lumma | 0628c7952099fcd105059b5c8d3750567e6a2378124d2fb72b56d467809cfd34

Resubmissions

13-03-2023 17:23

230313-vycersdd7z 10

Analysis

max time kernel
168s
max time network
168s
platform
windows7_x64
resource
win7-20230220-es
resource tags

arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
submitted
13-03-2023 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TUNIC Trainer Setup.exe
Size

141KB
MD5

09cc739c0d7dba742399b097e9045e05
SHA1

30c4c3ed5fdfba59f378480a711b6e3abed4e28e
SHA256

0628c7952099fcd105059b5c8d3750567e6a2378124d2fb72b56d467809cfd34
SHA512

e9c4ec97e72f18cc02869d2195f19f018e08184d9fcafd8ae2eadd16591176c6423794adfbc2d89cd93626c26090e83a846db0f6c8300163cea8f76b02b093a0
SSDEEP

3072:Bojm4ILlCI+4COHCyhaEtHZkOpk97oc4ILlCI+4TOHHSafx:Bd+bwaEtHLhiHt

Score

10^/10

lumma discovery stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WeMod.exeWeMod.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Control Panel\International\Geo\Nation	WeMod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Control Panel\International\Geo\Nation	WeMod.exe

Executes dropped EXE 16 IoCs

Processes:

WeMod-Setup-638143286475796000.exeUpdate.exeSquirrel.exeWeMod.exeUpdate.exeUpdate.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeUpdate.exeWeModAuxiliaryService.exeWeMod.exe

pid	process
1544	WeMod-Setup-638143286475796000.exe
1908	Update.exe
1584	Squirrel.exe
1344	WeMod.exe
2012	Update.exe
828	Update.exe
1424	WeMod.exe
1988	WeMod.exe
1788	WeMod.exe
1764	WeMod.exe
1576	WeMod.exe
1532	WeMod.exe
1512	WeMod.exe
1440	Update.exe
1660	WeModAuxiliaryService.exe
2024	WeMod.exe

Loads dropped DLL 22 IoCs

Processes:

WeMod-Setup-638143286475796000.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exe

pid	process
1544	WeMod-Setup-638143286475796000.exe
1344	WeMod.exe
1344	WeMod.exe
1424	WeMod.exe
1988	WeMod.exe
1788	WeMod.exe
1764	WeMod.exe
1988	WeMod.exe
1988	WeMod.exe
1988	WeMod.exe
1576	WeMod.exe
1576	WeMod.exe
1576	WeMod.exe
1576	WeMod.exe
1576	WeMod.exe
1576	WeMod.exe
1576	WeMod.exe
1576	WeMod.exe
1576	WeMod.exe
1512	WeMod.exe
1764	WeMod.exe
2024	WeMod.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WeMod.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	WeMod.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	WeMod.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WeMod.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	WeMod.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

TUNIC Trainer Setup.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\wemod.com\Total = "35"	TUNIC Trainer Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main	TUNIC Trainer Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\wemod.com\NumberOfSubdomains = "1"	TUNIC Trainer Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	TUNIC Trainer Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "35"	TUNIC Trainer Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\api.wemod.com	TUNIC Trainer Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\api.wemod.com\ = "35"	TUNIC Trainer Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\wemod.com	TUNIC Trainer Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage	TUNIC Trainer Setup.exe

Modifies registry class 7 IoCs

Processes:

WeMod.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\wemod\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\WeMod\\app-8.5.0\\WeMod.exe\" \"%1\""	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\wemod	WeMod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\wemod\URL Protocol	WeMod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\wemod\ = "URL:wemod"	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\wemod\shell\open\command	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\wemod\shell	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\wemod\shell\open	WeMod.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Update.exe

pid process

1908 Update.exe
1908 Update.exe

pid	process
1908	Update.exe
1908	Update.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

Processes:

TUNIC Trainer Setup.exeUpdate.exeWeMod.exeWeMod.exe

description	pid	process
Token: SeDebugPrivilege	1304	TUNIC Trainer Setup.exe
Token: SeDebugPrivilege	1908	Update.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1512	WeMod.exe
Token: SeShutdownPrivilege	1512	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe
Token: SeShutdownPrivilege	1424	WeMod.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

TUNIC Trainer Setup.exe

pid process

1304 TUNIC Trainer Setup.exe
1304 TUNIC Trainer Setup.exe

pid	process
1304	TUNIC Trainer Setup.exe
1304	TUNIC Trainer Setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

TUNIC Trainer Setup.exeWeMod-Setup-638143286475796000.exeUpdate.exeWeMod.exeUpdate.exeWeMod.exe

description	pid	process	target process
PID 1304 wrote to memory of 1544	1304	TUNIC Trainer Setup.exe	WeMod-Setup-638143286475796000.exe
PID 1304 wrote to memory of 1544	1304	TUNIC Trainer Setup.exe	WeMod-Setup-638143286475796000.exe
PID 1304 wrote to memory of 1544	1304	TUNIC Trainer Setup.exe	WeMod-Setup-638143286475796000.exe
PID 1304 wrote to memory of 1544	1304	TUNIC Trainer Setup.exe	WeMod-Setup-638143286475796000.exe
PID 1304 wrote to memory of 1544	1304	TUNIC Trainer Setup.exe	WeMod-Setup-638143286475796000.exe
PID 1304 wrote to memory of 1544	1304	TUNIC Trainer Setup.exe	WeMod-Setup-638143286475796000.exe
PID 1304 wrote to memory of 1544	1304	TUNIC Trainer Setup.exe	WeMod-Setup-638143286475796000.exe
PID 1544 wrote to memory of 1908	1544	WeMod-Setup-638143286475796000.exe	Update.exe
PID 1544 wrote to memory of 1908	1544	WeMod-Setup-638143286475796000.exe	Update.exe
PID 1544 wrote to memory of 1908	1544	WeMod-Setup-638143286475796000.exe	Update.exe
PID 1544 wrote to memory of 1908	1544	WeMod-Setup-638143286475796000.exe	Update.exe
PID 1908 wrote to memory of 1584	1908	Update.exe	Squirrel.exe
PID 1908 wrote to memory of 1584	1908	Update.exe	Squirrel.exe
PID 1908 wrote to memory of 1584	1908	Update.exe	Squirrel.exe
PID 1908 wrote to memory of 1344	1908	Update.exe	WeMod.exe
PID 1908 wrote to memory of 1344	1908	Update.exe	WeMod.exe
PID 1908 wrote to memory of 1344	1908	Update.exe	WeMod.exe
PID 1908 wrote to memory of 1344	1908	Update.exe	WeMod.exe
PID 1344 wrote to memory of 2012	1344	WeMod.exe	Update.exe
PID 1344 wrote to memory of 2012	1344	WeMod.exe	Update.exe
PID 1344 wrote to memory of 2012	1344	WeMod.exe	Update.exe
PID 1344 wrote to memory of 2012	1344	WeMod.exe	Update.exe
PID 1304 wrote to memory of 828	1304	TUNIC Trainer Setup.exe	Update.exe
PID 1304 wrote to memory of 828	1304	TUNIC Trainer Setup.exe	Update.exe
PID 1304 wrote to memory of 828	1304	TUNIC Trainer Setup.exe	Update.exe
PID 828 wrote to memory of 1424	828	Update.exe	WeMod.exe
PID 828 wrote to memory of 1424	828	Update.exe	WeMod.exe
PID 828 wrote to memory of 1424	828	Update.exe	WeMod.exe
PID 828 wrote to memory of 1424	828	Update.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe
PID 1424 wrote to memory of 1988	1424	WeMod.exe	WeMod.exe

C:\Users\Admin\AppData\Local\Temp\TUNIC Trainer Setup.exe
"C:\Users\Admin\AppData\Local\Temp\TUNIC Trainer Setup.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1304

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638143286475796000.exe
"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638143286475796000.exe" --silent
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1544

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1908

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\Squirrel.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
4⤵
- Executes dropped EXE
PID:1584

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --squirrel-install 8.5.0
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1344

C:\Users\Admin\AppData\Local\WeMod\Update.exe
C:\Users\Admin\AppData\Local\WeMod\Update.exe --createShortcut WeMod.exe
5⤵
- Executes dropped EXE
PID:2012

C:\Users\Admin\AppData\Local\WeMod\Update.exe
"C:\Users\Admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://titles/28422?_inst=blm6FCuck7GkKzvx"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:828

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" wemod://titles/28422?_inst=blm6FCuck7GkKzvx
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1424

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=936 --field-trial-handle=1056,i,11536149130517899363,6010721060737996942,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1988

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --force-ui-direction=ltr --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --mojo-platform-channel-handle=1224 --field-trial-handle=1056,i,11536149130517899363,6010721060737996942,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1788

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1528 --field-trial-handle=1056,i,11536149130517899363,6010721060737996942,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1764

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe WeMod\Support_1678731962918_Out
5⤵
- Executes dropped EXE
PID:1660

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2264 --field-trial-handle=1056,i,11536149130517899363,6010721060737996942,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1576

C:\Users\Admin\AppData\Local\WeMod\Update.exe
C:\Users\Admin\AppData\Local\WeMod\Update.exe --checkForUpdate https://api.wemod.com/client/channels/stable
4⤵
- Executes dropped EXE
PID:1440

C:\Users\Admin\AppData\Local\WeMod\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\WeMod.exe"
1⤵
- Executes dropped EXE
PID:1532

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1512

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=920 --field-trial-handle=1080,i,6465369619049201478,6802855194110237190,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2024

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
f8c1641bec7b537f886c9b6e1c02ac2b

SHA1
0a47b91734cbb19d63ab9e8af1c6909da13b6f00

SHA256
45a379ee84e797f1326797ac4aea189b01a2ae5a65b682a51ef51e3fa190f082

SHA512
f4cf4fd01b58a1ee63aa5ae1a69ff7796e8689a1612335cac3810049d564d668fb2b28f38dbed031e0e57c680dd0b64b5de1cf144612567181efb81fe3828ba3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
a337ebe21ab2b1493ba7dee8b3555ad4

SHA1
09f612e6641da8abc81f09d73a1697582b04212a

SHA256
9a4408df405117130ba57be00c714207c3c8fb79e936405589d1e1cfc2f7c9cc

SHA512
e9dc074cd9a198d6138d6e4bb11e00282d182457c75dae681fb034cc70a5cdd16045db43ef8be6baa19d62318a464a485d761c0642f53c52099c1bcb9c1ef627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
59cf72f8a81b1643d1e4b3b9b1608eb1

SHA1
f4c0392ee1606d6bb1a3d8e65328898054eb0d4c

SHA256
52df6f4ae725df229cf975b54697466f73e73f433d77d38ca699c610efcc3bc2

SHA512
5a01b512e324de535afd53c52e9903829e048890fec41502d623226bc1c36a9d754b464411ad432b76df76d8d79fcaeb4ac0d8bd47be3e40726c8c7b91b9b84a

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
Filesize
76B

MD5
0b90c6926befa5dbf6d2d8d97e650ea5

SHA1
0c8e2327f01a4c6455a42d5f18e56242d2658082

SHA256
18fc2d9a4c3405043bcd54b2c8193f1fd110a531b83177b168ba3d25bac8ed11

SHA512
24da3d6bddf930d80e04798f5fe60db73748eeeae8238de5bb5a5b7d98df73d66a456159be819d574d5ff5fc6f0663c57ea3044892b810549c26aca168ce8491

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.8MB

MD5
1f4c7ac0f30d95edbe542b77bbdb5ed2

SHA1
f95163ed631e57fc478fa74f5d31ca5106b5c95b

SHA256
6d38745793e383f922f90719d5a9444ddaf9d8a25ae7ad83450a58e4564fe41c

SHA512
e9b9aab1dfbef58a1bf6228e3e820f5b8673c73d53ea28b1519f1ba66fe9dab7c8dc3ba78315e73cfc7f28fce04167c6c4badbf191d9ee5df48d306483d7238a

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.8MB

MD5
1f4c7ac0f30d95edbe542b77bbdb5ed2

SHA1
f95163ed631e57fc478fa74f5d31ca5106b5c95b

SHA256
6d38745793e383f922f90719d5a9444ddaf9d8a25ae7ad83450a58e4564fe41c

SHA512
e9b9aab1dfbef58a1bf6228e3e820f5b8673c73d53ea28b1519f1ba66fe9dab7c8dc3ba78315e73cfc7f28fce04167c6c4badbf191d9ee5df48d306483d7238a

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\WeMod-8.5.0-full.nupkg
Filesize
98.1MB

MD5
660861f1171364698499519c06c22d57

SHA1
30142d06e585bfc832f7fe2b9afbb933f928ac6f

SHA256
4fe7046f9e17618013c0f8038d607ddac3738cf814ace553724bb20a24e4a34c

SHA512
1bc16c595db7f6b7408de8d46c8ba0f2a7869442875624f530ca13c8685c5ddcbb8448c738f1c97c0f2905dc9383689fb7351e4f55df646fe552de664e1a4c6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638143286475796000.exe
Filesize
98.9MB

MD5
0a79ca5414d0b397ed93437a694622bc

SHA1
882ce3a09f39a9f2b72b7187d92d37fb9d7de57a

SHA256
af93691dcdacad747705b4fd30685b2a3c87edaf30b95db44151905678e3c934

SHA512
8d8abe9214e1fd4cbdccb5d51e0b19be6767b915a44aa15dccbfe3770a07cb6d806a35b7ac0cfeb276b21e15189869ac02aaf5938e42e3dbd931c89c81e21dac

Download Submit
C:\Users\Admin\AppData\Local\WeMod\Update.exe
Filesize
1.8MB

MD5
1f4c7ac0f30d95edbe542b77bbdb5ed2

SHA1
f95163ed631e57fc478fa74f5d31ca5106b5c95b

SHA256
6d38745793e383f922f90719d5a9444ddaf9d8a25ae7ad83450a58e4564fe41c

SHA512
e9b9aab1dfbef58a1bf6228e3e820f5b8673c73d53ea28b1519f1ba66fe9dab7c8dc3ba78315e73cfc7f28fce04167c6c4badbf191d9ee5df48d306483d7238a

Download Submit
C:\Users\Admin\AppData\Local\WeMod\Update.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\Update.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\WeMod.exe
Filesize
536KB

MD5
17d0bc5867eb50fcb4ccc3462615822c

SHA1
f37cdbaf0e5325a7a3c81ff23060c1ef40d113bf

SHA256
490772e36140b29c8eaebdaf5476cadc0ac6d88786c801a87cc5752047595b38

SHA512
945a09949cbd545558982627c0175a7f4b161dac0d2af931206e768ca182d02df254921ac2b05db18cbdfa81183fe10ee6e319e21bce8be79466cb59cf846cc5

Download Submit
C:\Users\Admin\AppData\Local\WeMod\WeMod.exe
Filesize
536KB

MD5
17d0bc5867eb50fcb4ccc3462615822c

SHA1
f37cdbaf0e5325a7a3c81ff23060c1ef40d113bf

SHA256
490772e36140b29c8eaebdaf5476cadc0ac6d88786c801a87cc5752047595b38

SHA512
945a09949cbd545558982627c0175a7f4b161dac0d2af931206e768ca182d02df254921ac2b05db18cbdfa81183fe10ee6e319e21bce8be79466cb59cf846cc5

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\D3DCompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\Squirrel.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\chrome_100_percent.pak
Filesize
126KB

MD5
44a69827d4aa75426f3c577af2f8618e

SHA1
7bdd115425b05414b64dcdb7d980b92ecd3f15b3

SHA256
bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

SHA512
5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\chrome_200_percent.pak
Filesize
175KB

MD5
9c379fc04a7bf1a853b14834f58c9f4b

SHA1
c105120fd00001c9ebdf2b3b981ecccb02f8eefb

SHA256
b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

SHA512
f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\icudtl.dat
Filesize
10.0MB

MD5
cf9421b601645bda331c7136a0a9c3f8

SHA1
9950d66df9022f1caa941ab0e9647636f7b7a286

SHA256
8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

SHA512
bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\libegl.dll
Filesize
377KB

MD5
5bd8277192fb288232de03f662ed0b07

SHA1
fe304b6b0b809fa8eacd8659c9dbf5439bafa8ca

SHA256
9c9fa0503e1c1fba96d5bd3a383216091b5df934df59daf8f965535cca2dd4d5

SHA512
c29e4352130167f167844f4ad3e3ee32a871fbdd2dd9ff92a9f0797af85ba97ec659e63eb5373f00152f1f2be64efbf26f779b51a51717b4be2b6f5225f5a4c6

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\libglesv2.dll
Filesize
6.2MB

MD5
375ab4b0b81c8f408ba618f436734739

SHA1
c84064cacb3af0c83e7f393a09b4923587d75290

SHA256
d974356a5af23cf5fae75750f7ffa0833100ff59982c1b4c6589597e295cc999

SHA512
7e1c2e3e2e40439f5b3d312fb8b50e703beeb22d17b26fdf6ccaf672085b33679c20c84db4df829012466be56d020ccc6ff41c9770b159ad33d0c4f30d4b67d9

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\locales\es.pak
Filesize
367KB

MD5
c8086dc25cf0a3c978b2c3b37edf8d67

SHA1
7b6d2ce8b3cc5a33ab2bcd23114fe65ccc568e7a

SHA256
11ef2c0229c1fe1c10be08e3d5f36c973bc3c272f37b40e05c534a118757461b

SHA512
230e6999a6fea1df3b2708eb331a2c25ca53677b3453745ff9cc7fbbc013b69148af5609166720255a2db7e63b25e2d0c599fb07057a6b47bf61f63ea9db9e01

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources.pak
Filesize
5.2MB

MD5
f24c85d2b898b6b4de118f6a2e63a244

SHA1
731adfc20807874b70bda7e2661e66ff6987e069

SHA256
aca9267dd8f530135d67240aa897112467bae77cd5fe1a549c69732fdf2803c6

SHA512
b49f6a4eb870b01b48b4cfbf5a73c1727cf7847a9505f7c11ce6befdbef868484867f6e0ac66aea8177ca5cab2abba1cae5ac626a8e3f44fc001cac0fe820c61

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar
Filesize
6.5MB

MD5
b74477056326a2c0e27a0da6c25422af

SHA1
d8f501d8b4c485f46fae9d9f80c0a2bb2afa912f

SHA256
ae7368363955d479f3afbd0c0d00c3e22cb0f32fa6b2dcf1a782a94a3dc21df8

SHA512
49f7e52847906baa40ba282efd227a2a649d548cdfb42476a9020ae9ad53f308d8aa6d487a194b9208b83bcf545cbea7ae0d3bcd9b294769f132adfde140bd4e

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar.unpacked\static\unpacked\icon.ico
Filesize
279KB

MD5
34ee19ccd44f31cd831dc50920f19890

SHA1
24545d2f4741fb5a4649840486ffd3597b7ade5b

SHA256
136cf9b3a30268d1d439df7b9fd9104cb1d83be7fd2b562c3e9a47450ae0df3d

SHA512
ded8ade93c143dc8abc7a76b03b4015a8637b2ee13b85dd70655d5857289f19ebef76562eace56a3ad3c2418fab5305bb0b6cadd0a412ddb781b8f496e82c74a

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\squirrel.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\v8_context_snapshot.bin
Filesize
590KB

MD5
dd9ca4878bba782613cba372de1c36f4

SHA1
2eefcb6fcaa4b2ed717c952895710be5701871a7

SHA256
ea33ca96024769386ae0ff100c2ae239507006d7340f1f8bbc5bcfb4195f9226

SHA512
0791d3827a6de5745d3424c562b16604cf311ed6fcb4cf62d2c7f54ec0b7f3535b1114e919d2ba6d144cbe9f45418a555ab3fd801078bd8d563a656796f5d4e6

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\vk_swiftshader.dll
Filesize
4.2MB

MD5
ed9ba505da635589cb5fc6623f6859bd

SHA1
21fe4f04404fcea097b3f214fd3181f91a56822b

SHA256
d605d0c3fce033205c510dc1dae25fc64eb2fc9a3f99c2a8df25eb968a4db763

SHA512
842b3c43e334a5fc706ba286fa23f7501854772f58240f14971944361caac5a985a445e565fe5d31aaed97aaea196e3a8c59d5275386d10703cff42384d2f24f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\vulkan-1.dll
Filesize
754KB

MD5
a6826e4c60449ca4b6f4f285ce981260

SHA1
c7134e9715c365154882108b9b45b99d6462b785

SHA256
a5267fd66fda82bc09aa71cfd7fa138e606178769548482fbff2fd0a80e4b795

SHA512
cb664e0b29185e00aff14167305db3e63a4e91a0053183d5463caa0d735250b57dc6a8412850b8a4ad2c2145ccb21423b22d0ce7e76e6a995e37f3af801f46d9

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES
Filesize
76B

MD5
0b90c6926befa5dbf6d2d8d97e650ea5

SHA1
0c8e2327f01a4c6455a42d5f18e56242d2658082

SHA256
18fc2d9a4c3405043bcd54b2c8193f1fd110a531b83177b168ba3d25bac8ed11

SHA512
24da3d6bddf930d80e04798f5fe60db73748eeeae8238de5bb5a5b7d98df73d66a456159be819d574d5ff5fc6f0663c57ea3044892b810549c26aca168ce8491

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES
Filesize
76B

MD5
0b90c6926befa5dbf6d2d8d97e650ea5

SHA1
0c8e2327f01a4c6455a42d5f18e56242d2658082

SHA256
18fc2d9a4c3405043bcd54b2c8193f1fd110a531b83177b168ba3d25bac8ed11

SHA512
24da3d6bddf930d80e04798f5fe60db73748eeeae8238de5bb5a5b7d98df73d66a456159be819d574d5ff5fc6f0663c57ea3044892b810549c26aca168ce8491

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES
Filesize
76B

MD5
0b90c6926befa5dbf6d2d8d97e650ea5

SHA1
0c8e2327f01a4c6455a42d5f18e56242d2658082

SHA256
18fc2d9a4c3405043bcd54b2c8193f1fd110a531b83177b168ba3d25bac8ed11

SHA512
24da3d6bddf930d80e04798f5fe60db73748eeeae8238de5bb5a5b7d98df73d66a456159be819d574d5ff5fc6f0663c57ea3044892b810549c26aca168ce8491

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\WeMod-8.5.0-full.nupkg
Filesize
98.1MB

MD5
660861f1171364698499519c06c22d57

SHA1
30142d06e585bfc832f7fe2b9afbb933f928ac6f

SHA256
4fe7046f9e17618013c0f8038d607ddac3738cf814ace553724bb20a24e4a34c

SHA512
1bc16c595db7f6b7408de8d46c8ba0f2a7869442875624f530ca13c8685c5ddcbb8448c738f1c97c0f2905dc9383689fb7351e4f55df646fe552de664e1a4c6f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\WeMod-8.5.0-full.nupkg
Filesize
98.1MB

MD5
660861f1171364698499519c06c22d57

SHA1
30142d06e585bfc832f7fe2b9afbb933f928ac6f

SHA256
4fe7046f9e17618013c0f8038d607ddac3738cf814ace553724bb20a24e4a34c

SHA512
1bc16c595db7f6b7408de8d46c8ba0f2a7869442875624f530ca13c8685c5ddcbb8448c738f1c97c0f2905dc9383689fb7351e4f55df646fe552de664e1a4c6f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\update.exe
Filesize
1.8MB

MD5
1f4c7ac0f30d95edbe542b77bbdb5ed2

SHA1
f95163ed631e57fc478fa74f5d31ca5106b5c95b

SHA256
6d38745793e383f922f90719d5a9444ddaf9d8a25ae7ad83450a58e4564fe41c

SHA512
e9b9aab1dfbef58a1bf6228e3e820f5b8673c73d53ea28b1519f1ba66fe9dab7c8dc3ba78315e73cfc7f28fce04167c6c4badbf191d9ee5df48d306483d7238a

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\DawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\DawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\DawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Local State
Filesize
389B

MD5
6d5c207cbc1197bcc11dff1ca083585d

SHA1
fca57c33b005ab35b6b0d96ae53676a0a6056a58

SHA256
d299a9b5c67c2ac6777a5937a5f694d90bc2aba8015fddabb6fd892a5c846fe2

SHA512
6ee23278a9b235b8bc61f8f28b5ac060fd88e1aae64557c3209c8229c2899a53b6970f4278a7dfbfa112034a9f394d761ee417c645b6abe5a72a6f102ecd9c42

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Local Storage\leveldb\CURRENT~RF6d980c.TMP
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.8MB

MD5
1f4c7ac0f30d95edbe542b77bbdb5ed2

SHA1
f95163ed631e57fc478fa74f5d31ca5106b5c95b

SHA256
6d38745793e383f922f90719d5a9444ddaf9d8a25ae7ad83450a58e4564fe41c

SHA512
e9b9aab1dfbef58a1bf6228e3e820f5b8673c73d53ea28b1519f1ba66fe9dab7c8dc3ba78315e73cfc7f28fce04167c6c4badbf191d9ee5df48d306483d7238a

Download Submit
\Users\Admin\AppData\Local\WeMod\Update.exe
Filesize
1.8MB

MD5
1f4c7ac0f30d95edbe542b77bbdb5ed2

SHA1
f95163ed631e57fc478fa74f5d31ca5106b5c95b

SHA256
6d38745793e383f922f90719d5a9444ddaf9d8a25ae7ad83450a58e4564fe41c

SHA512
e9b9aab1dfbef58a1bf6228e3e820f5b8673c73d53ea28b1519f1ba66fe9dab7c8dc3ba78315e73cfc7f28fce04167c6c4badbf191d9ee5df48d306483d7238a

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\d3dcompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\d3dcompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\libEGL.dll
Filesize
377KB

MD5
5bd8277192fb288232de03f662ed0b07

SHA1
fe304b6b0b809fa8eacd8659c9dbf5439bafa8ca

SHA256
9c9fa0503e1c1fba96d5bd3a383216091b5df934df59daf8f965535cca2dd4d5

SHA512
c29e4352130167f167844f4ad3e3ee32a871fbdd2dd9ff92a9f0797af85ba97ec659e63eb5373f00152f1f2be64efbf26f779b51a51717b4be2b6f5225f5a4c6

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\libEGL.dll
Filesize
377KB

MD5
5bd8277192fb288232de03f662ed0b07

SHA1
fe304b6b0b809fa8eacd8659c9dbf5439bafa8ca

SHA256
9c9fa0503e1c1fba96d5bd3a383216091b5df934df59daf8f965535cca2dd4d5

SHA512
c29e4352130167f167844f4ad3e3ee32a871fbdd2dd9ff92a9f0797af85ba97ec659e63eb5373f00152f1f2be64efbf26f779b51a51717b4be2b6f5225f5a4c6

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\libGLESv2.dll
Filesize
6.2MB

MD5
375ab4b0b81c8f408ba618f436734739

SHA1
c84064cacb3af0c83e7f393a09b4923587d75290

SHA256
d974356a5af23cf5fae75750f7ffa0833100ff59982c1b4c6589597e295cc999

SHA512
7e1c2e3e2e40439f5b3d312fb8b50e703beeb22d17b26fdf6ccaf672085b33679c20c84db4df829012466be56d020ccc6ff41c9770b159ad33d0c4f30d4b67d9

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\libGLESv2.dll
Filesize
6.2MB

MD5
375ab4b0b81c8f408ba618f436734739

SHA1
c84064cacb3af0c83e7f393a09b4923587d75290

SHA256
d974356a5af23cf5fae75750f7ffa0833100ff59982c1b4c6589597e295cc999

SHA512
7e1c2e3e2e40439f5b3d312fb8b50e703beeb22d17b26fdf6ccaf672085b33679c20c84db4df829012466be56d020ccc6ff41c9770b159ad33d0c4f30d4b67d9

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\vk_swiftshader.dll
Filesize
4.2MB

MD5
ed9ba505da635589cb5fc6623f6859bd

SHA1
21fe4f04404fcea097b3f214fd3181f91a56822b

SHA256
d605d0c3fce033205c510dc1dae25fc64eb2fc9a3f99c2a8df25eb968a4db763

SHA512
842b3c43e334a5fc706ba286fa23f7501854772f58240f14971944361caac5a985a445e565fe5d31aaed97aaea196e3a8c59d5275386d10703cff42384d2f24f

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\vk_swiftshader.dll
Filesize
4.2MB

MD5
ed9ba505da635589cb5fc6623f6859bd

SHA1
21fe4f04404fcea097b3f214fd3181f91a56822b

SHA256
d605d0c3fce033205c510dc1dae25fc64eb2fc9a3f99c2a8df25eb968a4db763

SHA512
842b3c43e334a5fc706ba286fa23f7501854772f58240f14971944361caac5a985a445e565fe5d31aaed97aaea196e3a8c59d5275386d10703cff42384d2f24f

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\vk_swiftshader.dll
Filesize
4.2MB

MD5
ed9ba505da635589cb5fc6623f6859bd

SHA1
21fe4f04404fcea097b3f214fd3181f91a56822b

SHA256
d605d0c3fce033205c510dc1dae25fc64eb2fc9a3f99c2a8df25eb968a4db763

SHA512
842b3c43e334a5fc706ba286fa23f7501854772f58240f14971944361caac5a985a445e565fe5d31aaed97aaea196e3a8c59d5275386d10703cff42384d2f24f

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\vk_swiftshader.dll
Filesize
4.2MB

MD5
ed9ba505da635589cb5fc6623f6859bd

SHA1
21fe4f04404fcea097b3f214fd3181f91a56822b

SHA256
d605d0c3fce033205c510dc1dae25fc64eb2fc9a3f99c2a8df25eb968a4db763

SHA512
842b3c43e334a5fc706ba286fa23f7501854772f58240f14971944361caac5a985a445e565fe5d31aaed97aaea196e3a8c59d5275386d10703cff42384d2f24f

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.5.0\vulkan-1.dll
Filesize
754KB

MD5
a6826e4c60449ca4b6f4f285ce981260

SHA1
c7134e9715c365154882108b9b45b99d6462b785

SHA256
a5267fd66fda82bc09aa71cfd7fa138e606178769548482fbff2fd0a80e4b795

SHA512
cb664e0b29185e00aff14167305db3e63a4e91a0053183d5463caa0d735250b57dc6a8412850b8a4ad2c2145ccb21423b22d0ce7e76e6a995e37f3af801f46d9

Download Submit
memory/828-282-0x0000000000860000-0x0000000000A3C000-memory.dmp

Filesize
1.9MB

Download
memory/1304-56-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1304-57-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1304-55-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1304-119-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1304-95-0x0000000021FF0000-0x0000000022796000-memory.dmp

Filesize
7.6MB

Download
memory/1304-140-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1304-120-0x000000001B190000-0x000000001B210000-memory.dmp

Filesize
512KB

Download
memory/1304-54-0x0000000000A00000-0x0000000000A26000-memory.dmp

Filesize
152KB

Download
memory/1424-344-0x000000000B7F0000-0x000000000B7F1000-memory.dmp

Filesize
4KB

Download
memory/1440-472-0x0000000000A90000-0x0000000000C6C000-memory.dmp

Filesize
1.9MB

Download
memory/1440-504-0x000000001B260000-0x000000001B2E0000-memory.dmp

Filesize
512KB

Download
memory/1584-239-0x0000000000110000-0x00000000002EC000-memory.dmp

Filesize
1.9MB

Download
memory/1660-518-0x000000001ACD0000-0x000000001AD50000-memory.dmp

Filesize
512KB

Download
memory/1660-499-0x0000000000D20000-0x0000000000E10000-memory.dmp

Filesize
960KB

Download
memory/1908-137-0x000000001B470000-0x000000001B4F0000-memory.dmp

Filesize
512KB

Download
memory/1908-134-0x0000000000E60000-0x0000000001036000-memory.dmp

Filesize
1.8MB

Download
memory/1908-244-0x000000001B470000-0x000000001B4F0000-memory.dmp

Filesize
512KB

Download
memory/1988-302-0x0000000008400000-0x0000000008401000-memory.dmp

Filesize
4KB

Download
memory/2012-278-0x0000000000780000-0x0000000000800000-memory.dmp

Filesize
512KB

Download
memory/2012-261-0x0000000000780000-0x0000000000800000-memory.dmp

Filesize
512KB

Download
memory/2012-256-0x0000000000370000-0x0000000000546000-memory.dmp

Filesize
1.8MB

Download