hxxps://gmd[.]pluscraft[.]fr/database/dashboard/

Resubmissions

15/04/2024, 13:45

240415-q2wwcsfg55 7

15/04/2024, 13:42

240415-qzs2pafg24 7

Analysis

max time kernel
328s
max time network
336s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gmd.pluscraft.fr/database/dashboard/

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
1800	PLUSGDPS.exe
1800	PLUSGDPS.exe
1800	PLUSGDPS.exe
1800	PLUSGDPS.exe
4300	PLUSGDPS.exe
4300	PLUSGDPS.exe
4300	PLUSGDPS.exe
4300	PLUSGDPS.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4800	1800	WerFault.exe	134
4492	4300	WerFault.exe	139

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 18 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\shell\open\command\ = "C:\\Users\\Admin\\Downloads\\PLUSGDPS 2.204 v2.5 MODPACK PC\\PLUSGDPS.exe"	PLUSGDPS.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\URL Protocol	PLUSGDPS.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\ = "URL:Run game 1212016614325624852 protocol"	PLUSGDPS.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\DefaultIcon\ = "C:\\Users\\Admin\\Downloads\\PLUSGDPS 2.204 v2.5 MODPACK PC\\PLUSGDPS.exe"	PLUSGDPS.exe
Key created	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\shell\open\command	PLUSGDPS.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1826666146-2574340311-1877551059-1000\{5069E3C4-275D-431C-932D-608E816E9D26}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\ = "URL:Run game 1212016614325624852 protocol"	PLUSGDPS.exe
Key created	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\shell	PLUSGDPS.exe
Key created	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\shell\open	PLUSGDPS.exe
Key created	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852	PLUSGDPS.exe
Key created	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\shell\open\command	PLUSGDPS.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\shell\open\command\ = "C:\\Users\\Admin\\Downloads\\PLUSGDPS 2.204 v2.5 MODPACK PC\\PLUSGDPS.exe"	PLUSGDPS.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\URL Protocol	PLUSGDPS.exe
Key created	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\DefaultIcon	PLUSGDPS.exe
Key created	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852	PLUSGDPS.exe
Key created	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\DefaultIcon	PLUSGDPS.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\discord-1212016614325624852\DefaultIcon\ = "C:\\Users\\Admin\\Downloads\\PLUSGDPS 2.204 v2.5 MODPACK PC\\PLUSGDPS.exe"	PLUSGDPS.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4408	msedge.exe
4408	msedge.exe
4804	msedge.exe
4804	msedge.exe
4108	identity_helper.exe
4108	identity_helper.exe
1000	msedge.exe
1000	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
3416	msedge.exe
3416	msedge.exe
1800	PLUSGDPS.exe
1800	PLUSGDPS.exe
4300	PLUSGDPS.exe
4300	PLUSGDPS.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 692	4804	msedge.exe	83
PID 4804 wrote to memory of 692	4804	msedge.exe	83
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4180	4804	msedge.exe	84
PID 4804 wrote to memory of 4408	4804	msedge.exe	85
PID 4804 wrote to memory of 4408	4804	msedge.exe	85
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86
PID 4804 wrote to memory of 1456	4804	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gmd.pluscraft.fr/database/dashboard/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94ea646f8,0x7ff94ea64708,0x7ff94ea64718
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6532 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,14445972421947778929,15209725070963297616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3572

C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\PLUSGDPS.exe
"C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\PLUSGDPS.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1800
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 1328
  2⤵
  - Program crash
  PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1800 -ip 1800
1⤵
PID:2544

C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\PLUSGDPS.exe
"C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\PLUSGDPS.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4300
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 1296
  2⤵
  - Program crash
  PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4300 -ip 4300
1⤵
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
22bb6af63c7710354ac7070e45ac988c

SHA1
34d29d6b316e39ed8fb8c5efb42c4269040fcf1f

SHA256
1a70d5d3dfc04e6f5cfec1ceb06676039229f895f30007fdb55b043ed48ab4fb

SHA512
42c12820b5237caa5b4d5149901f84db6619a69e85cb869df06e07b3cad1b51e0c2d0545ee0129cbc8e7947fd8c2989def537ad2d58a1d5bf2c2a1bf60041ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62677bdc196e22a7b4c8a595efb130cd

SHA1
bd2adf18caf764c8f034c08b6269d9693875f3c8

SHA256
b540616d7e73ff22642f4fbe2bea0f9daa2f1166391e76cf817b2a93e0bd41d6

SHA512
d23c3b9662eea6a75382242fb8e8084abc1127afbd2632f161df71a2aefaf223621511e1bf6229cf7e86313101a8d9dfe2f20e1c0bd481066e1969cd6fa75e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
637031550a7b4233b5db9b2046467c4d

SHA1
046ad77fe5747d7cde87ed6f3585e0ae01c30266

SHA256
2d186b40acfd725dacaaf9fab61dda11d01c18efa1bc2577bce81c28289a10f3

SHA512
63413753226aa498707e811e79829146b403648b5ddd879e133a3c47405aa1919cdfe379936d042161a7fd13316174de75ab553aa383b6cfc34731cfff2fb415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
39375b255e6f0df17887a66296c1b9f5

SHA1
33e46c4fcff2335297d6493e60f66c885eb07a93

SHA256
13604e7e4aacbffcaee3905ecacd2b72f607f2e114cc41bf1f19492891357b06

SHA512
9a45ce251a3363219bfa4c29d27645083ab465da49eafe91577b5c7d68b4cec2170ff215079f93042eba2ce198ea6f2b9ec7381cdf867d1d49fc9809efc23ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9a42f4491f3755b633076787c7558c17

SHA1
fdd6058a8e10ca330a00bcdbbf69c97b1169061f

SHA256
65c0ef527e198ac33c737b89bb42374a2322f572bcf1b0fcc0e6a57a5f7d615b

SHA512
c1f6a02b12f2f4437e2a69bfbd203face631049f300f4cd7468d26c307ce7d9e7d62c1de2705c21c6c41cee5138195c6ee5cdafb4d1c4dd732371a1cfb6b1081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3c3651c84c37425704196a9b6be3d5ac

SHA1
3a15161b086ea7288f8dda0630c791fbb3b9a743

SHA256
e5cd2b47989cb26fb3768c251f04663fa9bf485329e35b206e1878f9ea02dfaa

SHA512
9c135341eee11e165f89233a6801d9e2f3ed07b545a0e5118ad902e4fd88a0fb5eaaab8b408c306346e1200535635e1d41a71234ffc034138dfeeb0321a9401a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
780B

MD5
208c45bc6146506f214f5a056a8d3d45

SHA1
5ae0a248355868f5ca8ace3667e27f1ae2471072

SHA256
6d7c6c58c0c5a5589669971d5cb51369f698f82c3c21ed900a7f3cc947379122

SHA512
2cdb7a4d1e05c72d5c2321dd2485e79271124f81b451aaa4f07a8fcd6b4a58a909fd0155455b3efefad59d21472fba19626c5dbe18eb96f69e83b803627eafdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a26d50abfbb04628357658066ab97d79

SHA1
67c341e3453ab30a8bbabe368b60c5990d321d82

SHA256
7ddb2c61fa9a6137d6fff1ce3c527b0af51b8b1a682f38a8a9cef3e2b21b3276

SHA512
496092ef9e884aa73b0f3011181e79622b042e340c2f04b44362709d8ef6e38c18866f06e8288bf0816dca96c283e5d21753f12faf0d2bd474c67add64182142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c0cdc4f0a72a9596272964cbb74f0ac6

SHA1
ed16ca8906f82397b5f58f8e99a0b3fb72b60ee0

SHA256
760895da8004916e7196b2e1b035a06c041d21deafc03e0fe8beb1c45d391604

SHA512
3b8d6abd831de49e8c9a79561ce823c530f0a5e2d70eefae59d5f22a3c85230daf8ac6ea0ba90337699d66f8e21a0a01a87e9b8429214bf3810377e1f129216f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a64b3243fb03a2bece2547de49297636

SHA1
0af8ab0bec547cd7556218a4bef54e094c74990a

SHA256
bdb930c708d9d64a122c0f2baff9760ebfbff50a91d100720cb6dfc1260d8244

SHA512
af15e97699286af717e0ad0c9d6658dc94f77ce27cae5d2665f5e7c181ddf5b81fd8199c2a3d57a353c958e98dbce8049d6c621e0e7c7e9b8a22c216fa634cfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8be3ed64cf91a3d0849438a24bff67f0

SHA1
4b2c377f1f460b8de3ba65f71c9dacbfbd89a335

SHA256
aa855b110c4a93d0801c223638aab7f91168a3090d80fd73c137301adc5bf4c7

SHA512
ce5da3bc131cb21d8d6ae09b5fca10e6e888302e04b4718b3784c0050b9fc9926654e6e4fae0ddadb57b9225fad84e3717bad798d4fa35975c321a1d2597f4c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2abeb364b23ed8d0a428e3fcb6a0f818

SHA1
6dfbeaaed5058586bcc4067c532610240a52a9e7

SHA256
67982b952ef68a2ca986b2c5d4c1a05d1a2c0d6ad4f6f8c081e71cee7f561051

SHA512
e37b1591cbd639f3739d2026aa9fe0b8fdb3b781b1d637f1118cbd9cb6b75fcb986ff0dc5df1b86502050bc1ca793178fe92f2e7cb7e87a0600c3ce39709016f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b47d467df5fbb577e087fc0a3e17100be5566155\index.txt

Filesize
84B

MD5
5caf1ecc253237d19bc42614457c6354

SHA1
8f4f375bca93393a5c5fad732b504fbd51ac90c1

SHA256
f96488c16775f1e4ef0e5e06d37e10114b04b36e0a994d11e5293418df78b1a3

SHA512
a94939f8b74b4e94f81efbf388575b5ac32ce2a76456e13650b24259a45311eff6b76e6e16bb0c96446671e9540dd2ad5fea0271f14b528c73d8c7bc81fb5d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\b47d467df5fbb577e087fc0a3e17100be5566155\index.txt

Filesize
77B

MD5
261eff33f9699b9c4c3896f0cede2301

SHA1
7f1e9b6792909beeee6a657ca474591f1286812b

SHA256
aa3a9e5c2291dbc8a9872e702b8fa8ad249c2d534979bffff51a5555d24e5142

SHA512
a0580c783fa7f81d12be8e04606caccfca9e6a0f7ae888adc015f26fa611412e76a8d8155678dad486fd8758690e61c933642de96a203f3b3dd93c8b519e309d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
eb319f76aff318a34c0aa861fa5ba04c

SHA1
0914f9cfd95a7acdfeeecc79243b4e13576972d0

SHA256
68e0fb3d4166ebf2cf69c740b62aa333af2115250c624be6efbec5aa10744988

SHA512
b3b29669186a4fb22dfe6698ae2cc9a5f08ecd6fce1bc4f8079749a9973e748a46ff8b45bd8cc794cea5874ff62f2d339355dfc98e37af4b4aa00378554cd11e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5938aa.TMP

Filesize
48B

MD5
a0de2a9a50a82f3c1fa9c26656fe7b1c

SHA1
575d1bf7552e49d26305d7dacb1e13382304f546

SHA256
1dda77606448b6f7ee395aa84823b03ec885466413090262ed5a4b8fef7ea280

SHA512
dd567c0297ea557bdbb54e550aa37cb49afb2664574537bff12ccce17f929b3c12993af1ccdf848cc1f10cf472110e1cf86f61825c720664093e35142b3ef852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc65d9c7cf5dca18b5fc4006c30a5f11

SHA1
9a6f97d110b99ef71bf7544048dad8b46e265fa7

SHA256
f2846c649346d95d35aa48ea15a7d41c2cf8325677fb4c36a5d1fc9d943e1f14

SHA512
2eace258a76dbb576f5f44e493406533b8d644efb703f3f1b74fcd8ed2e9522f8d618e855bbdf2bad0387fb385fc7525286819fa6c8040b1e98100f3e0b3a2eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59072a.TMP

Filesize
538B

MD5
bef70a29f6380f59b190345e6788f694

SHA1
27ef91003a38fb3ca0b2e8163a240df3c6cb79ec

SHA256
81ff8ca6701363ca93d2c73d56492a0916881c3819267a49608a4660e37cb82f

SHA512
9365a066cf4a63fad619a6f21f0fe1028e7dfd5bf98789f37ab55c50325330b25ae8f094e1163dd15b573c54d38d7b252bf8ff8f193ad4a6f5cd77fde9fa892e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
48d7997fb6a61a3fa462807e3e25546b

SHA1
f69e2030e435883e68c6257fb250c6be7f0fbf98

SHA256
8bb670f34991f475ba42e3dce50486c70126bea7282b7e75fbfd18f7dca6d034

SHA512
f722d1015781ffb87bbce0f11d26b878470f68c3a5fb40e8f5d779fc7c97759b48ea90572b4c23102c0801382e65c4be4849a47ae56fb01380cd46e2915d2c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f48c6d86-b489-419a-b781-64a2a7e4bb99.tmp

Filesize
12KB

MD5
2ec083b175d71f31eb012f839df16882

SHA1
584af78642a5bd1afdbbfe77907f26ce24f4c5f4

SHA256
34ad577119f3b8125d3ce1e1ac29fe42ea6e5cb9077356d9894149161cc33610

SHA512
3f82c126854ec6da97f88a26b75906c821dc73e20812f698015ada1145589680bf903f82d69c9ef41acd44437d4b75c9734fd7c1d4ed41674f882f59838dd408

Download Submit
C:\Users\Admin\AppData\Local\PLUSGDPS\geode\mods\prevter.openhack\config.json

Filesize
22B

MD5
aa8388c34ca750f3de248cc85c465a17

SHA1
030af1e4999f7dc85d829a606c0be3b135b2f849

SHA256
c11f2b4ee9b31818e27807a27fc69b0de62302ae942219ab7b9fee8ae34b00a2

SHA512
22b9e7a5f53e34f9efeee4408aeb2326c3821309e5b8f2771bab699fb5bd535ba028c9a0b85781573f89cb93761d805005826f5f91999e13c3c082a30e8cab87

Download Submit
C:\Users\Admin\AppData\Roaming\Goldberg SteamEmu Saves\settings\account_name.txt

Filesize
4B

MD5
654e1c2ac6312d8c6441282f155c8ce9

SHA1
b601eaa0f87fe94355f635b77a7608b971ea8825

SHA256
bc3a7860cd4f58f3e1e66a20e3cb2930477121c46b9e030636bc6c5cfd050071

SHA512
a3adcc6bef462dcea21dd995bec6b4466c68ee85c8059c27fba7bb33ec57ec00c6bed9528be92d1044100b749a68ee439f84c9b8a37d1dd13d7fccbe231ed31a

Download Submit
C:\Users\Admin\AppData\Roaming\Goldberg SteamEmu Saves\settings\language.txt

Filesize
7B

MD5
ba0a6ddd94c73698a3658f92ac222f8a

SHA1
1b669334dae8ebafa433f0175b5fd418a7bc0975

SHA256
b6234d2ea0d6022be63db80d7b80e221097fe4a469dc44febcd2a9241effdeba

SHA512
0882b702e0f4c1db1701789796ab1d12d72627811b67299bf36b9b25c29465cc24e72483d171c435368dc9f777837d2bd45ccff293de2207d32ba58a6ac01023

Download Submit
C:\Users\Admin\AppData\Roaming\Goldberg SteamEmu Saves\settings\listen_port.txt

Filesize
5B

MD5
76bf79e9a0a4c128d97dbd6900773f4b

SHA1
8abb38a924d5bf8a1ee12fe96aa2d2be942704d6

SHA256
45095e3e3f29ea73ffab2e23158b7cd2afa6532004b5a9b6f06d4e5e068a89aa

SHA512
8cd54c07d87c41103d963eb7dfd2642b07bb67ceb731b477fc9cd9b736ab03833dc2e2d0b2eb399002d76d405a20d5816d19d77ef760d7dac0c1a67d80662535

Download Submit
C:\Users\Admin\AppData\Roaming\Goldberg SteamEmu Saves\settings\user_steam_id.txt

Filesize
17B

MD5
92bdb66621aa4d7c7dac07e09c9c4b03

SHA1
b956f0660e516ae0fcb0374690f2a7273092f98c

SHA256
4280bcee4dce495c94812871221a900a23cde0e6f3082295e10abeca18a67beb

SHA512
8a7c29f2a3f2a57909de0bf6e679f88b751fc54d5a0ad998862c10544e5c6e3d4ccab661050297fe903347c0cd5464156621b5924572b8b6d7fdd91aceed2851

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC.zip

Filesize
327.2MB

MD5
541beba465ee35ddc96cf1f2b53066ee

SHA1
d4d85670f16bb21e32a64195921d16c0f13acb71

SHA256
e5528858922c959a16edf39d5073868025a8c3be13f12ff7a0285d764e4ac628

SHA512
01b48fe28708f3840a007caf3f8abbcf9dd2276a6be09964e032b5b73f3c86b3da9d01cfb7710cfe1043d196936f7b2a5541c18c8a550dd7ece2a48ad7b03045

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\cvolton.misc_bugfixes\cvolton.misc_bugfixes.dll

Filesize
2.3MB

MD5
c6cac82a3cd73c671f5ab95d4b7c7676

SHA1
0dcbe733fc57dac8f4e190de36b2cacee81379fd

SHA256
ab760acf3898a7d75ebcc2936fffa8c84248b579832fc82e9b08764f51bd512f

SHA512
d8efc7fec1d37e9e2d4c1a750224d51a8a933b5a5df9f1405869e609f743f3ed168adb67f04cd33de10b10d53a44c0f9b959c5e881d7a74f5e11c0e364deb996

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\cvolton.misc_bugfixes\modified-at

Filesize
13B

MD5
87eb667fe941c7f148c2b01be2e892cb

SHA1
01fef8e5acb8ca65c7ead2aba6d74e79316e4504

SHA256
478b56f57453cd94818074813dfd3836d5ee53cd8a817809528b52121e85bd87

SHA512
9daf929e3fc47a6a97f61939b4c7a225cba5cca0b5ee14c8437f0d89db100cf86c9c2c868a0302d3ad6a4e7e535947a865c5a07273e6e927cff783777ea3c366

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\geode.node-ids\geode.node-ids.dll

Filesize
2.3MB

MD5
0f4ed52ad2e891ad7fd9a68c18f7535c

SHA1
febf2a37c0ee399f347e46bb25860e5d91080a8e

SHA256
f562f4e63b89ac596b630b26fc6b4844ba7c6c9bb5b0dafe034cb617530deae0

SHA512
2d02afd71c680b3449dfc82dd48e549b3ef34907fae773932ebf96df954f1b15115566f56aaea7e79f9110b7865ab382b269eb7e9def2445a78fe5770cc624d0

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\geode.texture-loader\geode.texture-loader.dll

Filesize
252KB

MD5
41bc8a4cdb4c4159490f564f82f08fbd

SHA1
5eeab283448fdce428ba0292efdf1d62c1b2b018

SHA256
94ff91e2f7547ebebb2bdec62ae48fb49c38ece558b02deabca97a748e15940d

SHA512
73d1853459ee8d5c0ac334ee0bba7336573fd9e6096e02651c2628308eb820d3624a3cdfa53a895be3b5d32b0589d94f3f5d2ecdb5347ca8ce3097a63e7b7719

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\prevter.openhack\modified-at

Filesize
13B

MD5
5c497c45260d2ed8c0fb2cecdbb77cd0

SHA1
564bc22816f71334198747f61aac0f5e0e0b6f0b

SHA256
f5252d6e5cee97267e4e4f280969340721cfaf99c4b1733307edc20848690b41

SHA512
735f7a9a255e4db76ff142f604d630201f2d76b58c42ee6622201fd23d15fc1319220e35dfa0419a8fd285ee33e999058ab9f7d3fb6fd2fbed7e25d47bc0d427

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\prevter.openhack\prevter.openhack.dll

Filesize
2.9MB

MD5
fe8282f156eaca5e0529525e14c5a95d

SHA1
c70ca6d4db84bae6a2e7902cc48bcc49733b58d1

SHA256
f0a120b3549921b3ec9615bf7958747efb714d9e32e8022dfdb1f75e61b43fa7

SHA512
fca76e380e5e5f6f0d97725c907a52fa671a47988fa5cc40997ffc896fab1fde99798d61fda1fcbeb3186cca06df184d969aa01fd11ea49d7dd4b2a14975a01d

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\prevter.openhack\resources\prevter.openhack\Bypass.json.cache

Filesize
7KB

MD5
64ed7844aecb03adaa2754c9e9f8df2d

SHA1
0b37be81ceed73921ac74eb0240597f73086c98c

SHA256
4c2a7a53032cc82fe28644acd220c413575b88d02d5d17b41fee4ca7d0bedc1f

SHA512
385ac043fba5fd9fd8adb8adee5b9304396415b7b721e1cc26034d7f46c9a0a0a3f18c5a8503d94c9dad0ff9752fc39e23f1bbc1239e81ff034677c07e97cfc2

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\prevter.openhack\resources\prevter.openhack\Cosmetic.json.cache

Filesize
6KB

MD5
e58731338e0bb0140a811876135e787e

SHA1
c8f982c5843cd6f8022580904123a4ecd9e88533

SHA256
8287a49492b6d7e42966b964f35672637e7931c0b612e2c79cbc3b742fcfbaa7

SHA512
2d0b43c7acee78c9a19d8f882188e16fb399e3862c40f2f17b4376d04e3994e2f6adedcd2a2ce963c1af644b140d334756e2b344d05cfb101454cb340550e7c1

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\prevter.openhack\resources\prevter.openhack\Creator.json.cache

Filesize
5KB

MD5
2119030722ffa9d0a57f0907d6081172

SHA1
1bcf3459034db539fb468e9127e5595b61791581

SHA256
603918f5fd6f959e0ad754ae2ac4bdb665be6756fe5ed33e2491914f3252c83f

SHA512
1ddbb831c1c996b6a05917ce6829db3f9076964842d225d2c9fbe3794f712ea7ecc6b1ab28c520550805818a5b5d20bc50b0a10c3533edf1406c37d7a5c3c1bb

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\prevter.openhack\resources\prevter.openhack\Level.json.cache

Filesize
6KB

MD5
be0ad2d88db6c5f25f97f241fb648251

SHA1
c2a322b11cade27ff63d426c2ab534d38d4ff5cf

SHA256
32271367638d1f8644a1f1bc56786c3fb0d6b0666a2ddf8bdf9a6942d70ab5d6

SHA512
5b9ce84d654e6a5fb8f8e06659ad3e2b066c0199d3bce463963ef8e5b149dc348e48352335ee0760996d451d83b34f96dbc9342992128c931033fe7dd0c17a0d

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\prevter.openhack\resources\prevter.openhack\Universal.json.cache

Filesize
1KB

MD5
3056f5a56a59eb43cd2097b3d1accf41

SHA1
ec29168498ff37160fec1e66f26cba57713e8829

SHA256
9eaac0440e9008988a1f827b47491f8df2470e3a6fa8bde57cad284ba546eb1d

SHA512
18f79713d763ff4978f38743ce3a0957dd03dde96327fa1a8061b330b9a3375d7e8d33b755583dbc0facee1146602869c8639dfb2e31550acd0ccc26570ff05a

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\prevter.openhack\resources\prevter.openhack\bypass.json

Filesize
7KB

MD5
8393d72c6ddb1e43827b1c1e7173db68

SHA1
a617b4a924bf86a9e4d8b3e78316a37350ade748

SHA256
008d27103294b6ca7b6ac2f2c5888949ed67f590cb8c68a10db294683a0cc71d

SHA512
3d68f27ed9d68cd5511458c3625a360124eed4fa65bd559c94d6221f4c04769eb23b8e041abcbedc2c5c70aff2328649405eba60f978ce4d8794e079e04fc500

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\prevter.openhack\resources\prevter.openhack\cosmetic.json

Filesize
7KB

MD5
9d133b9e23a9ed85ab5beef0f63ab36f

SHA1
16872baa99f66a3015518adb6aa304c477c54399

SHA256
b14f1489b4e31662b95129a77782e7338dc3aa20161644e383e07529a502b9f0

SHA512
59bc5b58b3e03c3af781866dd4b01b5bc1afa0240706dda1746ab7355f67041ba2c1856346458e4703155e110608056279843cbc445c8271cd3b41955c618c36

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\prevter.openhack\resources\prevter.openhack\creator.json

Filesize
5KB

MD5
4d38130450426df7a90a6a94544a49cf

SHA1
f5d039133015bec4e899fcff795c804087aabb10

SHA256
6895c4e6923537edede43ae6db6502898f740590b2561190015a0960c06142d6

SHA512
899ba2408ae1699575329a9b958a7e8e32f3e1ef044604b8b9427b467450fca8b1d1ad52f7cdb4983f9e5be857b8c7ed596205892c04d112b0cfe76ca35d0383

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\prevter.openhack\resources\prevter.openhack\level.json

Filesize
7KB

MD5
294286cb525aeb6cbea034e9bb6b5e68

SHA1
e18cef592bf12cd5a8e5379884a77fad634da824

SHA256
7cf82d826359a8efefda7ca884d38ca07529698f7805ee75bc7b8a29971d73bc

SHA512
5ba30dbc8d2f0489ec72f86c4a34e1cec566a764baca068a4d5614c4910ccd151ced4a273b47ed5ffe6acac8392423f77dde3ecf1cdd5fe44f94619ec7ee6b78

Download Submit
C:\Users\Admin\Downloads\PLUSGDPS 2.204 v2.5 MODPACK PC\geode\unzipped\prevter.openhack\resources\prevter.openhack\universal.json

Filesize
2KB

MD5
834e47ba96fd8bcca5dbeeec513a1230

SHA1
62aff0bc761ee2a9c92594f5b11d9667b0e0248e

SHA256
4471ad336b22cd006408cefa439f08d4611e1a7c53f16d5485c9b343b7e84da6

SHA512
969cfb3c79d678443df8dc1465b7e4f1067794567211c63c10f5e62ae73fd0be2f5bc61416e6eb5dce906aa48f07e505c319bf562eb15f0ea03ed684c32682df

Download Submit
memory/1800-664-0x0000000004EA0000-0x0000000004EA1000-memory.dmp

Filesize
4KB

Download
memory/1800-666-0x0000000002E40000-0x0000000002E44000-memory.dmp

Filesize
16KB

Download
memory/1800-660-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/1800-577-0x0000000002E40000-0x0000000002E44000-memory.dmp

Filesize
16KB

Download
memory/4300-667-0x00000000008D0000-0x00000000008D4000-memory.dmp

Filesize
16KB

Download
memory/4300-700-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/4300-703-0x00000000008D0000-0x00000000008D4000-memory.dmp

Filesize
16KB

Download