hxxps://allmods[.]net/euro-truck-simulator-2/ets-2-other/ts-saveeditor-tool-v-0-1-3/

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2023 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://allmods.net/euro-truck-simulator-2/ets-2-other/ts-saveeditor-tool-v-0-1-3/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
3268	msedge.exe
3268	msedge.exe
5484	identity_helper.exe
5484	identity_helper.exe
5800	msedge.exe
5800	msedge.exe
5936	msedge.exe
5936	msedge.exe
804	msedge.exe
804	msedge.exe
5936	msedge.exe
5936	msedge.exe
5936	msedge.exe
5936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	5692	7zG.exe
Token: 35	5692	7zG.exe
Token: SeSecurityPrivilege	5692	7zG.exe
Token: SeSecurityPrivilege	5692	7zG.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
5692	7zG.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 5108	4704	msedge.exe	84
PID 4704 wrote to memory of 5108	4704	msedge.exe	84
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 4816	4704	msedge.exe	87
PID 4704 wrote to memory of 3268	4704	msedge.exe	89
PID 4704 wrote to memory of 3268	4704	msedge.exe	89
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88
PID 4704 wrote to memory of 4516	4704	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://allmods.net/euro-truck-simulator-2/ets-2-other/ts-saveeditor-tool-v-0-1-3/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd8dd46f8,0x7fffd8dd4708,0x7fffd8dd4718
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8664 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9464 /prefetch:8
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9136 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8484 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7716 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8756 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9004 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9596 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9428380184767737266,13952448398170881487,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7404 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1484

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5792

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Documents\Euro Truck Simulator 2\436F7374692E\" -ad -an -ai#7zMap22717:132:7zEvent30584
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
56KB

MD5
19f562e4a40daaa27240d269f0b6a86d

SHA1
fe2c61eb42a1f41bb33d05486faa9ee996d0353e

SHA256
9e4b7914802931db8616aac9c32c6e5e84d7c356d5c98e00baadb8e42902f15e

SHA512
04a2cabfe61f8d469806476123288ebe19875ee10f586abf05f6cd1525d228012daf2156eaf43df257b234c6afd930c8ebb43621e29850ccf6642f910d6bd3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
95KB

MD5
12967f05d76292adb67ad5e94622d783

SHA1
37589416b1ce024f74e229e060eee7bef32f6d22

SHA256
0b621acdfb723d6f8e9d732ef4707e1a49fdf54894e3f65f207a7cfc46a08228

SHA512
883c03526ff80108673a37abcbb8e2d7fe1fac96757e19b7682fdc1d3d2b36e83eb9ad71d0cafa1c6a8579fe8cceaf0f7e272023986ff6ec5e7790bee8b5a11e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
26KB

MD5
df28dcb873eb738b541879d540c100c3

SHA1
10169e9a7162b7d13a065f2e3cfba407841fb01b

SHA256
0c76b8ae1c1677aa969cbf9551c32257023b7e6ae2077eefd3119c498b978d23

SHA512
7005641cfed488c194bf24452a3c9f52ecd0ed1b8b6784b27c21a1e06d47b36076913252510a3f5e886b44fd5d65952f775dc1de9fa8ada0a6246f572f3cc83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
4.5MB

MD5
c037afb47dfc584279650f96768b0638

SHA1
1d7a855e1c0ed7fc487beec8a62f588b8f56d3a7

SHA256
5f2cf5b43e472782c2dc4414c3eaaa0a463f8f8b599f866d75e58ba0e73a81f8

SHA512
7117f1bda9f251f436c3ee3654d638d9055898c8e7e141d58c11306398da2cc97ee5bdae56a74a58a6b9cf1d212e12fcf3eaa06879647d61bb808caa8755c127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fded9dbaa79220022fa544699e37ce3a

SHA1
c24a4b8b764a7f0ef322fde0d526d904102696f7

SHA256
8f4d096f871764963d4cd2bcedb2da862d31dab094305732a8408ccaf9c83c60

SHA512
68e460385ed12f1ac7ec90c6514508779503685ebc7f0305d42a0d8cbe1fec987b4685d01534a5f249f4e7b0374947d2cd8a77cfc0e1b15bca29a735aaa7f41e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
b981af8f265ba3b8ae688af537c32c73

SHA1
26b7ab0b34cea3a2a8295ba9fad49fe60dd07d17

SHA256
4a93c33dc7d67803ff42e074f87bee82afdb536d41ae02ba9aac974f312e9113

SHA512
3dbfdbbecd03df855b0143cfac115594cb33d094e24fdbb79c782f2f38186845d96f123989960d4ba562616eeea35fd6b2e83187a849e7c1b81a9ef56ea70b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
7fbb1b5576626381c0c4c517a03c2dbf

SHA1
7ebb38719fa7a921363601242ee9c36b600a3cd9

SHA256
f388cf18b2d99bae4a603dbbe3d4be223a502a16ff4f7946952db5b61d191857

SHA512
a4566a3898373ca7a5a74c0bd61a8ab96d2f35c6a086bdf7970f91af0701981373b3e9500b9407c2caf78a0e0bc41a5faf129af9387fd703d5fd84104b8bee32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
20e9b5d7c9b580415eabc513985e02a1

SHA1
eedf9d75f0c8e8c6136c4467ad856252b4b1cf56

SHA256
23ecb8b41a46316a07028bce21d89634c555c65eb3012fadf46b7fd0a9bfa5f1

SHA512
495a9f8b5538d9adbaf31d5a30721f887ea4952249a55f8f4bc6a71387bd1b1dba3d217653b500e2ca3466d3c4594a63a1f12b0c1f7c20251c1dce0a1272101d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
f6b272f29eec6e0d137e3318f96878a4

SHA1
7aec93a94c1af44bc4bd1e5f4f908a1aa55e2abb

SHA256
14145db6cc4f20283b90deb1ae868c39a5c5e6b1790d4569aa2d11664e31820a

SHA512
e8bfe7a2e7257e5b10e231f7b8e7494a1809830fce6840b9226f78026d3633b948e44789801580e882d8c9a5bbbc0cdd7e88fe29a367834f08ca5ce3bc90d164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
dab5229660834d62c8376e9be5dc5f52

SHA1
9b8694636c141f92753f89d8ce3b4dc22baba506

SHA256
93685158d7bff8d9c34bc2ce94a7469c38cf4d2972256906fce5e684a155e863

SHA512
6372507b79f336eb83c3bf2317171035714e532f7747494694e2d38503b81139c4a340bbbe2e6bb662fce1e74289fec69962e9846c3421589b8722ce8089306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
ef0a1a20eb0cb3dc84f432a91b87da64

SHA1
f53a1b85fc1f716b6d756d8bfeb10eeb6b9df58a

SHA256
3d9f16120b57baddb2955f7bc6a728df6e62a4b8f3ffca74ba511a488f0f80e1

SHA512
3ff357e1dea91112c23d30b583aed9ae26a7ee933bd0e193ed366c9b44cf281ff1261baac89c05a1c1355ea851054707daad06097aa4b2e6a6223e85319c8f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7940911253d196863cead2226e78b5e0

SHA1
e5fa656d3bdf47e0d1e3c11f169cfcf86bc96823

SHA256
2bbde50472aabcb186906c95c4327a39b6e292fafd73586c7a2d5cbcceaff266

SHA512
5041d2303c2beb7e4252d92f8a7c34e6f8f29c899d0a2aacf6c24b468cb0ba28891876184862c8bebe524e7a30b4077e71f34c0b087b5600dd6906645a870cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
447aafbd683a2c963cc36ac5419a972e

SHA1
590b45607e012c3b07db4469201f60e2af7b6e0f

SHA256
6457b19a7b7c4284a87808d6f708a2d01257f86d2db06959b5dd0d2e34c604b8

SHA512
65ccd5fb965ac09b86a9ed98f9ad3bc692a96a83ba680cbcac7834a4ab514d67002a35134ea649f5d2c5627c13abe49154ce4675455b47b06c5d669ee3e210a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7d1407b555c8396bab54c04690287dd0

SHA1
55b5c5675404c2bb4138e393f13d6ddf577d6dae

SHA256
cbe102e74baf37f233f99a65e2d78bdfadd7d436117f2a8006402f84d2845847

SHA512
fd60bc975b587437f4afb772edbc30144d18a0ff1a5935e5f51d0f8bbe78beb487dbedd69a69e1bb81cae9c5ec654d72452b0c4839d004d60cebbe38e8b59eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a6ca.TMP

Filesize
48B

MD5
ab9dbc2cf81947ac28bd815b704cfa76

SHA1
bddbababbd2609c06ab0449be98642aaedb9fa32

SHA256
a5096e41381bad1d2872a236f6a7af4c115c8a6de2cfff15c8374362f4c3b433

SHA512
95f4e5e05e45ce1f69cd22e9299afed1fba0d040363258b174a3ce8ad6e5c34215bd91cb614f1683de6e159134935a7d85786a981067d21ae896f10cb810512f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7b9540d40a3110ca8bc95d656db6e96b

SHA1
1f60254100b1d1793997dfb3711c4b4cb2d4f166

SHA256
1833842fcf7f201dcca737419c6b4cf20a03a87777c6dfba639fe7212330c243

SHA512
ac873da0d5569d7b13f3dd66b3cc05f2011adf14efdb3ac785129f6817035e20a6bfbdaf07138ebca681db4c3b38205a14efcbde79e50084d1eee2a19a724988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8f2e469cb0ea169f46f7ca6cdd2f1dbf

SHA1
84b1c7481c38431695f69ef9865607c6f9c86031

SHA256
0246be30227685c33e76f8e06fc2bb68789afd6a6ccfc072bfcf861dc73c54f1

SHA512
e75ee2312885dac4171f8c72b2ce561686d52f0ddb0d9915200bd967198940c46cabdc0dbe015ca56b5d3d612cd97246815b65b95d70d404d6b531c570dc660c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
08a591cd8185ef8b9a2725e93fe89562

SHA1
c5a0e47363a4660df91ab1d438b083566ccc4078

SHA256
f9ced1239ffbc09fa82087da0be5f8037c8514b48b8deb88f569dd5ee002b058

SHA512
2c3f873f9b7a69ad5e73f456e1e111b0db10f2ecff93aff495ec92de3ee63954b2220170cf8c3699db1b93effc8171a42b73f273d3309650bf6182d70fcb9cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a9711e903f9396d06ec38107a5781157

SHA1
7a385f7bc5680b757d24d4ec625406d0ff98a4eb

SHA256
6c3522dcc3fcc46b6797e6dad79af9bab98293d0eadac5312e1fa486d95b5267

SHA512
e1a8d65784f95d5aba8340a3b552419dd60b1d63dd6ca03a301e80aedeefe005b0ebfd7c7a328958263986760f550ec353c48ce2b1c4f61cb21cbc36511e5aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ce4e41c0ea37db2dca20e07484e8b77c

SHA1
3c59980b3f35693a138e53c046b260ed19640b78

SHA256
3534196b124cdc581477c0231d5c41fb54c35cd6da3e61b3866b2d74374278cd

SHA512
bc951bb271eea3a52bd91b853718cf4f07843558b971743c541d2aef61150363bf521c955d66cdcfa787e8ddb6a88f57d8365bd6e205756400fa9e130a6a9f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d7754000176e8b69a44d164d1a7f3fcc

SHA1
6b2121b06be605cd53d516c35951ada016a6df4b

SHA256
dd1fe89eb2582e63d608e161fe3b5e71af96611da7144e3735c04bafb192cba2

SHA512
5f6383a2825709ea40ee085e4ea93f833ba7e01e529d934470899494d852bedb4bccd43dc6cd0747c2a1cd8b6ac8a478b2349ac7efc838722bf2d02da9ad2085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
94f2fc7b39824d2fabf48444d4f284c9

SHA1
f48ce11499064a7caa74718c3e74de570c04e9f7

SHA256
f199d21f576dd3bc16e456eff648b1ef076c0e7a861eaf101f8dbe81f9471303

SHA512
f8cced9fd71055319b9500283bbfe25532547007cd720ffd3236439caf70ff24319b5f536067cf3c046c4cd30a00f4bd564371f0fa0b20fdde4732f83400a3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
25d5b13509844e95c43992a83d663f92

SHA1
1ce4d2c05f6fefb9c48ddc17c5c4930ed7473a0b

SHA256
a5645cfbe433934ca09926b10a45c0dded9b76f8624affe057142cfa1c4e40b7

SHA512
86fd277b3be4df03795cfcf4583f9a3bf803293576bc9859a7fbab674180386af465ad7449f0a52de137408d138e47207f4d373e0b80b7754930896c1851ba5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580049.TMP

Filesize
2KB

MD5
f48f7e690eeb94f1dfab449d4684eb2f

SHA1
7bd845d608b4561fcbae7d044986fdfe7196c925

SHA256
67e609a0458dfdcd361f67ace6471e191bcce563c5606eb3f9023b492563e69a

SHA512
a408a50487cf688e697d8ef3d9c1e33ee87a57ba8b19822963a2f05e9e4e2c3c5464d2bbaae3ac75a491ef4a64d006fd8cdf23ca4bbafbc234936a779e842b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e62941ef-8d9c-44b6-b4ce-375236b0555e.tmp

Filesize
14KB

MD5
4e48e1b85eae3c5b772f12b82d22a05d

SHA1
8675718088813be43fbfff83df82976c64cd9c5e

SHA256
aa960ad11c83a3487fd058b5eeb442497e4d836f6cdfd5b5e6a860df17c30a85

SHA512
d1e741154bb045f41f0ac0fb253a7a94f2c238b2c08e72e3356dfbc0e43c2f1ca90f9ec22fafee4ebf5f96b56df037d63cf781de2e1d0dca9c313bfff81e68c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3b304cd1503d7cdd75c439a1ab756a80

SHA1
c0e0f11982df827bb1e801e6ca836c665a12fb45

SHA256
64d85c55797ff83ece9c8c27d33e46da325693c333df077a6648b267b49a8223

SHA512
d9b8294d9534897f8a3040642a075a6092989765de8e3cd0afe3f2d92ecc591e7ea75c63f472d4dad81e4e7b37eb1923f0e967bd580e4112ea136bea47cc0690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8a19ebd0df55687642196620e37a589d

SHA1
c1526c879364c51a2e0abba2cad1ed165415c340

SHA256
260023f7c9c267d9995e0ad379cbbc5edb941f60dd9b4dc13a9635977cd98caa

SHA512
f979166bbae2ea3da26b89061db7f39bb5b08863bc1450fe3727ab115775cfc07c4f6a3ab9240ffb83a2aa4c618d8dbf4196d32a742b74ca0927754bfc27889b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
d6f8059b3a643350c575d9f7f9ac2b59

SHA1
540617748a0cd552dc14ef98f97a909b2ad54f68

SHA256
692d5e21d20eda19791a0a67155d15540e3cd0ee70739695da5cdaa60e247bb7

SHA512
fb9fb75fa5f5c5ee57f4af852ce7c7580eacd5a16e0f6d39767f02f82bc5fd1d9376f27e602ea4b567c3a357a811d97559a668ef1de17229a5042cc2e783ca75

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
3b8c85d263573cfa5ee28089bd98366a

SHA1
2c18e319d9592d63ea251e850c2cf2b9e4b12334

SHA256
518042a704f8b983c01d55cc5f4db53dd56363d91f1f243fe4f3360dda8292da

SHA512
1da4ca2a394c0fb94a7853d2685c306849808d0ef692cc5330a25db6cbd2f946e62d0f8441cc0c477de59c3edab1e3bc68af2d526829fe44e2a4e3b0d6e4248f

Download Submit
C:\Users\Admin\Documents\Euro Truck Simulator 2\436F7374692E.rar

Filesize
83KB

MD5
b4e969531b984db700c37d754ade3f31

SHA1
4f506bbee7d032248d3fda037bf2b161260de6fc

SHA256
17e0096227c858bfa27317d007014afd916eedfa7c8cae515b883a5f1eeeb995

SHA512
89f139569328ecad9cda955758044fde93596b83d44990b36855388f9491ac2f1e624a429fbb536199efb09341b603c027849c8b69e4936dd0fd60c10b8936d7

Download Submit
C:\Users\Admin\Documents\Euro Truck Simulator 2\436F7374692E.rar

Filesize
83KB

MD5
b4e969531b984db700c37d754ade3f31

SHA1
4f506bbee7d032248d3fda037bf2b161260de6fc

SHA256
17e0096227c858bfa27317d007014afd916eedfa7c8cae515b883a5f1eeeb995

SHA512
89f139569328ecad9cda955758044fde93596b83d44990b36855388f9491ac2f1e624a429fbb536199efb09341b603c027849c8b69e4936dd0fd60c10b8936d7

Download Submit
C:\Users\Admin\Downloads\436F7374692E.rar

Filesize
83KB

MD5
b4e969531b984db700c37d754ade3f31

SHA1
4f506bbee7d032248d3fda037bf2b161260de6fc

SHA256
17e0096227c858bfa27317d007014afd916eedfa7c8cae515b883a5f1eeeb995

SHA512
89f139569328ecad9cda955758044fde93596b83d44990b36855388f9491ac2f1e624a429fbb536199efb09341b603c027849c8b69e4936dd0fd60c10b8936d7

Download Submit