lumma | hxxps://www[.]wemod[.]com/

Resubmissions

19-03-2023 19:21

230319-x2zetahg62 1

19-03-2023 19:09

230319-xtq4gahg36 10

Analysis

max time kernel
440s
max time network
467s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2023 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.wemod.com/

Score

10^/10

lumma discovery persistence stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WeMod.exeWeMod.exeWeMod.exeUpdate.exeWeMod-Setup.exeUpdate.exeWeMod.exeWeMod.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	WeMod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	WeMod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	WeMod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	WeMod-Setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	WeMod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	WeMod.exe

Executes dropped EXE 16 IoCs

Processes:

WeMod-Setup.exeWeMod-Setup-638148498606754183.exeUpdate.exeSquirrel.exeWeMod.exeUpdate.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeUpdate.exeWeModAuxiliaryService.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exe

pid	process
5008	WeMod-Setup.exe
3384	WeMod-Setup-638148498606754183.exe
1660	Update.exe
1064	Squirrel.exe
1200	WeMod.exe
1028	Update.exe
440	WeMod.exe
3992	WeMod.exe
4560	WeMod.exe
4036	WeMod.exe
1012	Update.exe
1908	WeModAuxiliaryService.exe
8072	WeMod.exe
8152	WeMod.exe
3180	WeMod.exe
1980	WeMod.exe

Loads dropped DLL 15 IoCs

Processes:

WeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exe

pid	process
1200	WeMod.exe
440	WeMod.exe
3992	WeMod.exe
4560	WeMod.exe
3992	WeMod.exe
3992	WeMod.exe
3992	WeMod.exe
3992	WeMod.exe
4036	WeMod.exe
3992	WeMod.exe
8072	WeMod.exe
8072	WeMod.exe
8152	WeMod.exe
3180	WeMod.exe
1980	WeMod.exe

Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WeMod.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WeMod.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	WeMod.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	WeMod.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

WeMod-Setup.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\DOMStorage\wemod.com	WeMod-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wemod.com	WeMod-Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wemod.com\NumberOfSubdomains = "1"	WeMod-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\DOMStorage\api.wemod.com	WeMod-Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\api.wemod.com\ = "35"	WeMod-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	WeMod-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	WeMod-Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "35"	WeMod-Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wemod.com\Total = "35"	WeMod-Setup.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133237265599509533"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 8 IoCs

Processes:

WeMod.exechrome.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\wemod\URL Protocol	WeMod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\wemod\ = "URL:wemod"	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\wemod\shell\open\command	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\wemod\shell	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\wemod\shell\open	WeMod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\wemod\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\WeMod\\app-8.5.0\\WeMod.exe\" \"%1\""	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\wemod	WeMod.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

chrome.exeUpdate.exechrome.exeWeMod.exechrome.exemsedge.exe

pid	process
4756	chrome.exe
4756	chrome.exe
1660	Update.exe
1660	Update.exe
1800	chrome.exe
1800	chrome.exe
8072	WeMod.exe
8072	WeMod.exe
6728	chrome.exe
6728	chrome.exe
4184	msedge.exe
4184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 63 IoCs

Processes:

chrome.exechrome.exe

pid	process
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

Processes:

chrome.exechrome.exemsedge.exe

pid	process
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
6096	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exechrome.exe

pid	process
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe
1800	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

WeMod-Setup.exe

pid process

5008 WeMod-Setup.exe
5008 WeMod-Setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4756 wrote to memory of 2608	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 2608	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 116	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 3024	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 3024	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe
PID 4756 wrote to memory of 4732	4756	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.wemod.com/
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb390f9758,0x7ffb390f9768,0x7ffb390f9778
2⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:2
2⤵
PID:116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:1
2⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3260 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:1
2⤵
PID:1860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4836 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:1
2⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4648 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:1
2⤵
PID:3444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5396 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:3300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5616 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:3944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5684 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:4220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5580 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:1
2⤵
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5824 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:1
2⤵
PID:4792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5964 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6108 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5800 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:4860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5868 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6376 --field-trial-handle=1820,i,14958285508588515884,963979833287889330,131072 /prefetch:8
2⤵
PID:2740

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1628

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4480

C:\Users\Admin\Downloads\WeMod-Setup.exe
"C:\Users\Admin\Downloads\WeMod-Setup.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5008

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638148498606754183.exe
"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638148498606754183.exe" --silent
2⤵
- Executes dropped EXE
PID:3384

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent
3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1660

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\Squirrel.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
4⤵
- Executes dropped EXE
PID:1064

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --squirrel-install 8.5.0
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1200

C:\Users\Admin\AppData\Local\WeMod\Update.exe
"C:\Users\Admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://?_inst=Y2msmpmpz3OQLpjz"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:1028

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" wemod://?_inst=Y2msmpmpz3OQLpjz
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
PID:440

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1740,i,5582348221679409534,11239803206958216994,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3992

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --force-ui-direction=ltr --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --mojo-platform-channel-handle=2128 --field-trial-handle=1740,i,5582348221679409534,11239803206958216994,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4560

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2532 --field-trial-handle=1740,i,5582348221679409534,11239803206958216994,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4036

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe WeMod\Support_1679253176278_Out
5⤵
- Executes dropped EXE
PID:1908

C:\Users\Admin\AppData\Local\WeMod\Update.exe
C:\Users\Admin\AppData\Local\WeMod\Update.exe --checkForUpdate https://api.wemod.com/client/channels/stable
4⤵
- Executes dropped EXE
PID:1012

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3560 --field-trial-handle=1740,i,5582348221679409534,11239803206958216994,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:8072

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2260 --field-trial-handle=1740,i,5582348221679409534,11239803206958216994,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:8152

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3968 --field-trial-handle=1740,i,5582348221679409534,11239803206958216994,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/app/1721470
4⤵
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
PID:6096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb4d2c46f8,0x7ffb4d2c4708,0x7ffb4d2c4718
5⤵
PID:264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2173090116710272661,8253737266273175682,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
5⤵
PID:4128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,2173090116710272661,8253737266273175682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,2173090116710272661,8253737266273175682,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 /prefetch:8
5⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2173090116710272661,8253737266273175682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
5⤵
PID:5944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2173090116710272661,8253737266273175682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
5⤵
PID:5904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,2173090116710272661,8253737266273175682,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5212 /prefetch:8
5⤵
PID:7204

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4356 --field-trial-handle=1740,i,5582348221679409534,11239803206958216994,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb390f9758,0x7ffb390f9768,0x7ffb390f9778
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:2
2⤵
PID:3352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:8
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:8
2⤵
PID:1748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3264 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:1628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:8
2⤵
PID:4104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4720 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3820 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:8
2⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:8
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:8
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:8
2⤵
PID:4836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:8
2⤵
PID:1524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5196 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:4268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3968 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:4332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3320 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4700 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:1320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5052 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:2540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4688 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:2960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3464 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:3236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4792 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:4332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5888 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:4504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6412 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6396 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:3420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6380 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:4204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6364 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6340 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6148 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:3336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6176 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6032 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4788 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:4440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6920 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7632 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7432 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7844 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8328 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8696 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8548 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8408 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8384 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8376 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8100 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8080 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9740 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:6024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9480 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:6016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10312 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10268 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10084 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9356 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:6008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9352 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:6000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9320 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9280 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10704 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:6728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=11220 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:7084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11880 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:6972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11640 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:6980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11600 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:7004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10888 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:7304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=12016 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:7392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6796 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:7536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=12088 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:7592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11548 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:7676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=6792 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=5700 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:7776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5656 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=12164 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:5932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10264 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:7452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9144 --field-trial-handle=1904,i,8145913038085151457,15607769199514808590,131072 /prefetch:1
2⤵
PID:7620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x2fc
1⤵
PID:7896

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
Filesize
604KB

MD5
2358080e7cd5c47575b0456584d354ad

SHA1
1cc9018d4143de8bcc127dd946ead28e9d706543

SHA256
eb608dbe39c6a65bdbc4d354f3b2a849e505901f0dfc5b327abbdad284ae5123

SHA512
91860c1e69e017c6202b3569d40b93e64467621d834f57c887eccdacae3b6debb43220bb49298749577106efd4c460d736b9a33496395c7905713b6119490998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
f5727e1b8441e76f5fdae1a79c4f86ab

SHA1
c8a3e510e40357954cea6958064406010f72b4cb

SHA256
d9a9897d184f0829eb79d33a795b1817201fd1ae2839637f05b805019ca92363

SHA512
802ab580fb687a23c623e97ef9f2ef1c020b52cdeb081583b626a3128f68468f616a527d0d304d0e72bfa9f92f2eecce6e19cde85684d13f3ac0a27bc50ec960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
f37ebf20b1871bc3201d87859f023349

SHA1
7dca56651867542d1dc743db00e1daf3ca0e9246

SHA256
2c6b07b84b365ca26e74ec790b51b31aab27499011498163b8d070cd357ee413

SHA512
315855b70c75aab33ff79a46f456abcf254bd2940a0a63f67596802ff317830cb7f84f255e6ea91e1fb496a05112ff09c197b9350d70a63b35c1faad66832e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
2819f6435fd32822ed5de334741e7462

SHA1
fbf532d352adecd5a2ff827cfd8c5530e2ea854b

SHA256
9061c1c2ead23aab2d8cee976f5a6c740bb285f912d7445d41438067ae41d2ba

SHA512
e8606c04cf366c8c46106aa3f607851f510655941e07a5ec89d91f0c0639858357609a4cab12a76c2953d9fe3f43b07ad8035a8e0a3586ae217fb91b1a1287fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
8e59412b8cadc3083ac5bea9df44b1e8

SHA1
8b7bcc90f05c7d2ec29138b3c151d6a8985d0f2e

SHA256
3a856cc8d267b25e449865ef72cf22e8294110d5f1fe056e4c7c0ac6dfe34ada

SHA512
0267851ef7eef4d0720a60005dd14b8131e993850e664427b55b1853d53cce8e03ca614a13f929dbedb2d7fab9b3b5ff59ac8f169ee35758bc784fb2d28c89d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
ebc9a13f8b49acdce230802d6ade8e18

SHA1
e3117a8cd1a340be3d09567ba29e1100cdf14620

SHA256
acd43e19827f5810dcd98d0d67064b3b7963d224bf278f8d327cf1a4d6e8f819

SHA512
17e563d3e9c47d731126f31468ec3cd62f7f878c67610c02aa88ad41efca309560b26f38e30d60f1f47b30342c72268ce55e8303c3c9d429f1be3d2ffc6b67c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
3922bf895e1e675ddfcc36b380e86007

SHA1
157d8a4f80c719c4a717453258614fa1d4258e54

SHA256
51e40a16ee7d9afb4560990ef2d7079e000b4bb167728999bb63af99c52eeee8

SHA512
702da2feeb6022d6c12a7404f9197a9ab4b6f9da9bc794ab5bbcbc4b7a323502be8e0938afe273e7b908e99903cb1196754f985b5c5135669ce2030c6dbdf64c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
e03fd19ed5c35706ea5798d769c2e1e1

SHA1
8a957678c880eb5fd5fec51c22099503b6bb8f39

SHA256
706ac5a9fb4d2e066514a18990974978498effc8225bf9f0b3f535a0d3825f91

SHA512
76a7733d811f77e5e5212db99290775985a01572d4cf97c038cfbf67f57d9db9e1d11ed343c9522d3394dcc6e4c9daf70bca4ebf90e20aafd031d802ae4be3db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
4e9fe4b60abf9b03cd5b7ddee64937a8

SHA1
6c590ad9f831d5ee0c279edd912b10af850407bd

SHA256
1131703141b9daa0ef441f13f5f045904cc2c03236b4e936b5112e154ff4c5ff

SHA512
1a65e7967bdb6c98a42ef17bf49a55005af8b9b0cf6453e97fdbddac3329389ca153f1cd54d78f66c33f4168216147d6839ed654653421b8b869b35719fefa3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
13KB

MD5
5aad2293ff31eb54142490ccd958fe1a

SHA1
dfb82f978e6e96a9dbb70d97400b747fc2d7dddb

SHA256
15cc6111f2869edfd1ebb24c9fee3ae9f47474a2f9dc30270fe49aae2329666f

SHA512
c857a40b459b86743fa2800517e409dc6927a0b4bc01bea2124cf91d9a9e8034eb44a726e025a54fba1269cb8294f9e8d3ffadbe28e2d1bf90d56c47cab93f10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
14KB

MD5
f10b7ee189df442a23485a453c6d5e93

SHA1
dea775a4d1827d77c829389f5016a867f73ead0f

SHA256
f5b5103664a000ff7cc0e081eb8192b9fbbc7c6840855943ee94548276dc875d

SHA512
0b3decd10cbd93b09a6938bc5e9ac1cad6e4961bd6435ebb285c3d944f14c557111eacb8275469de15563e34c283943030a94f0587c152f7967bd80704d72a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
16KB

MD5
a8237445d96816ffcd3c191f19243916

SHA1
e61d9c5fb0a34bdb2e4b4c669e74a78b06fe0725

SHA256
24b476eae68a2d7cd6a14636aa6c90612ad6732e888f077d9aaec66002ad01dd

SHA512
da5298587958c5730cd699925e31d60534e0c20e39c745b0327d79b7afd9462bce7841a0cae8bc11d2b445ea2fc07db55824d731cab1f11a1618d6a85f88ab91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
67b3722f721500accdcefcc63f2bde4b

SHA1
94ecd95bc02dda7f600df1ce8e097b9949aaeffa

SHA256
fdf2f67a69424066ed08691839b8a6c8ccb1a270015143ddf07a3e30a0d157ac

SHA512
7a4d430fd48fa3fe1b4a152427d8a857187d1642f76788e19d6eeef9b749f591223a06936651683ff72f3dcbcf207b27a21e45cafdcd7b6fa5d6b7e56198eec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
2980bf515c198481cf9d070038c80e3d

SHA1
e0474d9cd7bd54d49438fe6db431f0d87237149e

SHA256
a621f1d14cda743a5dfd99a6fa5eeb8b41e7a60dd6887c1c96a18810010205d1

SHA512
a01afb05737382d8e6a6f1c5df683196a3390fa0e4f5d20032a43e0813d12aae10850ec848bc1718381f614916cd359f08d7fae800932a40700e1f7958599b21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
97026480802da403b624ad6974d30eb6

SHA1
eb50b3c8e1db63023378a17e0079b093de4fcd59

SHA256
ca26a59073176cfb761d9ef122b42a69b2cde5c4266d7bf2f991c771d174a0e2

SHA512
6b926d8aa415cf876034bc6ec01c7de3f6cac6e7eaae606f6a9ba519c61f17de8b3b391e4fe68eb8f3ddd6a0a637a5099c96bd6fb379d90cd05644eaad549dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
a66638dc90218df7230cdaa65930f906

SHA1
8216a7db350589704747f55dabd4bb1a5c573058

SHA256
8a8c205a1b39d26a868b154fc1666a87a5f66665cf88abbc8eb0b4399efdbbb9

SHA512
3d89c9d4fd1f98bcc69a76b6dec925c6e9f377f87c8db3a5df5bfc246484e866d78f5ccc98470047cd00731195a50c4c5e22b6deb73a3c80e3511debd3e9d44f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
0d7a49e0eb7fbee43a04dfd28460d950

SHA1
18a0c00708856f6ece99a3a8c8a18011e4f48cbf

SHA256
28091b4b14df3dec1a6ceefde823873918993efa5651d3e05fa480ef6289d1e4

SHA512
2628b91694cead251229a60ba0313a26cac87ee25cc428adebf1a8dcc10ca530c65b734556a62a197a56b03a380587e15fcc3bb7182fe550068aedf33f287885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
1d7f862ef91fcff6e4083dc42c33fdfd

SHA1
ec3a8df76653ff90e11a10f16509a25e208cce4e

SHA256
2cf79609855fed1a156b4776999ad82e5e15f6966a328c505baa28bfc2e0b23e

SHA512
a24ee66e4fef9bec45b6228b4ba26a5c64b9ad0a8783bc426803ae956078fc71c1b4ae50727c118d0cbd54b3947a904ad7ca14007d31a8d3492b363e195a9012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
0049d47f2de1116a6f47580f003170da

SHA1
fce400096933564bbeb84d29fcd29bcbb7a81e3a

SHA256
ee889ae366deff7fb7fb527f9428f72c7c9e072c353a57ca81c96423b7acd0c7

SHA512
169243a2322616ee1a408811518b4ddb70dec6149d0cf5022a113d249e8eec4881f2802902ea13986305997418893fa25fb183a6b614430c7c1a033bbf7db12a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
d80ac00dfb3daa86950b696d5d815947

SHA1
6746cd7c5f6aa452f1c0853c34dca1da988bdbf7

SHA256
8b1608bf5f30785ed6685e1f9ddb5abd9017419df24169745f373b12fd5abca1

SHA512
47a742462746d1468b6f1cd2c6a12db23e5537008ed75297250a8ba0fd7111f4a77e1426062391977f290827c2888ae1dd9f36a5b9d43666d054134d5a9c495b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
6cf19c443fac4f0581de5709d3e73c25

SHA1
abfe03af26309d6c0626025a70e32fea162f00c6

SHA256
2d5015cc62ad3f968acacac13d25bd3e92634ca2e5bbf136cb0d3f13c46ce778

SHA512
beab8a1f433cf2ecdc0bdd9adc136b50ccd444394609960c0e1d380c43a29c3507ad92387b16a3d90624af54e14b721b5f050adf0883c87df5e9914d2f00f938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
36a3c79aaece204cd00fd53dadb5ea1f

SHA1
5fb4b84c0dfc8587f72cef136a4904a0c830d337

SHA256
14a16da4f48c2a0796635abc1af881832b6ebf49892395ea20dd48848458bfa5

SHA512
2e517f5aa9ef67aeabab3a5cebcb0a94bbd2ea2f2c94abce746de8bb29766bf467b5f2255e3eca4d7ebd02706fd8232ddcbf05525ac06b4f4dbbd2ead424c745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
89d41aa7187a5d6973884889cd5c57b4

SHA1
6a41171e090868049eb0ce3dd61a6f15e15d007b

SHA256
1f0e87d0d0f0acc7d398a6dc05409cf7d284f228a1466134cf32ac24cd632121

SHA512
7f63aae1c7966268a90059459153f4f8d6a618b418e342efeea2caf90b392e33593978ba15d4c8ae48534b581171417221efb9ee6cba0ba9a772e58f4e351108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
daa0b5a5ce2298e570870eb98da60037

SHA1
22ba5bc4273d6a045b2b63a62504bee5688bc00b

SHA256
18a900ac167e02eda03c60208b4acba50bc531e2d858f67b18d6fbe1e7df1e6e

SHA512
7db8fc9336b1eb4a03e49a118199ca8bae32b8169303e2fe5a74a416ef0fb7fb62fedb10fcce1d1494050207a9a740e749ac084b870ea68594c35dfd56ec864d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
cad5cdce3798ff0a908d8e5a5a8d3eda

SHA1
236a459b7feaaa62b1e4fed692a6b2a4113cee67

SHA256
8de7accbe51bd54c83f8b440b34b6b18a89d3c7d390ec196a68c5ace53b76e33

SHA512
8967b9a806bd763bc29404f0924034082f25c22f6535139907ca1125a76cdb83c4be5b808178ce4329053b73c2b19146df5a4e2bbe8c20d2ce79de80018fa708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9771437f2593549a94eebd0ee9465677

SHA1
3a0443113a1a76b8d91c842bb9e0967e8b32c81f

SHA256
756a85a7921db8a155dc91cb13d75b55e26648e1caacc05acf55d59d005a576c

SHA512
b9f0513901d899941cd33a85c0933336cbb82be3d33f0ce837ba3ede5f7c3e0a9aa17475373aa3ffe98180a9382e2cc59e32bc4465253652f4262ee7fa7141ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8c6c25c8cbbbf7063eda51c01d4ff281

SHA1
838ba54cf2ff1d6020c772818a269a61de83b489

SHA256
fe9d3ca2096e27e7f3729d18d72c4f4b0d5fdc3c9c28fd3217ee65c69de0c9e9

SHA512
41f0c5c310091600ec060c8d08c4a8a19028e149f259577a9446ddd23286ba839a34bb848d75f0cc97fa4e1a9f5ad9fee467afbf5d3295c1d3604dadf48833f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
7614a9e8cf90f0cab88ccf6d4b247b5e

SHA1
12cffa37b006690a6a93d6d97624c17b699c3fe9

SHA256
fd52dbb2a72c0ef04dff4e872865d5de0e01e06440bbb309082172fb7715cb9f

SHA512
70360f81fffee2a011d34c05eeef95df46825f63188508cb8e1128fea2f299bb0c3f9651af77753bbdb804f277733ccbe402bd8fb142bec8952a3326d206235b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f2324a99990e47d59829ead148c8669e

SHA1
6530d6f1c461081bec5ff2a724072a4d85c943c3

SHA256
73290d06203a042a4c532ba62e2ad9dddb2d63e02b1ec23fcb061c7a36c9973d

SHA512
c9c943acab2ed4af6fe76f65892f7031c1d7100e0279a4c10789cbf07114ec7228d422c0ad8eb75beae68bd72712877490728613f8e697775dbac63636e8d728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8891c38555911a0d6df48c821aa7b11b

SHA1
ee1f584fbd358e87b048cd0fbd71fa8f74ba8be4

SHA256
a3ac047e049424b6ed94ee210035d9780fc3eb80fa932cec8a64e54db15592cb

SHA512
5469872a9c01fbfa397e0df6247cca0608b653a284a96645a17978eea959c05b4ef2ae404294edc5aa24246851aa8d927e6ec1f0b00a948dbe4aa743e5f789a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2ab566f764e891b71ff5f107d5bd5024

SHA1
e2c778eb2c2ddfa2c1b80740611c8ba358dafbb0

SHA256
09630b02b0eb4d771448ccc09b2073f478382fc3bd83da09639aa592b0900420

SHA512
65c93511d3c8418e71e1a93578e89a41f4e8fea5f95b64ce9c7050d34413cba928d298635db50cf7ab017c1f43dd66e6ae8acd401dd8385e81248e1ad764a3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
60ceeaf9aa9cd11d123bea4dcdc68bf5

SHA1
dddc7b726daf251b4bb4d04dc89319d54b03e4be

SHA256
24ac01719579e360d5157cd8f1c394a9b120a10103714b2226704d9cc173e2c1

SHA512
d84a5c3b268129d4819a3b7c198d522f37be7aa4f8f68c6d25b58f45b3395ca32def9d5826cb98a63372c24ce655513084dff259ddb2f15f63ca5c70f381c8ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
69620cd7dc4b7881b095454c57a3c6b3

SHA1
34082ff2571e3c5345988bb39569abc88c43ecd4

SHA256
0b4e3bd8c3de902a3e8b33bf09d8caa476e5cb18986270675c395cd507936fd5

SHA512
4ec6b2f9d534307c31d1b5185085d9e0be14ccd6cf634c82b490b501050eccd498177187706cd243bac8a41f9851c1591dbdab51af99e521995b7c41db966028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
c95c2637b73653c0705a5c9403735ffb

SHA1
a3e8dfe440a0749476506627ea126a698a5209f7

SHA256
c8500d074548e0984dae0ebdcf4d7672ce8fdf8544c360291a11204bb3b5de03

SHA512
4581eea5cd7bd20b814cab62e284430280201943cd4161a7765ccf20a7d0bd57f24ccc0842133e82665bef9a9cf1498351b81b1c33eca50e1af1b8016a297160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2294f34412ecd56f090eea5bf888a648

SHA1
c0e8e63a1dc4291d86285a2f81837c9496add3b5

SHA256
5ea93a15ea21488be86b0d60d56595977b56fa819e8deb60812627d83c12b011

SHA512
ac11aa55b5578b88e4c12487e2fe2bb6d485be5e4aa1e22d2291057cc0e4ca5856cf8654985afce00d17eeb03dcd8ec839f734866ad95eb9844475d51f91ea3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
4dc19c88d7b9c860b7fa68a21098fde1

SHA1
91f2b603cfc38f40f70045610c6b436e2c173d10

SHA256
64b8fc71cb8db3b6d32055c3e5d7335eafb7ae4f6cc4606ca9827cad40207cff

SHA512
800e82c43e4ef6cd0da2f246770428d4fd735e1a2dffbc1ddf1fc1bb99dd581115a7168c08f03b53aba6bb90ccd77dc5a53ef3161c2765a0119458cd6e582968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
75KB

MD5
9996ef9b78173cb11548391d1542ce12

SHA1
355bc1c41592e9ec92274720a2919fa4444308b5

SHA256
b829f6ee2f28716c3c2721066db5c28413b8ad27b47a43b110eef578b998b1d6

SHA512
ca2cd985ab8bd8c5dc43930fea6ca1a34db9c70546836d972d42d0d3ca988edf5812c2596b8438eaef133e929ed1eddebc74ed91053a3adcb252c5bb380b83f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
726036832612073cfbf0e8fb9e3606b5

SHA1
1ede5ddecea944638ecdf32e1e815c8a04d4bf0f

SHA256
5528e17e6fa8ea52474c13dbe7309aef84da95e90d2df382863d1fb02c548c35

SHA512
029ba2b654e92b8859e3c76bdb361ec4fd110b870c2e3ed3de2958a61ff56d1d73d50bddc7274819d4285bebc5796e30d99115e26859c56fe7c3e63f98e90643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
112KB

MD5
c6261cc9df4c893b7d1b2fca7d41f823

SHA1
b0588934bc6d821ce1720c6ecfb8cc0b2cbb05ea

SHA256
6f6e6b44f6f7407e9038841a429847f9dddfc574668578f08bbf4dcfccb1cc9e

SHA512
8744de842c3ee71cd6ed6c4a53391542774af8b0659011016108a4312b2d2b07cfb683d165c24dd348730264936ac2470e82545322370e390d0a0c7adf6a43f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
102KB

MD5
556aaedc4ed2e72771d959fc2e1fb39f

SHA1
b2397db4f0968fe82ba494fcd84c65dcc496b284

SHA256
6891ddcd463bdc7eb79e66a04b2098d535b9dd20389538de5c234913d0c159d8

SHA512
c2bdb8f4f3dba22ce4050a2707395d4950219f34ef0ce4dfc3cfe640f2070bf18ed4d91ae6264280f1deaabbe0cc68ab6f3e86b60f24b7279cd471f1b47c940f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5762d1.TMP
Filesize
96KB

MD5
6f3e367fe139af06319eef0197a829d6

SHA1
3164438b0cdf19480b98e2d237a5f43548ef6b89

SHA256
553e163adf811fef2de2d3808c99ad2115f442d15a65dfe9b2a33adec47b1c37

SHA512
c05d30e25d5f4641711763db8956e1daa4a7591c4706c6a4d24ce2d57a95ee52e47b1305862593698d2b6634367610f89c1ce20cb839795f99a76a6d1ddba9a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log
Filesize
2KB

MD5
41a2e77a29628bbb8e45f0c1f25c3b29

SHA1
24d4948dd26c2d8c7e53b112529c4f6e6a9fcd92

SHA256
7384160e534526d57ad8c778c066871ad70548d86c92e79256898fa334833367

SHA512
79ec5caf249b1c3be2357bc2968e62a0a1c709045950c2dd8895dc5c79cbedb0f1184e5da533c6dfb2dbfadd6bffbd32684cf703d424f6e4b8ecf93212d2355f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a2ef74c-4e0f-4307-adc7-7c35934a084f.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7020a54c7ceab6a26cac00cc16fa7a2c

SHA1
262db16ad52e6115089c7a7067d38eafeb059fda

SHA256
85273c917d3fa3c99a6bf65b61db2828b7969761aa56946a32536e9d2cd6f1c4

SHA512
04ca30f41b697a6b3c0edff1146a9c54c58a0990f24b27350bb420e8d9894931410a3b2d45d41b78c5f61387db20f7b132b2465be1b511acb1850a5ea369a0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5d86f5.TMP
Filesize
48B

MD5
8d6a0c8fd6c700f9b623e09fba20bb0a

SHA1
7c0f8c2f85e8994b52fbeb19b778a36776d406e9

SHA256
d9add4e5e3de1a226dc47bbcdbe27bcde20b4f669e1752084e142aea06d5538d

SHA512
f2f0a548ab832085b867125260517cc245864fad5235c78180b65125580970906e3ee1703f41cf9be06cf98cf76873abec30628244b039ec9d8217734791394b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
a4ced6aefd9c925ef2eddc894498a3a6

SHA1
853369db7b89bd73a73c91eed7fdd6835a166949

SHA256
6296cfaa57c880b0efdecef8e6200a24c39e0e6bede1ced5e1abf84994c90370

SHA512
42318a6755f9a39560d578521ed2a63875d2710484b8a5a1180017d872c3762b93986e1953ac7f8f6ec9d31080d40eaa9ef936c8521b301b0edd4528270f209f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
401B

MD5
61c3aa7730a427cd6b737cafcbed04cc

SHA1
e9969aad7c289a0fda01b4bb227a650a83dd6fbc

SHA256
437f73c9111e90a1774a7cbc274c49c401b3c673e185f021c3cf916f7cd50d56

SHA512
e9d637a00aff628eba3932d6f2a47f1e33139c35ae0af6495599a96046781696429fae25f53cebe09ceacc24e0c8331227be6109e2b578506f34bb87dc96a8da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
8bdfccaa2b6d95c30c32d3e8c5a41abd

SHA1
3efb2019e6ff64c0e8d282f7f99cee077d4db6de

SHA256
31fb71dfcbe7c14b5f28f62c68fdabd7f68ddd58efa831d0290d573fdd005a01

SHA512
761f8f9da8b1771eb6ea3a11b457827e941398621d8b9c51dd09fbb8f62e656952ede66f8c73500bd678e4137849fdcc56f620ff91794f050165e03afd167514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a66f45e95b1c0e8e8f52ac9e859338ec

SHA1
c3fce02a5f9f62145fce8894e9d7006019c07622

SHA256
06a0c0030f2f0e4c87d1b294af8f4b8d1ac4593cf0943b2fcf666705f09aafb3

SHA512
1b6ce4da3ca9ffac36d2985f62ba0a9ed6d30931c8a02531f64e46a33e152a7555fb154132c13472943ce2fb51eef55186a5780bb7c1dfc941b53cb292d7069f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
755ca04b756370f7400bad003729b9ef

SHA1
9df63ebdffbb0d6fb6ced4e7761b947bf4797a8e

SHA256
74368784d169da0bfa7735e1e0aaaf36ccb8cdc18c0915355ced5adee52652e9

SHA512
7c2725a0288f2553a5d6c59000bc5f58c5f751fb1ebf4d9e460a68c8de438d269eca783e80d28c23cdc49deda762bf29cc9105db4aabb3aad048ee3e52a7c039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
52a3982208a5b56c82bd27e8f7fe686b

SHA1
8c9122471a9f72236242f80bc0a958ea64c68c80

SHA256
03fb65397cd1401769d9c17d5b31fd0dcf79f8c81967c6ca4282a4c307229e82

SHA512
cd50e05e9d0bc66541324f3ccf2408740b8d84711d484030b9ab40c8ff29bb6b4c9ca37340deb25c8f0582fb37a720a11e3f3c8ee2c251c748b1e4a5c764a797

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
Filesize
76B

MD5
0b90c6926befa5dbf6d2d8d97e650ea5

SHA1
0c8e2327f01a4c6455a42d5f18e56242d2658082

SHA256
18fc2d9a4c3405043bcd54b2c8193f1fd110a531b83177b168ba3d25bac8ed11

SHA512
24da3d6bddf930d80e04798f5fe60db73748eeeae8238de5bb5a5b7d98df73d66a456159be819d574d5ff5fc6f0663c57ea3044892b810549c26aca168ce8491

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.8MB

MD5
1f4c7ac0f30d95edbe542b77bbdb5ed2

SHA1
f95163ed631e57fc478fa74f5d31ca5106b5c95b

SHA256
6d38745793e383f922f90719d5a9444ddaf9d8a25ae7ad83450a58e4564fe41c

SHA512
e9b9aab1dfbef58a1bf6228e3e820f5b8673c73d53ea28b1519f1ba66fe9dab7c8dc3ba78315e73cfc7f28fce04167c6c4badbf191d9ee5df48d306483d7238a

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.8MB

MD5
1f4c7ac0f30d95edbe542b77bbdb5ed2

SHA1
f95163ed631e57fc478fa74f5d31ca5106b5c95b

SHA256
6d38745793e383f922f90719d5a9444ddaf9d8a25ae7ad83450a58e4564fe41c

SHA512
e9b9aab1dfbef58a1bf6228e3e820f5b8673c73d53ea28b1519f1ba66fe9dab7c8dc3ba78315e73cfc7f28fce04167c6c4badbf191d9ee5df48d306483d7238a

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\WeMod-8.5.0-full.nupkg
Filesize
98.1MB

MD5
660861f1171364698499519c06c22d57

SHA1
30142d06e585bfc832f7fe2b9afbb933f928ac6f

SHA256
4fe7046f9e17618013c0f8038d607ddac3738cf814ace553724bb20a24e4a34c

SHA512
1bc16c595db7f6b7408de8d46c8ba0f2a7869442875624f530ca13c8685c5ddcbb8448c738f1c97c0f2905dc9383689fb7351e4f55df646fe552de664e1a4c6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638148498606754183.exe
Filesize
98.9MB

MD5
0a79ca5414d0b397ed93437a694622bc

SHA1
882ce3a09f39a9f2b72b7187d92d37fb9d7de57a

SHA256
af93691dcdacad747705b4fd30685b2a3c87edaf30b95db44151905678e3c934

SHA512
8d8abe9214e1fd4cbdccb5d51e0b19be6767b915a44aa15dccbfe3770a07cb6d806a35b7ac0cfeb276b21e15189869ac02aaf5938e42e3dbd931c89c81e21dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638148498606754183.exe
Filesize
98.9MB

MD5
0a79ca5414d0b397ed93437a694622bc

SHA1
882ce3a09f39a9f2b72b7187d92d37fb9d7de57a

SHA256
af93691dcdacad747705b4fd30685b2a3c87edaf30b95db44151905678e3c934

SHA512
8d8abe9214e1fd4cbdccb5d51e0b19be6767b915a44aa15dccbfe3770a07cb6d806a35b7ac0cfeb276b21e15189869ac02aaf5938e42e3dbd931c89c81e21dac

Download Submit
C:\Users\Admin\AppData\Local\WeMod\Update.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\WeMod\Update.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\Update.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\D3DCompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\Squirrel.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\chrome_100_percent.pak
Filesize
126KB

MD5
44a69827d4aa75426f3c577af2f8618e

SHA1
7bdd115425b05414b64dcdb7d980b92ecd3f15b3

SHA256
bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

SHA512
5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\chrome_200_percent.pak
Filesize
175KB

MD5
9c379fc04a7bf1a853b14834f58c9f4b

SHA1
c105120fd00001c9ebdf2b3b981ecccb02f8eefb

SHA256
b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

SHA512
f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\d3dcompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\icudtl.dat
Filesize
10.0MB

MD5
cf9421b601645bda331c7136a0a9c3f8

SHA1
9950d66df9022f1caa941ab0e9647636f7b7a286

SHA256
8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

SHA512
bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\libEGL.dll
Filesize
377KB

MD5
5bd8277192fb288232de03f662ed0b07

SHA1
fe304b6b0b809fa8eacd8659c9dbf5439bafa8ca

SHA256
9c9fa0503e1c1fba96d5bd3a383216091b5df934df59daf8f965535cca2dd4d5

SHA512
c29e4352130167f167844f4ad3e3ee32a871fbdd2dd9ff92a9f0797af85ba97ec659e63eb5373f00152f1f2be64efbf26f779b51a51717b4be2b6f5225f5a4c6

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\libGLESv2.dll
Filesize
6.2MB

MD5
375ab4b0b81c8f408ba618f436734739

SHA1
c84064cacb3af0c83e7f393a09b4923587d75290

SHA256
d974356a5af23cf5fae75750f7ffa0833100ff59982c1b4c6589597e295cc999

SHA512
7e1c2e3e2e40439f5b3d312fb8b50e703beeb22d17b26fdf6ccaf672085b33679c20c84db4df829012466be56d020ccc6ff41c9770b159ad33d0c4f30d4b67d9

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\libegl.dll
Filesize
377KB

MD5
5bd8277192fb288232de03f662ed0b07

SHA1
fe304b6b0b809fa8eacd8659c9dbf5439bafa8ca

SHA256
9c9fa0503e1c1fba96d5bd3a383216091b5df934df59daf8f965535cca2dd4d5

SHA512
c29e4352130167f167844f4ad3e3ee32a871fbdd2dd9ff92a9f0797af85ba97ec659e63eb5373f00152f1f2be64efbf26f779b51a51717b4be2b6f5225f5a4c6

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\libglesv2.dll
Filesize
6.2MB

MD5
375ab4b0b81c8f408ba618f436734739

SHA1
c84064cacb3af0c83e7f393a09b4923587d75290

SHA256
d974356a5af23cf5fae75750f7ffa0833100ff59982c1b4c6589597e295cc999

SHA512
7e1c2e3e2e40439f5b3d312fb8b50e703beeb22d17b26fdf6ccaf672085b33679c20c84db4df829012466be56d020ccc6ff41c9770b159ad33d0c4f30d4b67d9

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\locales\en-US.pak
Filesize
302KB

MD5
3fef69b20e6f9599e9c2369398e571c0

SHA1
92be2b65b62938e6426ab333c82d70d337666784

SHA256
a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c

SHA512
3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources.pak
Filesize
5.2MB

MD5
f24c85d2b898b6b4de118f6a2e63a244

SHA1
731adfc20807874b70bda7e2661e66ff6987e069

SHA256
aca9267dd8f530135d67240aa897112467bae77cd5fe1a549c69732fdf2803c6

SHA512
b49f6a4eb870b01b48b4cfbf5a73c1727cf7847a9505f7c11ce6befdbef868484867f6e0ac66aea8177ca5cab2abba1cae5ac626a8e3f44fc001cac0fe820c61

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar
Filesize
6.5MB

MD5
b74477056326a2c0e27a0da6c25422af

SHA1
d8f501d8b4c485f46fae9d9f80c0a2bb2afa912f

SHA256
ae7368363955d479f3afbd0c0d00c3e22cb0f32fa6b2dcf1a782a94a3dc21df8

SHA512
49f7e52847906baa40ba282efd227a2a649d548cdfb42476a9020ae9ad53f308d8aa6d487a194b9208b83bcf545cbea7ae0d3bcd9b294769f132adfde140bd4e

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar.unpacked\static\unpacked\icon.ico
Filesize
279KB

MD5
34ee19ccd44f31cd831dc50920f19890

SHA1
24545d2f4741fb5a4649840486ffd3597b7ade5b

SHA256
136cf9b3a30268d1d439df7b9fd9104cb1d83be7fd2b562c3e9a47450ae0df3d

SHA512
ded8ade93c143dc8abc7a76b03b4015a8637b2ee13b85dd70655d5857289f19ebef76562eace56a3ad3c2418fab5305bb0b6cadd0a412ddb781b8f496e82c74a

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\squirrel.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\squirrel.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\v8_context_snapshot.bin
Filesize
590KB

MD5
dd9ca4878bba782613cba372de1c36f4

SHA1
2eefcb6fcaa4b2ed717c952895710be5701871a7

SHA256
ea33ca96024769386ae0ff100c2ae239507006d7340f1f8bbc5bcfb4195f9226

SHA512
0791d3827a6de5745d3424c562b16604cf311ed6fcb4cf62d2c7f54ec0b7f3535b1114e919d2ba6d144cbe9f45418a555ab3fd801078bd8d563a656796f5d4e6

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\vulkan-1.dll
Filesize
754KB

MD5
a6826e4c60449ca4b6f4f285ce981260

SHA1
c7134e9715c365154882108b9b45b99d6462b785

SHA256
a5267fd66fda82bc09aa71cfd7fa138e606178769548482fbff2fd0a80e4b795

SHA512
cb664e0b29185e00aff14167305db3e63a4e91a0053183d5463caa0d735250b57dc6a8412850b8a4ad2c2145ccb21423b22d0ce7e76e6a995e37f3af801f46d9

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\vulkan-1.dll
Filesize
754KB

MD5
a6826e4c60449ca4b6f4f285ce981260

SHA1
c7134e9715c365154882108b9b45b99d6462b785

SHA256
a5267fd66fda82bc09aa71cfd7fa138e606178769548482fbff2fd0a80e4b795

SHA512
cb664e0b29185e00aff14167305db3e63a4e91a0053183d5463caa0d735250b57dc6a8412850b8a4ad2c2145ccb21423b22d0ce7e76e6a995e37f3af801f46d9

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES
Filesize
76B

MD5
0b90c6926befa5dbf6d2d8d97e650ea5

SHA1
0c8e2327f01a4c6455a42d5f18e56242d2658082

SHA256
18fc2d9a4c3405043bcd54b2c8193f1fd110a531b83177b168ba3d25bac8ed11

SHA512
24da3d6bddf930d80e04798f5fe60db73748eeeae8238de5bb5a5b7d98df73d66a456159be819d574d5ff5fc6f0663c57ea3044892b810549c26aca168ce8491

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES
Filesize
76B

MD5
0b90c6926befa5dbf6d2d8d97e650ea5

SHA1
0c8e2327f01a4c6455a42d5f18e56242d2658082

SHA256
18fc2d9a4c3405043bcd54b2c8193f1fd110a531b83177b168ba3d25bac8ed11

SHA512
24da3d6bddf930d80e04798f5fe60db73748eeeae8238de5bb5a5b7d98df73d66a456159be819d574d5ff5fc6f0663c57ea3044892b810549c26aca168ce8491

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\WeMod-8.5.0-full.nupkg
Filesize
98.1MB

MD5
660861f1171364698499519c06c22d57

SHA1
30142d06e585bfc832f7fe2b9afbb933f928ac6f

SHA256
4fe7046f9e17618013c0f8038d607ddac3738cf814ace553724bb20a24e4a34c

SHA512
1bc16c595db7f6b7408de8d46c8ba0f2a7869442875624f530ca13c8685c5ddcbb8448c738f1c97c0f2905dc9383689fb7351e4f55df646fe552de664e1a4c6f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Network\Network Persistent State
Filesize
1KB

MD5
a6507b4499c3069b3dd067a07186d354

SHA1
d701ca57cae9af02d016a67786dd0d7c6f023b82

SHA256
708efaaaca8a6a03230d72ae190c28097241105881205749cb20f3d6f305d6b0

SHA512
cb873181cd6a90450a7fae35838ee8b7fb695200f36447bd9dbfa7c6fb691c754d85234586c68a96fff1661a70fee1711f7c72cf6fd89990e1d991f41690f24c

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Network\Network Persistent State
Filesize
1KB

MD5
70ac676a1a5c4cb6247cd463f19aa91b

SHA1
c4314b21409df8fe0bc689244b9c67ec00ab8036

SHA256
eff494d532ec599745255f4adb04523882a4bf123015cebf265f1f4b048a520c

SHA512
4c5ad38d5f28304821fb3becb21642fffa51520988cf4d31b204cfb6db0e8220c860720cc284b9bcc036c19ace04436bfa5e05593935c66321c43398a3503011

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Network\Network Persistent State
Filesize
1KB

MD5
b0984a2c2cadaf86ad9a551bbb9a588c

SHA1
cc4502b42d58026b3d76f30a7922e6a2c2125b25

SHA256
98f4c99d70aa4d03a7650b7fb084b1b16c58f249973a428516b520ee1eb65c40

SHA512
5280c7e963ee99105c47620f389593591c4df0d67bad1c063eace6fa657ae5eae3356eb10d89f352977b7bb8a3f300070518b596975b1e5da5f781a3da01ec4a

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Network\Network Persistent State~RFe5ae958.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Network\TransportSecurity
Filesize
370B

MD5
0b19c6802ade91d538fc90ed4ab76761

SHA1
9bdcf2478e7effbc648e16047736c885899ee50f

SHA256
c28b9acd7028ff5d5c7a80a56629f43dd84c379a40987221cd76ac54ce159ee3

SHA512
839738b53e27a6d7c38ed64fc455440942cfe7a1b67d25b44f82b9eed7297a00c3f4964809cc11d406944a2a0a2e1bdc490890382b84fc11760c96ebccf35073

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Network\TransportSecurity
Filesize
370B

MD5
22d62c9cba427f4688c2d8b66283ca26

SHA1
496b20fece6e04c84729980b2043844d761919aa

SHA256
f594bcd73a9220960e7c2ee7f3f4032d757543657fe96f0938e9cb1d5f2a4e5d

SHA512
042b24edbdebe25a7d82d5354b87396867938904343916ab4f07079fdfe2ce7d9f93e14d934bbff38f21e97ea7b7baa9a15473d88fd6dc6767b7a20644569b4c

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Network\TransportSecurity
Filesize
366B

MD5
29897356c6010bd2c0c9746eeb848857

SHA1
78d36967309d33b0e3ab1fe44959de7722c95867

SHA256
00100d2067d76ed208d07ceafa3448365ef5db4eb87c7992c2a4114bb016cf0b

SHA512
721da97279534fe7daf2e3d153f2e6b66d4eb40f5e0f5e6f986fe00d705fb18054161a11319412a32e9358ed47b2715695d8554bdba7b05fadf87dd3298cff3b

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Network\TransportSecurity~RFe5a8dda.TMP
Filesize
203B

MD5
7498f3453f920d16ecd6114bdca2a799

SHA1
475e776e1459f7c54e0969fede61288552e22bce

SHA256
2b4adee7611e24f88bf7b4d8f347ddccf089f629c06ab91d0765c1262e2cc98b

SHA512
f7b46b1e9e7b8254dee642e3429ce33d74a477a19235c34129e55b144a52884af7fbc755886e5b64801eab0eba19e02d5ba8d7747217e61effb9f764beb23ead

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
afc486a5bb9c89c4531ca8692f97741c

SHA1
62159cd0b25f437ac4be517802fc3f3ebb2e07b9

SHA256
4adae17d2339917efc8f2d0559904502cf94db2f8438eaad125bf687b0c2038f

SHA512
f117309608c6b704deff796523cffd0318411c9a512daf61691d719d34c74203d5b2eb00e814873ea8e6e031e9667433cbe6db50b6d493cb00ec1300954d9e7e

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Code Cache\js\index-dir\the-real-index
Filesize
960B

MD5
57af6776e70b35971030e0bbcb176f1e

SHA1
299fd6a7f456d1921ed58362c4c342696b0cecef

SHA256
590e736370f90c6ffc40f5f73ef8266953de759198d282f43a51b5a588b85927

SHA512
421687e2ab52469ce3fc89c360a4e918125361555da3b39560e81057c6840507a8391df5af858e3183fb194d26002ce7285cbc6b4c6c4910214db8dac80aa2bf

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\DawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\DawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\DawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Local Storage\leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Network\TransportSecurity
Filesize
851B

MD5
d7899cf821fcda3e3c3a69cffc9b2fb7

SHA1
1db5386d8b6dc771496b2f44de7ce874ee7872f7

SHA256
351cdc7850cd1ab16789db906ba46fdfcceb47cebea166c650eec4cb7e040614

SHA512
758c2845fd118180b50e0a2d70865c106b92e4fc761b9068e6fc0bdaae4906efe3081c256ab3352ab56e45995253e1d075fd77d1907c1627ea5a28bdbd257976

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Network\TransportSecurity~RFe5db113.TMP
Filesize
851B

MD5
712fcd69354047b17f1527143592e2d3

SHA1
cd4b95923e5c4c56d508785b97eb87b112c3d783

SHA256
2720225e8902119bb4ed98e2cffb5ee61c88f93d2cdb25a48d8df158006b0da4

SHA512
e1eead9475dde96780287479199c2f9fe8f26a551074358d4414cf94a77117b6f8be92f9d19dc96cdbd234e6c8824fc8fee888a908785b1484ccee3719e027c7

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Downloads\WeMod-Setup.exe
Filesize
141KB

MD5
31b6b4441d94707f30c74d21f09d75d0

SHA1
9ac55caf35df36deb66e34ac7d695e5dea1197a0

SHA256
b0a7e56b29a7a6ce994566e0092a95bc2311a33cdf0166b233938f53615ecd39

SHA512
3aa2e7f051186d7e6097b8bd2df5963ade4f9051ee06f3641cc3ad8c8258e8a52a7edc2adefdd862be83bb3ca4e293fbd10cfb9ef30d6a857c60bad2e9ebb1e2

Download Submit
C:\Users\Admin\Downloads\WeMod-Setup.exe
Filesize
141KB

MD5
31b6b4441d94707f30c74d21f09d75d0

SHA1
9ac55caf35df36deb66e34ac7d695e5dea1197a0

SHA256
b0a7e56b29a7a6ce994566e0092a95bc2311a33cdf0166b233938f53615ecd39

SHA512
3aa2e7f051186d7e6097b8bd2df5963ade4f9051ee06f3641cc3ad8c8258e8a52a7edc2adefdd862be83bb3ca4e293fbd10cfb9ef30d6a857c60bad2e9ebb1e2

Download Submit
C:\Users\Admin\Downloads\WeMod-Setup.exe
Filesize
141KB

MD5
31b6b4441d94707f30c74d21f09d75d0

SHA1
9ac55caf35df36deb66e34ac7d695e5dea1197a0

SHA256
b0a7e56b29a7a6ce994566e0092a95bc2311a33cdf0166b233938f53615ecd39

SHA512
3aa2e7f051186d7e6097b8bd2df5963ade4f9051ee06f3641cc3ad8c8258e8a52a7edc2adefdd862be83bb3ca4e293fbd10cfb9ef30d6a857c60bad2e9ebb1e2

Download Submit
memory/1012-754-0x000000001C9B0000-0x000000001CED8000-memory.dmp

Filesize
5.2MB

Download
memory/1012-755-0x000000001BF70000-0x000000001BF80000-memory.dmp

Filesize
64KB

Download
memory/1028-658-0x000000001C0C0000-0x000000001C0D0000-memory.dmp

Filesize
64KB

Download
memory/1064-622-0x0000000000460000-0x000000000063C000-memory.dmp

Filesize
1.9MB

Download
memory/1064-624-0x000000001BEE0000-0x000000001BEF0000-memory.dmp

Filesize
64KB

Download
memory/1660-512-0x0000000000940000-0x0000000000B16000-memory.dmp

Filesize
1.8MB

Download
memory/1660-517-0x000000001C310000-0x000000001C320000-memory.dmp

Filesize
64KB

Download
memory/1660-639-0x0000000001300000-0x0000000001320000-memory.dmp

Filesize
128KB

Download
memory/1660-627-0x000000001C310000-0x000000001C320000-memory.dmp

Filesize
64KB

Download
memory/1908-761-0x00000190CD130000-0x00000190CD220000-memory.dmp

Filesize
960KB

Download
memory/1908-763-0x00000190E83D0000-0x00000190E83E0000-memory.dmp

Filesize
64KB

Download
memory/1908-762-0x00000190CED90000-0x00000190CEDB2000-memory.dmp

Filesize
136KB

Download
memory/1908-775-0x00000190E83D0000-0x00000190E83E0000-memory.dmp

Filesize
64KB

Download
memory/5008-451-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/5008-493-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/5008-499-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/5008-497-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/5008-496-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/5008-495-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/5008-494-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/5008-448-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/5008-492-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/5008-491-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/5008-481-0x0000022300000000-0x00000223007A6000-memory.dmp

Filesize
7.6MB

Download
memory/5008-446-0x0000021AF8020000-0x0000021AF8046000-memory.dmp

Filesize
152KB

Download
memory/5008-447-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/5008-498-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/5008-450-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/5008-449-0x0000021AF9C20000-0x0000021AF9C30000-memory.dmp

Filesize
64KB

Download
memory/8072-1049-0x000000000EBF0000-0x000000000EBF1000-memory.dmp

Filesize
4KB

Download
memory/8072-1039-0x000000000EBF0000-0x000000000EBF1000-memory.dmp

Filesize
4KB

Download
memory/8072-1038-0x000000000EBF0000-0x000000000EBF1000-memory.dmp

Filesize
4KB

Download
memory/8072-1040-0x000000000EBF0000-0x000000000EBF1000-memory.dmp

Filesize
4KB

Download
memory/8072-1044-0x000000000EBF0000-0x000000000EBF1000-memory.dmp

Filesize
4KB

Download
memory/8072-1046-0x000000000EBF0000-0x000000000EBF1000-memory.dmp

Filesize
4KB

Download
memory/8072-1045-0x000000000EBF0000-0x000000000EBF1000-memory.dmp

Filesize
4KB

Download
memory/8072-1047-0x000000000EBF0000-0x000000000EBF1000-memory.dmp

Filesize
4KB

Download
memory/8072-1048-0x000000000EBF0000-0x000000000EBF1000-memory.dmp

Filesize
4KB

Download
memory/8072-1050-0x000000000EBF0000-0x000000000EBF1000-memory.dmp

Filesize
4KB

Download