff49b0a273c9456169220a2404818799819f9f6ac5306625c146d31dd522c9a255e2e5e49b75

memory/1412-101-0x0000000000400000-0x00000000004BE000-memory.dmp

memory/1628-102-0x0000000000400000-0x0000000000679000-memory.dmp

C:\Program Files (x86)\TagScanner\Tagscan.exe

MD5 16db98bcc3ec4358c172f37b0a98251e
SHA1 67b0348e974fcf91ca8a91ca979b627093c3889b
SHA256 a3ade065b6bdd93fa1dd9702a72b912c95fc325050dba319532511e93673dcfe
SHA512 2b3dfab9a945b3425458fd565cce0d2cdfe4e84ea8d89d1dfbf32e93110a3a1d14ec1ac04b478c9738fae2563383c295ae1081c64a9884f9634933a2fae80a33

C:\Program Files (x86)\TagScanner\Tagscan.exe

MD5 a6e1b3c4d826ae23dfa4827a26b8e2cd
SHA1 34ec55b9c914c71c7ff4c612290c8212bb5d1b15
SHA256 50cbdfc93f07c02ebc8ff5bc8c1977a8276903f4a08f7121fccdd13147dafc85
SHA512 5987e79a4bc18ce8ca48c7d1a889f22635c1ee1535af674c05d056be541607bfba8c3dc967ee52a5790ea1facc571915b1ab280b2ab946ff737d0b3fa572bf0a

C:\Program Files (x86)\TagScanner\libwebp.dll

MD5 4a41d21a4a78cd320bbc74bca6dd957d
SHA1 5b6393ad08471cec791a4e237d6b46bf88be4362
SHA256 6ef8c9f5bcb173b87ddfb87c28f1ee1354a732df6c49ae04a03b5511050907ef
SHA512 16be3efde088f092abffbfe5ce052cbd56966fd9e6b1314838858b856977df458ca2d145c5ec6bbf69d75b59f87c223aa9c1a2a96f6b778c03854cb93513414e

C:\Program Files (x86)\TagScanner\bass.dll

MD5 7b9496fab92a79476343ddedd4c76bad
SHA1 da14d2c772136adceee342960fadca6b82ba8e04
SHA256 a6e6bf75f452a5bd528cae33b1b4b5dece1e7dfaf5ae6da9dec822c7919776fa
SHA512 2bbccc92a8c77d1cf105fb7e9c8f576ccffe8b100b22e017147bc33d1346e3dea00c365472a65dc776ebbb969981b34fa1b5e576d7cd1c8fdfbe3a9ec89171a2

memory/1384-386-0x0000000000F70000-0x0000000000F8C000-memory.dmp

memory/1384-385-0x0000000073390000-0x00000000733DB000-memory.dmp

memory/1384-389-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

memory/1384-390-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

memory/1628-393-0x0000000000400000-0x0000000000679000-memory.dmp

memory/1412-394-0x0000000000400000-0x00000000004BE000-memory.dmp

C:\Program Files (x86)\TagScanner\Tagscan.ini

MD5 5117b55a6f083ab175f310c5e1cab335
SHA1 11344ad7cc633304159469d8d3535885a060fd62
SHA256 b30974349a89e89fbf587b486611f597a4306676a57e986a4ced16246c7d65ec
SHA512 0aa45339017dfafc3d48ffa828ec9b62328a26880b256d80c7a36b071f946270054b6f46e87c7249e7b5edee3f7f0c65e9762d920712004a08e97180153aad4b

C:\Program Files (x86)\TagScanner\scripts\Change case.tst

MD5 1a2b355108db0bb31b68c8587d28aa71
SHA1 567c8bf90cc516770658ff09ae749b2f8697afa7
SHA256 578680f431bd53a5fdd0924fff74e2094f214613d6313f693742faddbd1b87b1
SHA512 ad8171ec2aa25db4855e46ef140714060068066ce293011e2d991509be15c0934d78be96be3944fb241c3ddc50b18465d4f83d032b672cd5aa174d61a5154466

C:\Program Files (x86)\TagScanner\scripts\Discogs cleanup.tst

MD5 cba2d5bbf5c73a0897012c535e18d1fa
SHA1 1495a54115c63b7774b2e88829c81c731aa0d7bb
SHA256 20c337b22ce758b4800e5a81c68903176f5b804292f7a0aab89ac01d5d983cb1
SHA512 b8d6647a6ae803d5d8315bd866bad1f8847f8b1d3dd30748c696f858e223498639d3137f6d5b55772999a5d4a44441d280e00ed27a0c419fb146c49db52c13bc

C:\Program Files (x86)\TagScanner\scripts\csv - simple.tse

MD5 a13c656816876b2798eae7b2e5ee89b8
SHA1 ef27689b8be314a4fcaf4b8a05f884910344750a
SHA256 8f3a1bc7f71086a87f640c788a0aeed640c4a212d3ff9b2bf3d9d9ced95fc042
SHA512 0139d1efc388c23c38fcd5860ebddd50a64dc5b5e32ad8b1b044a55211bfe0710dbae9070284acd682260619e2cd4e65957b841857d02a4d3af75a75a2d81a2d

C:\Program Files (x86)\TagScanner\scripts\csv - excel.tse

MD5 6f8f6951b533fe0501d6e5cfffb2c7ec
SHA1 409a181357c7e90191220275cfd26799e8ea3e37
SHA256 53342a357efd92a1a49391116bd1e3b6b78f6246ba5d051dcad0f6e812bbd71d
SHA512 24af039d589c69eb432c4c3e5f7e531d77bb8ee040c5f2d308a91021119eca4e48b6f279ab7ccc0e4e7849d0a6479078f51ceb453e27f37e8f885293445fbbfa

C:\Program Files (x86)\TagScanner\scripts\txt - folders info.tse

MD5 d567b405d2366902a8ad905ef353e6c3
SHA1 feb4cf16fb2f4b9e85c7f5381bd6fffe9e10d407
SHA256 25a96bfa56b9eb1327d9aa63bb873bb64c38934df93d893a7cd44d6914370c07
SHA512 481e2026eedc8cb1a5eb4466a725aefa19693217f4e9c36b2955f0638f9e9d125f65d7f0a1a6c897efcefe96b51d42547deea8f8d0ff9c6093dcfe8895782b9f

C:\Program Files (x86)\TagScanner\scripts\xml - albums list.tse

MD5 8b363933d460c7d858202eb7bffba2d3
SHA1 4e6abf260ab8cf5c5c3cc3e9f7b7304f1e28620d
SHA256 cf5b845dcd6e6e74c2444c5f2dbe2f0914434db78b2b7a3450069a74a11ebd2c
SHA512 d9d525aba63235aa695f5ad57045a79ef10ef20ec15aee834546dd5b24527f9d3221406e430f85c718d1d1838836f74a2d8049a5b1e2eadb6a869cd35ff6df24

C:\Program Files (x86)\TagScanner\scripts\UnTransliteration (Cyrillic).tst

MD5 b8a438b2a779eda330eb2ee3ec5f1e04
SHA1 895442ea46f802badde0ca33a71f3dfac2e43667
SHA256 16808ef926d53e3483473182431d1b148b40067ef31762d9f18c7ee1f17f7e76
SHA512 5e9adebbf7424ff2794ae0e543f44cd2911d2cd0c3e9702674cf379287362017427f5370b1e94aa09b95af93418e35171b6d82ef154585fd802d01e47ae5dfac

C:\Program Files (x86)\TagScanner\scripts\Transliteration (Cyrillic).tst

MD5 64667031b075952812c74feaaacd78b7
SHA1 d957546bd68d48af48670db7a9e73286a59cda62
SHA256 e7dd459a47811aeabccb4c28a74704a621421f5c69833fe9625f446bce1757e6
SHA512 43842f5d8c013b84067d109d5e96a42bf02cdb15f5a628f3a048464288299f1b0c64a9ee9a1d182c6cbc6e55665e93454ea97a5bfdd6ca67e96028499d4fd29a

C:\Program Files (x86)\TagScanner\scripts\Standard values.tst

MD5 0e73c2a851a3b772da634a3bd453d623
SHA1 5593f54fd4a238050e3bc8f0f7f12b6d4d21e89a
SHA256 53072c63f6a7e576dd33b03e82f37fbbc2015cdea18d3df587c7c3dd8f29c3fc
SHA512 6914bb01d2dd0a653a000b391732d330c3290d5bd7cc21b4e72c9d13011997f211e9d7495b03c2a3c71f5c7038ab1560e48dfe17935a0e67bb74b6570bfffefc

C:\Program Files (x86)\TagScanner\scripts\Normalize english.tst

MD5 7d7abbbe62b4250fab42468601bb44ee
SHA1 2b54c7577372f39f38700942b9b392b50de197de
SHA256 6e091f302caf015214051bf3688fbf4714c146c8280fb048d5cfae728cd46c5e
SHA512 5b28e8fd932c2420c7d2f54476354b4a7b07f312f33208b5cc7098e26e7482bdca39ae5940945bfd2c575efb139ad39e1346a9c64b8aa38779f79aaecfa88d2a

C:\Program Files (x86)\TagScanner\scripts\m3u - playlists in folders.tse

MD5 5861d684e2067c6afb9df5f113cea987
SHA1 8616b46658e94863725c1a1424fca107ae412a1f
SHA256 6c450f8b18ab9ccdd42e0ded166443331e02d17d5a293c2d63d26343097b643a
SHA512 f1dba3f7f58e235b795a83570057efba4afdbbca4ecff747a8ed8c8de5c21639b4220535d3120a3093336c8ac9a17f14a6f4c24b1bf1c554b4e9f7db6a08466a

C:\Program Files (x86)\TagScanner\scripts\html - simple.tse

MD5 5a8d9e6c6b2f353b1f6fa982b522d659
SHA1 2392140f296052cca0841ae5936791ba198309ef
SHA256 3fdf463afe8488d32eb9144210718389bb8c42d3b6c19a301cfd5750e2c22a75
SHA512 d89fdb3541b93fa7bc9e32e4d89f71a6a21a6d9a467c9453075cd8d96fbfae7fcce8376ffc92938a5729a713dbd7c6efe920e5a552e736a1e0629fee95f69a4f

C:\Program Files (x86)\TagScanner\scripts\html - extended album list.tse

MD5 16890c25244dbcca445e7e63a5ca0cd5
SHA1 d99adbe4562dbea24452c8a4b9637a5611369d7b
SHA256 30e25ada3ed33bc3b0bccce9e61231d726423a20f24bbf2a05c2f66fa218f004
SHA512 7d7235a8d4d62e75edbc711d66a0f66f89032de292c49e0dfbbc5a9c6f07e792c91306ada4e8c5c2b77fa73fcfa3b83d6ad43a6d386f60b3817c6f66e38cda35

C:\Program Files (x86)\TagScanner\lang\English.lng

MD5 7c730d15a066e6223167d066ad7d4100
SHA1 6d4a7830458d28bbfea1cd4c049a084f6b3fc6ed
SHA256 dd440ee37a786912b35adf2206de7ac7461a12546501f5c000dd05da14594467
SHA512 10edfba1b187fc3b4b3a479bbf284b75caf3aa30edeb742366698860b0f9a5a2461813d6a60bdb747313623cde95723ab4e6add09d04a7efbd82ff7d8fd47e91

memory/1384-441-0x0000000005490000-0x0000000005491000-memory.dmp

C:\Program Files (x86)\TagScanner\plugins\bassalac.dll

MD5 1e17ff3b6790a1afddc17a6e370cf45c
SHA1 b6953d98372a91ed123fcb48428c1e21c7f67f41
SHA256 7e9d0b214d97d29553453ad06d4e65cfec9b5001746d991f3d7a42caa0e2e5c1
SHA512 3a5cb6433894145e97133f70795e4c7929c86644db5480f487e8eb7a6d918ff4afcab3e9b279e74aee3a17fd74a67bbe81da92a02692e7e1555c2cd4eebeeb8d

C:\Program Files (x86)\TagScanner\plugins\bassape.dll

MD5 c7a50ace28dde05b897e000fa398bbce
SHA1 33da507b06614f890d8c8239e71d3d1372e61daa
SHA256 f02979610f9be2f267aa3260bb3df0f79eeeb6f491a77ebbe719a44814602bcc
SHA512 4cd7f851c7778c99afed492a040597356f1596bd81548c803c45565975ca6f075d61bc497fce68c6b4fedc1d0b5fd0d84feaa187dc5e149f4e8e44492d999358

memory/1384-460-0x0000000074760000-0x0000000074776000-memory.dmp

memory/1384-461-0x0000000005EF0000-0x0000000005EF7000-memory.dmp

memory/1384-458-0x0000000005490000-0x0000000005491000-memory.dmp

C:\Program Files (x86)\TagScanner\plugins\bassdsd.dll

MD5 da1fe7594bfa7a6ef0cb86b5c6d11230
SHA1 576113a1707bbee9e849a4d04ce16692cd9b59a5
SHA256 775282e625cb37e57ce275a54e1a9beb22f4c4d54788c8a6de7f27ba4d715368
SHA512 0b497bb08c4aace83983daa283cebf4875da43b13b5f9223de7f0d941a66aee931c645158bd76af883a18c1d7339fef7fcd9917097a3989e6b60b9b3cc6a0ae3

memory/1384-467-0x0000000005EF0000-0x0000000005EF6000-memory.dmp

memory/1384-471-0x00000000741E0000-0x00000000741FF000-memory.dmp

memory/1384-472-0x0000000005EF0000-0x0000000005EFC000-memory.dmp

memory/1384-476-0x0000000074720000-0x000000007472B000-memory.dmp

memory/1384-477-0x0000000005EF0000-0x0000000005EF4000-memory.dmp

C:\Program Files (x86)\TagScanner\plugins\bass_aac.dll

MD5 64712f96809f4e3d14c032bc22c3c39b
SHA1 2162da0743e6ed856cd2ee26227b5b6f11940ede
SHA256 019dbc4918ad949a769ab8073497e131127049431baeabfeb3e8e93cc7ad2e17
SHA512 bb23582d1d2bd504f3e7adc0add587194981a8bbde4e800809eb054fd30d7c2dc8748193e364f44c632894ed0e48df4ddfccd94bef4f2f7443b3903821bc649c

memory/1384-482-0x0000000005EF0000-0x0000000005EF4000-memory.dmp

memory/1384-480-0x00000000741C0000-0x00000000741D3000-memory.dmp

C:\Program Files (x86)\TagScanner\plugins\bass_aac.dll

MD5 077723c296eb3965ef304abc2b27ddd4
SHA1 9c5427c7061ec47c714feacd1621b4106fc844e7
SHA256 4140c253ff2dad794aab8c2dbba45d2c57d204014b6785ceebaf6ff7b42d35b5
SHA512 f627e95cb8c1a90e8a754d6c9b0fbb3e0b9c694d7df282cada57e317d8f77a65516d9d0e6b94ccafc8c17ebbc057e7d0b3f748cbc41509010fd9b6007b7d2f0b

C:\Program Files (x86)\TagScanner\plugins\basswv.dll

MD5 f9ef28dba8f4641b1506b630c550bcfe
SHA1 8a019ff4d5f3b785bddcb5728589084831acdbfe
SHA256 ab82a641bd264d512d19147b70b5d28393cca43de16c5edb03ff030a725a4c6c
SHA512 0ad880cc94e2c47c89355a25a94d1087bc5bed584888997b9fb3aa6e55a3a391ec6e45dd06e24673974ad82cdb6b2f4ea9f560292ebca948ce82408ab1af20ef

C:\Program Files (x86)\TagScanner\plugins\bass_mpc.dll

MD5 b65fd48f2dc05acbb3daef2cb5ecebd7
SHA1 cc3cb36ad01f7a17f850b5fb93485b1c280edff5
SHA256 05e2fa705d1e0c9d0d6676ee5948ed30797a7ce0cbe26d4284100f17ba50fd43
SHA512 e5f29025d03a905e78f092715d3d1243f75b905a2612e02f273f29c5df44241c1f22f373bd9289dfc4dbada4878226131ef3050cdc122ad5203044217409eef2

C:\Program Files (x86)\TagScanner\plugins\bass_ofr.dll

MD5 b3cc560ac7a5d1d266cb54e9a5a4767e
SHA1 e169e924405c2114022674256afc28fe493fbfdf
SHA256 edde733a8d2ca65c8b4865525290e55b703530c954f001e68d1b76b2a54edcb5
SHA512 a836decacb42cc3f7d42e2bf7a482ae066f5d1df08cccc466880391028059516847e1bf71e4c6a90d2d34016519d16981ddeeacfb94e166e4a9a720d9cc5d699

memory/1384-497-0x0000000010000000-0x0000000010007000-memory.dmp

memory/1384-500-0x0000000005EF0000-0x0000000005F20000-memory.dmp

memory/1384-502-0x0000000005F20000-0x0000000005F21000-memory.dmp

memory/1384-501-0x0000000002CE0000-0x0000000002CE1000-memory.dmp

C:\Program Files (x86)\TagScanner\plugins\bass_tta.dll

MD5 1268dea570a7511fdc8e70c1149f6743
SHA1 1d646fc69145ec6a4c0c9cad80626ad40f22e8cd
SHA256 f266dba7b23321bf963c8d8b1257a50e1467faaab9952ef7ffed1b6844616649
SHA512 e19f0ea39ff7aa11830af5aad53343288c742be22299c815c84d24251fa2643b1e0401af04e5f9b25cab29601ea56783522ddb06c4195c6a609804880bae9e9b

memory/1384-496-0x0000000074100000-0x0000000074113000-memory.dmp

C:\Program Files (x86)\TagScanner\plugins\bass_spx.dll

MD5 6c282646b74671bf9c99361d238dfda7
SHA1 04f8188971d766a5fe649a79b98c82359f9de9f4
SHA256 72b842141069b6cb4a7af7401ce19fd5e76874064a94b09449a2888e0348cc0b
SHA512 0b5fd2f0a765667a95a891cf981b7822a94dd996e772ab87ef976c2d3f8d84884371ff3a265955881e749aae80d7b87c2ff361443f2eea6f709a85af79dcf6e5

memory/1384-494-0x0000000005EF0000-0x0000000005EF3000-memory.dmp

memory/1384-492-0x0000000000F70000-0x0000000000F8C000-memory.dmp

C:\Program Files (x86)\TagScanner\OptimFROG.dll

MD5 f511cd6623d8b75955dcc4d503ac5817
SHA1 11b147dc1f6e06b3d3ef49be9a800f03a428814a
SHA256 de02e5a27a8ff0920187ff83b39b9b9866444fe58d3e57e4bbdb5741eb64563c
SHA512 b93be1955b2486cc6560911c41091001296cca75aa43f56265e2c3be6d7a97f51890cf48822f8215279eac83baf69caee0f552135dffbc669f949a7a784fcf95

memory/1384-486-0x0000000074160000-0x000000007416F000-memory.dmp

C:\Program Files (x86)\TagScanner\plugins\basswma.dll

MD5 476bda1ee12c760a29e4ee43f593f878
SHA1 082b0f14c6c14a436fd85da865d2123ec2906c9c
SHA256 e1eb85821ebc1cdb879fbaa564c9d0a416aa7d4cb27fe8f4831c3956775c754c
SHA512 db0618a1072e9a21097c28c3805e11f13dc7b86fc47f008c7ba256a53dedbfb910383245ef7b558a03613c5bedd898c6d24fbaac09bb88330098ee9d18828171

C:\Program Files (x86)\TagScanner\plugins\bassopus.dll

MD5 740214d5d3068c2a725d9e5e1b961ed3
SHA1 318f14ff0cba66987654f70aa64e0f3b1685f104
SHA256 d23e509dc530e03603903bc4041c5bb112c7f9901a755134df7e58edbdfc1e95
SHA512 a6cbfd455b57400b10f4a49e2c6694ccaef88e656748afa89c566856b4d24a4eaf27a6390e2a0def8b038efe003537ea452c074be043fbcdb726273cf8ab73e8

memory/1384-468-0x0000000005EF0000-0x0000000005EF6000-memory.dmp

memory/1384-466-0x0000000074730000-0x0000000074741000-memory.dmp

C:\Program Files (x86)\TagScanner\plugins\bassflac.dll

MD5 9f48dd702ab5be002f9223e3b45a2261
SHA1 10bd5feb780ead88ced4a50e67caed97ebf58367
SHA256 ce95f0706d725b0105fe5bf53349e5fcda4b8e49b0a187f058418874a200fbeb
SHA512 a4709ecad5b6a3928ffe613b5c20d114552da57950cc3b5fcdfd64e7369482e071164636281bdd4d4a50771cf3a3f1ec052deb72e80b48dbe22a6591f01445f9

memory/1384-505-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

memory/1384-508-0x0000000000400000-0x0000000000990000-memory.dmp

memory/1384-509-0x0000000010000000-0x0000000010007000-memory.dmp

memory/1384-510-0x0000000005EF0000-0x0000000005F20000-memory.dmp

memory/1384-511-0x0000000005EF0000-0x0000000005EF7000-memory.dmp

memory/1384-512-0x0000000005EF0000-0x0000000005EF6000-memory.dmp

memory/1384-513-0x0000000005EF0000-0x0000000005EFC000-memory.dmp

memory/1384-514-0x0000000005EF0000-0x0000000005EF4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0f3b0d7fefe1df190c61220c8676e77f
SHA1 5e0b9fcd8f939a14df029cdecef617de95d7bdcf
SHA256 dc422d6486bdc898a060cde19ab0630097af4c0ec22dbafc8b6371abf4b0e68b
SHA512 22d1236b30232644d1371b1a22a4904c893f12ddf5931a9ed5f1306284108d031b9e9deaeab0431d037b35ad88e5957e113ad90e6d5ef4a67dba6624c9a786c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d4fe67d435fc7dec1ff404508abe19b9
SHA1 fd9761f1d23515e36fed10ad2a042c4f3f49d6d5
SHA256 1641e769deabfea000e90889ee1b42cae7e0d87547ff223ba3cd69b7aecf3b59
SHA512 8a286c7e15e7d23d244e0bf6a306a64767736e089ca8173eccb9fea870438deb280aaed9916cebdbd61210cec0ebfb5021720874540800df22d7a7fb21ef9339

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7ec7b033c03f6e5ad823aa20da6d2e03
SHA1 303dcf10b73db22de8a82e351d70110e5e13a4ba
SHA256 794a3e7194ff4c9e960d0439e9eda4a3ee9dbbc0e59801fa1b4d823252eab2b7
SHA512 ea8c614762350eb9efc76b5871119a0e01ba44ecc015eb8407761a8a454af36654a84ae4e08ce2abb63200406111ea7e03567feac9b6a2a4165237be62ac012e