lumma | 336cd19c7a8b2f3ca8caca28150974099e524cea2fa8f08de617695cd8e903ec

Analysis

max time kernel
798s
max time network
801s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

STAR WARS Jedi Fallen Order Trainer Setup.exe
Size

141KB
MD5

25a9688348b8a423b6459a62f013f9b2
SHA1

cd41c84250757633ee4a2802ed447eb98719bfe4
SHA256

336cd19c7a8b2f3ca8caca28150974099e524cea2fa8f08de617695cd8e903ec
SHA512

909b3b12374f550dc87df2e590c07925816a0eee40bc5d04ddfedb4bf7f5d5ac671c4e12786e86d6c41335590a4ef881a4c3cd200eb53d9e6a2ed294299bbc15
SSDEEP

3072:Bojm4ILlCI+4COHCyhaEtHZkOpk97oc4ILlCI+4TOHHSafx:Bd+bwaEtHLhiHt

Score

10^/10

lumma discovery stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Update.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeUpdate.exeSTAR WARS Jedi Fallen Order Trainer Setup.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	WeMod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	WeMod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	WeMod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	WeMod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	WeMod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	STAR WARS Jedi Fallen Order Trainer Setup.exe

Executes dropped EXE 15 IoCs

Processes:

WeMod-Setup-638159644832604276.exeUpdate.exeSquirrel.exeWeMod.exeUpdate.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeUpdate.exeWeModAuxiliaryService.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exe

pid	process
2664	WeMod-Setup-638159644832604276.exe
3096	Update.exe
4644	Squirrel.exe
1628	WeMod.exe
972	Update.exe
4936	WeMod.exe
3772	WeMod.exe
4620	WeMod.exe
1000	WeMod.exe
4300	Update.exe
5044	WeModAuxiliaryService.exe
4408	WeMod.exe
2424	WeMod.exe
5116	WeMod.exe
4640	WeMod.exe

Loads dropped DLL 15 IoCs

Processes:

WeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exeWeMod.exe

pid	process
1628	WeMod.exe
4936	WeMod.exe
3772	WeMod.exe
4620	WeMod.exe
3772	WeMod.exe
3772	WeMod.exe
3772	WeMod.exe
3772	WeMod.exe
3772	WeMod.exe
1000	WeMod.exe
4408	WeMod.exe
4408	WeMod.exe
2424	WeMod.exe
5116	WeMod.exe
4640	WeMod.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WeMod.exefirefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	WeMod.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

STAR WARS Jedi Fallen Order Trainer Setup.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "34"	STAR WARS Jedi Fallen Order Trainer Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\api.wemod.com\ = "34"	STAR WARS Jedi Fallen Order Trainer Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DOMStorage\wemod.com	STAR WARS Jedi Fallen Order Trainer Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	STAR WARS Jedi Fallen Order Trainer Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wemod.com	STAR WARS Jedi Fallen Order Trainer Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wemod.com\NumberOfSubdomains = "1"	STAR WARS Jedi Fallen Order Trainer Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	STAR WARS Jedi Fallen Order Trainer Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Software\Microsoft\Internet Explorer\DOMStorage\api.wemod.com	STAR WARS Jedi Fallen Order Trainer Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wemod.com\Total = "34"	STAR WARS Jedi Fallen Order Trainer Setup.exe

Modifies registry class 9 IoCs

Processes:

WeMod.exefirefox.exemsedge.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\ = "URL:wemod"	WeMod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\WeMod\\app-8.5.0\\WeMod.exe\" \"%1\""	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\shell\open	WeMod.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod	WeMod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\URL Protocol	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\shell\open\command	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\shell	WeMod.exe

Modifies system certificate store 2 TTPs 21 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

WeMod.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	WeMod.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	WeMod.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 19000000010000001000000063664b080559a094d10f0a3c5f4f62900f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070301620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee404000000010000001000000091de0625abdafd32170cbb25172a846720000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 5c00000001000000040000000008000004000000010000001000000091de0625abdafd32170cbb25172a84670300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e3620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae409000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877619000000010000001000000063664b080559a094d10f0a3c5f4f629020000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	WeMod.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	WeMod.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	WeMod.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 04000000010000001000000091de0625abdafd32170cbb25172a84670300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e3620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae409000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877620000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 0f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070301620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee420000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f	WeMod.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	WeMod.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

Update.exeWeMod.exemsedge.exemsedge.exe

pid process

3096 Update.exe
3096 Update.exe
4408 WeMod.exe
4408 WeMod.exe
840 msedge.exe
840 msedge.exe
4404 msedge.exe
4404 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

4404 msedge.exe
4404 msedge.exe

pid	process
3096	Update.exe
3096	Update.exe
4408	WeMod.exe
4408	WeMod.exe
840	msedge.exe
840	msedge.exe
4404	msedge.exe
4404	msedge.exe

pid	process
4404	msedge.exe
4404	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

STAR WARS Jedi Fallen Order Trainer Setup.exeUpdate.exeWeMod.exeUpdate.exe

description	pid	process
Token: SeDebugPrivilege	1044	STAR WARS Jedi Fallen Order Trainer Setup.exe
Token: SeDebugPrivilege	3096	Update.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeDebugPrivilege	4300	Update.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe
Token: SeCreatePagefilePrivilege	4936	WeMod.exe
Token: SeShutdownPrivilege	4936	WeMod.exe

Suspicious use of FindShellTrayWindow 12 IoCs

Processes:

firefox.exemsedge.exeWeMod.exe

pid	process
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4936	WeMod.exe
4936	WeMod.exe
4936	WeMod.exe
4936	WeMod.exe

Suspicious use of SendNotifyMessage 8 IoCs

Processes:

firefox.exeWeMod.exe

pid process

2264 firefox.exe
2264 firefox.exe
2264 firefox.exe
4936 WeMod.exe
4936 WeMod.exe
4936 WeMod.exe
4936 WeMod.exe
4936 WeMod.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

STAR WARS Jedi Fallen Order Trainer Setup.exefirefox.exe

pid	process
1044	STAR WARS Jedi Fallen Order Trainer Setup.exe
1044	STAR WARS Jedi Fallen Order Trainer Setup.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

STAR WARS Jedi Fallen Order Trainer Setup.exeWeMod-Setup-638159644832604276.exeUpdate.exeUpdate.exeWeMod.exeWeMod.exe

description	pid	process	target process
PID 1044 wrote to memory of 2664	1044	STAR WARS Jedi Fallen Order Trainer Setup.exe	WeMod-Setup-638159644832604276.exe
PID 1044 wrote to memory of 2664	1044	STAR WARS Jedi Fallen Order Trainer Setup.exe	WeMod-Setup-638159644832604276.exe
PID 1044 wrote to memory of 2664	1044	STAR WARS Jedi Fallen Order Trainer Setup.exe	WeMod-Setup-638159644832604276.exe
PID 2664 wrote to memory of 3096	2664	WeMod-Setup-638159644832604276.exe	Update.exe
PID 2664 wrote to memory of 3096	2664	WeMod-Setup-638159644832604276.exe	Update.exe
PID 3096 wrote to memory of 4644	3096	Update.exe	Squirrel.exe
PID 3096 wrote to memory of 4644	3096	Update.exe	Squirrel.exe
PID 3096 wrote to memory of 1628	3096	Update.exe	WeMod.exe
PID 3096 wrote to memory of 1628	3096	Update.exe	WeMod.exe
PID 3096 wrote to memory of 1628	3096	Update.exe	WeMod.exe
PID 1044 wrote to memory of 972	1044	STAR WARS Jedi Fallen Order Trainer Setup.exe	Update.exe
PID 1044 wrote to memory of 972	1044	STAR WARS Jedi Fallen Order Trainer Setup.exe	Update.exe
PID 972 wrote to memory of 4936	972	Update.exe	WeMod.exe
PID 972 wrote to memory of 4936	972	Update.exe	WeMod.exe
PID 972 wrote to memory of 4936	972	Update.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 3772	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 4620	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 4620	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 4620	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 1000	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 1000	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 1000	4936	WeMod.exe	WeMod.exe
PID 4936 wrote to memory of 4300	4936	WeMod.exe	Update.exe
PID 4936 wrote to memory of 4300	4936	WeMod.exe	Update.exe
PID 1000 wrote to memory of 5044	1000	WeMod.exe	WeModAuxiliaryService.exe
PID 1000 wrote to memory of 5044	1000	WeMod.exe	WeModAuxiliaryService.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\STAR WARS Jedi Fallen Order Trainer Setup.exe
"C:\Users\Admin\AppData\Local\Temp\STAR WARS Jedi Fallen Order Trainer Setup.exe"
1⤵
- Checks computer location settings
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1044

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638159644832604276.exe
"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638159644832604276.exe" --silent
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2664

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent
3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3096

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\Squirrel.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
4⤵
- Executes dropped EXE
PID:4644

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --squirrel-install 8.5.0
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1628

C:\Users\Admin\AppData\Local\WeMod\Update.exe
"C:\Users\Admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://titles/36630?_inst=uEUkR6DhRtf5Kszg"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:972

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" wemod://titles/36630?_inst=uEUkR6DhRtf5Kszg
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1696,i,10697297660135909265,4261850769444111865,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3772

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --force-ui-direction=ltr --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --mojo-platform-channel-handle=2104 --field-trial-handle=1696,i,10697297660135909265,4261850769444111865,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4620

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2480 --field-trial-handle=1696,i,10697297660135909265,4261850769444111865,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1000

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe WeMod\Support_1680367789338_Out
5⤵
- Executes dropped EXE
PID:5044

C:\Users\Admin\AppData\Local\WeMod\Update.exe
C:\Users\Admin\AppData\Local\WeMod\Update.exe --checkForUpdate https://api.wemod.com/client/channels/stable
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4300

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1340 --field-trial-handle=1696,i,10697297660135909265,4261850769444111865,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4408

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2704 --field-trial-handle=1696,i,10697297660135909265,4261850769444111865,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2424

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3980 --field-trial-handle=1696,i,10697297660135909265,4261850769444111865,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/app/1172380
4⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffac2bc46f8,0x7ffac2bc4708,0x7ffac2bc4718
5⤵
PID:3092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6326271587444488134,9720026840209553639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
5⤵
PID:2148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6326271587444488134,9720026840209553639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6326271587444488134,9720026840209553639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
5⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6326271587444488134,9720026840209553639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
5⤵
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6326271587444488134,9720026840209553639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
5⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,6326271587444488134,9720026840209553639,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3924 /prefetch:8
5⤵
PID:4340

C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4428 --field-trial-handle=1696,i,10697297660135909265,4261850769444111865,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.0.971231909\46576622" -parentBuildID 20221007134813 -prefsHandle 1832 -prefMapHandle 1788 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bb5bc76-bd83-4bff-aa4a-edacc9d737e3} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 1916 25c42b16b58 gpu
3⤵
PID:2080

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.1.861352719\1608732379" -parentBuildID 20221007134813 -prefsHandle 2308 -prefMapHandle 2304 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5508b94-1d8b-4da2-9c15-35f4dbaa1303} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 2320 25c34c72558 socket
3⤵
- Checks processor information in registry
PID:2884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.2.1888589332\2027141622" -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 2712 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {277db32b-ef32-48e1-a49b-3f701fabe59a} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 3180 25c45832558 tab
3⤵
PID:4996

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.3.1721805591\207712569" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 2480 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {310a853c-2f6d-4710-a3ef-546d591da3b8} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 3416 25c34c72258 tab
3⤵
PID:1816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.4.1350663722\180179475" -childID 3 -isForBrowser -prefsHandle 4136 -prefMapHandle 4132 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f5330c3-dc0b-42da-a55f-975cccd23f89} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 4148 25c442a4858 tab
3⤵
PID:2816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.5.1707455176\1863051821" -childID 4 -isForBrowser -prefsHandle 5080 -prefMapHandle 5084 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f6f004c-06b8-477c-a6b7-b14c6b78f939} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 5060 25c47f93658 tab
3⤵
PID:3216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.7.1452629672\911670695" -childID 6 -isForBrowser -prefsHandle 5340 -prefMapHandle 5344 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {709981bb-4cfa-4dc1-b4a9-04f30c0531f3} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 5112 25c47f92758 tab
3⤵
PID:4644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.6.915387782\1033540971" -childID 5 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {169577cb-be73-490a-bf85-c509e0a056b0} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 5124 25c47f91e58 tab
3⤵
PID:3508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2264.8.1797130104\1685728711" -childID 7 -isForBrowser -prefsHandle 5828 -prefMapHandle 5824 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfc363fe-9849-4f8d-b7b3-d5b58eb5a121} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" 5840 25c4a430c58 tab
3⤵
PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2216

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x388 0x48c
1⤵
PID:4988

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
f38abed7c0362f77808f7e0c5aedc8df

SHA1
05a2c55fb82ad1d549eb808aad79afcad8d435e9

SHA256
8f39ee855dfc4b0a19406c5a3109222cf09fe1abf3a56577e8d0eb29fecc9c20

SHA512
61c03bb4556d0232eb0f2311cbe8391958e8cf7b5c7c111851ec30ea883881a4d853536d05a29e2c19bacda9a4f34434279af7548bde15b9cb2850170e9b0b78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
1KB

MD5
b6f26e04f86e4b1d4e2def7a28500064

SHA1
9209c2f1e0693ad71111fbe48f540503658cd7fd

SHA256
51cdbefe064909d87a8e1d4acce253c710ac15c670f49f389fd083c57b49de20

SHA512
45f95d822ff7303badb5b3dd4c6a89480c17887fb1d61fdcdc71c0e9723fc598248eb41e34f12ab23e735d3441a21ad295a408a3367c9b59bea6782732a39d44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B3B43EFEA847E61D714C48920995E508
Filesize
472B

MD5
5b6731341a66be32757ea461f5bd605a

SHA1
f9a017cd1195d1eafb3839a899baf75f2e71958f

SHA256
4bda8352f303d3fb71b8c4b2ecc9fbe75dcfc91dd2232260afb1e37ebbf139fb

SHA512
fdd9cb99424da1f17facaf152cc0950f8ae76b35d0cb146c1c1e238575245da6c3df9b01b92b824f3972146d6c9621ff1735f20f9cf00cc33db2ae60cc5e5751

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
4a75729117a450cc77017212b960705d

SHA1
b72500b762f4e9b050a6e786fd73052b3f5ee7f2

SHA256
f9e0ab8fb4322381476cc1237f777f91b00b68c675619105a3b8831873b51e36

SHA512
7e4fd32c5474a8bb2a1ca885a9a85d51e8ec515fdfa74adf35aed83dd6c5fcb29ef512a244a955c85987e9da6b553d91efd8e28b153d9ee92b681559af228d4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
438B

MD5
6e890b946b60dd1154026617a3b4f66e

SHA1
b70cc43d6d3d592153c030a03115d610c07b0264

SHA256
26a402ed84b76011a8de422e5f016135f92c204e71791d931226d255aba01bc8

SHA512
a0759969454385472ada3feea8d3270f318b84eafb6bdc34ac5fcdf1a93866e60e4b170460e16a7087748b04966bd49caf1741cd43d2aa1e251b4b6ea9aad607

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
acf66aae67597359a20cc41117d251cb

SHA1
f2438fae480cf2e7c6a5f4b4892aba8e6d60d8da

SHA256
65d03919352bf3f65b27a57c6035adf62c8c4b0f62bb9fae1e45ada8acbc39f3

SHA512
6f374550e011a89970ab4eb547d034610394757c36227bb8c1b40ff4d5c1d9a333950aff08a0246ed2224e05e2030355c7dfca7e1e852eddc2236bfa449547a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B3B43EFEA847E61D714C48920995E508
Filesize
406B

MD5
d8379b55dba439817a4b4b1751bd5deb

SHA1
d8c15c5e850d3225ce2163223f1757234871afca

SHA256
d6f1d302c5652e31e8dd1b0b83a6c06e87e50ce815f5ce3fcb53dfcce97e2a9f

SHA512
a5014a977ed0a5e70aa950e0149664e1595f05e0b099b1ade5bd2d43d0fbae91c760a3fb8d569034834d331c939014977161c4651e21c9cd69568d01f474cfa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log
Filesize
2KB

MD5
41a2e77a29628bbb8e45f0c1f25c3b29

SHA1
24d4948dd26c2d8c7e53b112529c4f6e6a9fcd92

SHA256
7384160e534526d57ad8c778c066871ad70548d86c92e79256898fa334833367

SHA512
79ec5caf249b1c3be2357bc2968e62a0a1c709045950c2dd8895dc5c79cbedb0f1184e5da533c6dfb2dbfadd6bffbd32684cf703d424f6e4b8ecf93212d2355f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
480d43e4acd8bab42200f89dbdef7509

SHA1
406429b557425e8c03998d46f59d45704922eb30

SHA256
a7f08e46ac2f822df3f3227110d117f152075ca7e599bb6122546e3b5dac8342

SHA512
3d1193822c2aa88839149edefbeed322c7f1952653e3f7d4a00f7e87a084374ba63ebe44362a742e96fba3b34e2024e55252590fff1dda5e1d87ae46418205fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe621e50.TMP
Filesize
48B

MD5
ae6842eb6340fd968e437d6ba4f2c59b

SHA1
2be31f4f9fda52f631063a9c6b3a96b4c7d43e8c

SHA256
8552dd444c1264be1f2571278ac679332d6692a4101a241d3016d53911866295

SHA512
05adb742cc1b3df6fa45f43bfb8e7dd5b0dbe4af79c2d046384ef1ac6861d92e15676f0424b6b5bf5bb192d78bdc2c403aecc337538d843269de2dc8d8f2d1d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
e1d509f4fe21d7c9817fcc6dfbff60a2

SHA1
d82d906d54102321f3577cc0a29b1c59e4192228

SHA256
14effe8bb93a1de158ee856332fcb01e09689183627af8d04984997ed9b0dcc5

SHA512
f68b574baa8b57711f62b617d88bce0e544a601325dea05b10ecf214159261df58a06524b7c0e6657ddf32163ad10ff32aed418668e373989dcbf42ac2a84e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
404B

MD5
edc9d99be447f436a957d71512e359aa

SHA1
e41636afc7122d3ac0fe48e5668ff7b345d6cbde

SHA256
daf757ee05fc72d6d05c7e0ad60c6843f01939c976bdd5388fd0f36dd1f06ca8

SHA512
732bf17eac38f1a925ee106ba6d2f6d0864ea9d6c1e3f5558adb78a3017a4f9d6f160001e9eb3175c95cee74642bcd29e1d3a134bc7d68310edd4b72f70985da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
0fab96e18196387d277e61bd97a4df3e

SHA1
274d777e66294a4f017194fadbb5039d4586a9be

SHA256
e711dce40c623bee96fac59ac55e596714138c794a82a6174a6594b1eb8f4ff4

SHA512
c3e4baa8143f0ba921c7d0e5ab6d2f6dfa28943d0575e394e3b103ec967f634c9279aa6844c64eb8b88ef23b51a1aa1178672e724dff28f84d730bf5d496e066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f7dc3a60694c690f323dd2c178853e62

SHA1
7a6c5798254cdac9350cbcb61701a566c53efbf8

SHA256
c551752af1e22ead395ccd291810a09fd94cfda3c44ad16d12eece8a6eda5ccc

SHA512
cd6d76d12c94e6a2ea8ae90fb5cc7d122b8a12b98c9f0e0a4b759306a66fdab4307f970d23fa12d17787f4614fabe3a4012f16492804480d49d6b350304bed0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
63032328bf5b62349b96ae71f52668a6

SHA1
b19ef4bf8bdef7d438c148e3b15b9120294736c2

SHA256
7ea4d9d996f843fd6bc9288cdfa581bc2d7c23753f3a4a02ac9f62e36c9adb2c

SHA512
26df38e86adebff0b01425d3d076108e228d9f605e4c9829e0cc177236a0178960c96de0eaaf45861c8b14042f0534360d6d84d352b873aa527fa0bea59e3fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
4b78f1b8b9f12ce9dc3ecd5ddaf778fa

SHA1
a4d06c8b62678b1b08a66383cccc33ab22652fd6

SHA256
f1158d1087205f5f8f41edba41cd6bc8f6e04b43214e7b1d3ef4e3559de80d8a

SHA512
e941fa08f2564e7353459ac3f474ffed33766ef65d967b928964801b51dcd00857a6997f2e31dca426146a935f21a2ffd522dce21be882bece51e6c05ba32703

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
Filesize
152KB

MD5
7ca38ab7ddfd986b8384c0ec8b711b32

SHA1
a33a3d04aec4e2c75a3d0a40ef2d458cccccfc33

SHA256
3c054e8688b559325024d0de523c122c122fe57dd244f85a52824a3c693922ea

SHA512
6778bba00edad9281e44174fcdc842b0d7350fcc4ea3dcac889723e8f8d75b6c34b5d586c0c5c2d27e3e5a8a275c6b19704c5b4d2948071c8467b18b53ff36a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\1334
Filesize
15KB

MD5
6ed4a84c7bb772ae8cbdffc6193a1bbf

SHA1
9dfa1eb602acb917856c1f82d2e172c4c3c03364

SHA256
f80255ba3aa605a9070aaa0a94af652dd50d26f02482561e9d3c7b8571283c37

SHA512
1f93b147d0a180ab1bc79776c0081c0663af122e4ad1f76be823eb48a38061b37837fd2233841506a13e54a7bf3b2fb6109d79336bd86641645b2ef9fa9625f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\doomed\15228
Filesize
14KB

MD5
8c86ac30165a782fabad37aec9cc17a7

SHA1
7a452858ba2051b16066244bf358bc1428b10fdd

SHA256
78e945d5132d285f3ae22d51ad6649ec6ff576aabd76a8948ff0bdac00e23fd1

SHA512
dd74839cdbf1aa24b0080ad9fc8f657d37cabd36ca0bf052a175b7203201475a47da09746a2bdcaa38df5c7a21eb0427e74fd2979770d791f89fb8a89f10bc42

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
Filesize
76B

MD5
0b90c6926befa5dbf6d2d8d97e650ea5

SHA1
0c8e2327f01a4c6455a42d5f18e56242d2658082

SHA256
18fc2d9a4c3405043bcd54b2c8193f1fd110a531b83177b168ba3d25bac8ed11

SHA512
24da3d6bddf930d80e04798f5fe60db73748eeeae8238de5bb5a5b7d98df73d66a456159be819d574d5ff5fc6f0663c57ea3044892b810549c26aca168ce8491

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.8MB

MD5
1f4c7ac0f30d95edbe542b77bbdb5ed2

SHA1
f95163ed631e57fc478fa74f5d31ca5106b5c95b

SHA256
6d38745793e383f922f90719d5a9444ddaf9d8a25ae7ad83450a58e4564fe41c

SHA512
e9b9aab1dfbef58a1bf6228e3e820f5b8673c73d53ea28b1519f1ba66fe9dab7c8dc3ba78315e73cfc7f28fce04167c6c4badbf191d9ee5df48d306483d7238a

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.8MB

MD5
1f4c7ac0f30d95edbe542b77bbdb5ed2

SHA1
f95163ed631e57fc478fa74f5d31ca5106b5c95b

SHA256
6d38745793e383f922f90719d5a9444ddaf9d8a25ae7ad83450a58e4564fe41c

SHA512
e9b9aab1dfbef58a1bf6228e3e820f5b8673c73d53ea28b1519f1ba66fe9dab7c8dc3ba78315e73cfc7f28fce04167c6c4badbf191d9ee5df48d306483d7238a

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\WeMod-8.5.0-full.nupkg
Filesize
98.1MB

MD5
660861f1171364698499519c06c22d57

SHA1
30142d06e585bfc832f7fe2b9afbb933f928ac6f

SHA256
4fe7046f9e17618013c0f8038d607ddac3738cf814ace553724bb20a24e4a34c

SHA512
1bc16c595db7f6b7408de8d46c8ba0f2a7869442875624f530ca13c8685c5ddcbb8448c738f1c97c0f2905dc9383689fb7351e4f55df646fe552de664e1a4c6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638159644832604276.exe
Filesize
98.9MB

MD5
0a79ca5414d0b397ed93437a694622bc

SHA1
882ce3a09f39a9f2b72b7187d92d37fb9d7de57a

SHA256
af93691dcdacad747705b4fd30685b2a3c87edaf30b95db44151905678e3c934

SHA512
8d8abe9214e1fd4cbdccb5d51e0b19be6767b915a44aa15dccbfe3770a07cb6d806a35b7ac0cfeb276b21e15189869ac02aaf5938e42e3dbd931c89c81e21dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638159644832604276.exe
Filesize
98.9MB

MD5
0a79ca5414d0b397ed93437a694622bc

SHA1
882ce3a09f39a9f2b72b7187d92d37fb9d7de57a

SHA256
af93691dcdacad747705b4fd30685b2a3c87edaf30b95db44151905678e3c934

SHA512
8d8abe9214e1fd4cbdccb5d51e0b19be6767b915a44aa15dccbfe3770a07cb6d806a35b7ac0cfeb276b21e15189869ac02aaf5938e42e3dbd931c89c81e21dac

Download Submit
C:\Users\Admin\AppData\Local\WeMod\Update.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\Update.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\Update.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\Update.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\D3DCompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\Squirrel.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\WeMod.exe
Filesize
127.9MB

MD5
f663c2b81feb82e55f4bb297116dae17

SHA1
6b210465569dc0081950c390b96fb4dcdd79bcbe

SHA256
10df644e3ba80f0628e02ab1a102d65d949940fe6b2bb4afe1d43d29b92dcf8f

SHA512
73e8fc4b663fdd82c5fc6a61c860dd8cde6c754b7995200e018eaf76c56b51743d53c60b5ab18fedeaea2a380eb49822d2af767c10588203961099b2406c7efc

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\chrome_100_percent.pak
Filesize
126KB

MD5
44a69827d4aa75426f3c577af2f8618e

SHA1
7bdd115425b05414b64dcdb7d980b92ecd3f15b3

SHA256
bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

SHA512
5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\chrome_200_percent.pak
Filesize
175KB

MD5
9c379fc04a7bf1a853b14834f58c9f4b

SHA1
c105120fd00001c9ebdf2b3b981ecccb02f8eefb

SHA256
b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

SHA512
f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\d3dcompiler_47.dll
Filesize
3.9MB

MD5
ab3be0c427c6e405fad496db1545bd61

SHA1
76012f31db8618624bc8b563698b2669365e49cb

SHA256
827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

SHA512
d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\ffmpeg.dll
Filesize
2.4MB

MD5
fe1bd381ac07068295f1990e794ada6c

SHA1
3a8c8cfa51d33453392f776be88b9bec50d561ad

SHA256
93f1c82567e50b17ae3270e748d3b1456b260cb718cd20f49b4197c864b1a464

SHA512
78ef7486cc8ddb940c4b3710dd567b9918daea06b4e86740a2fc51a0384638c0bafbadd40d3e37f99af1bf8e5bd1c951f1c1ea3d876494a4d323834f330c781f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\icudtl.dat
Filesize
10.0MB

MD5
cf9421b601645bda331c7136a0a9c3f8

SHA1
9950d66df9022f1caa941ab0e9647636f7b7a286

SHA256
8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

SHA512
bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\libEGL.dll
Filesize
377KB

MD5
5bd8277192fb288232de03f662ed0b07

SHA1
fe304b6b0b809fa8eacd8659c9dbf5439bafa8ca

SHA256
9c9fa0503e1c1fba96d5bd3a383216091b5df934df59daf8f965535cca2dd4d5

SHA512
c29e4352130167f167844f4ad3e3ee32a871fbdd2dd9ff92a9f0797af85ba97ec659e63eb5373f00152f1f2be64efbf26f779b51a51717b4be2b6f5225f5a4c6

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\libGLESv2.dll
Filesize
6.2MB

MD5
375ab4b0b81c8f408ba618f436734739

SHA1
c84064cacb3af0c83e7f393a09b4923587d75290

SHA256
d974356a5af23cf5fae75750f7ffa0833100ff59982c1b4c6589597e295cc999

SHA512
7e1c2e3e2e40439f5b3d312fb8b50e703beeb22d17b26fdf6ccaf672085b33679c20c84db4df829012466be56d020ccc6ff41c9770b159ad33d0c4f30d4b67d9

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\libegl.dll
Filesize
377KB

MD5
5bd8277192fb288232de03f662ed0b07

SHA1
fe304b6b0b809fa8eacd8659c9dbf5439bafa8ca

SHA256
9c9fa0503e1c1fba96d5bd3a383216091b5df934df59daf8f965535cca2dd4d5

SHA512
c29e4352130167f167844f4ad3e3ee32a871fbdd2dd9ff92a9f0797af85ba97ec659e63eb5373f00152f1f2be64efbf26f779b51a51717b4be2b6f5225f5a4c6

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\libglesv2.dll
Filesize
6.2MB

MD5
375ab4b0b81c8f408ba618f436734739

SHA1
c84064cacb3af0c83e7f393a09b4923587d75290

SHA256
d974356a5af23cf5fae75750f7ffa0833100ff59982c1b4c6589597e295cc999

SHA512
7e1c2e3e2e40439f5b3d312fb8b50e703beeb22d17b26fdf6ccaf672085b33679c20c84db4df829012466be56d020ccc6ff41c9770b159ad33d0c4f30d4b67d9

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\locales\en-US.pak
Filesize
302KB

MD5
3fef69b20e6f9599e9c2369398e571c0

SHA1
92be2b65b62938e6426ab333c82d70d337666784

SHA256
a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c

SHA512
3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources.pak
Filesize
5.2MB

MD5
f24c85d2b898b6b4de118f6a2e63a244

SHA1
731adfc20807874b70bda7e2661e66ff6987e069

SHA256
aca9267dd8f530135d67240aa897112467bae77cd5fe1a549c69732fdf2803c6

SHA512
b49f6a4eb870b01b48b4cfbf5a73c1727cf7847a9505f7c11ce6befdbef868484867f6e0ac66aea8177ca5cab2abba1cae5ac626a8e3f44fc001cac0fe820c61

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar
Filesize
6.5MB

MD5
b74477056326a2c0e27a0da6c25422af

SHA1
d8f501d8b4c485f46fae9d9f80c0a2bb2afa912f

SHA256
ae7368363955d479f3afbd0c0d00c3e22cb0f32fa6b2dcf1a782a94a3dc21df8

SHA512
49f7e52847906baa40ba282efd227a2a649d548cdfb42476a9020ae9ad53f308d8aa6d487a194b9208b83bcf545cbea7ae0d3bcd9b294769f132adfde140bd4e

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
Filesize
945KB

MD5
74bdec2a1b6ee5cc7276f47d13edc48a

SHA1
71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e

SHA256
7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19

SHA512
a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
Filesize
945KB

MD5
74bdec2a1b6ee5cc7276f47d13edc48a

SHA1
71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e

SHA256
7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19

SHA512
a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\resources\app.asar.unpacked\static\unpacked\icon.ico
Filesize
279KB

MD5
34ee19ccd44f31cd831dc50920f19890

SHA1
24545d2f4741fb5a4649840486ffd3597b7ade5b

SHA256
136cf9b3a30268d1d439df7b9fd9104cb1d83be7fd2b562c3e9a47450ae0df3d

SHA512
ded8ade93c143dc8abc7a76b03b4015a8637b2ee13b85dd70655d5857289f19ebef76562eace56a3ad3c2418fab5305bb0b6cadd0a412ddb781b8f496e82c74a

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\squirrel.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\squirrel.exe
Filesize
1.8MB

MD5
72d640aa4ca25f2e9bb6bf63433a2808

SHA1
bc03640081764bf26c9888a252126bf5fa150595

SHA256
e5eb13cd6018bfb0b8576f37f1f9001e299a33f95d0fb59366c57cadb4d1afc7

SHA512
ad37209d607076706d3eb14d12e3b2b371d4ebe14ecce4a602e9e670f22af7e0de422b3bfab75452ee9ec1619fb4e2856edef3a4ab31bd343be15a8b9ea8ab5f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\v8_context_snapshot.bin
Filesize
590KB

MD5
dd9ca4878bba782613cba372de1c36f4

SHA1
2eefcb6fcaa4b2ed717c952895710be5701871a7

SHA256
ea33ca96024769386ae0ff100c2ae239507006d7340f1f8bbc5bcfb4195f9226

SHA512
0791d3827a6de5745d3424c562b16604cf311ed6fcb4cf62d2c7f54ec0b7f3535b1114e919d2ba6d144cbe9f45418a555ab3fd801078bd8d563a656796f5d4e6

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\vk_swiftshader.dll
Filesize
4.2MB

MD5
ed9ba505da635589cb5fc6623f6859bd

SHA1
21fe4f04404fcea097b3f214fd3181f91a56822b

SHA256
d605d0c3fce033205c510dc1dae25fc64eb2fc9a3f99c2a8df25eb968a4db763

SHA512
842b3c43e334a5fc706ba286fa23f7501854772f58240f14971944361caac5a985a445e565fe5d31aaed97aaea196e3a8c59d5275386d10703cff42384d2f24f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\vk_swiftshader.dll
Filesize
4.2MB

MD5
ed9ba505da635589cb5fc6623f6859bd

SHA1
21fe4f04404fcea097b3f214fd3181f91a56822b

SHA256
d605d0c3fce033205c510dc1dae25fc64eb2fc9a3f99c2a8df25eb968a4db763

SHA512
842b3c43e334a5fc706ba286fa23f7501854772f58240f14971944361caac5a985a445e565fe5d31aaed97aaea196e3a8c59d5275386d10703cff42384d2f24f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\vk_swiftshader.dll
Filesize
4.2MB

MD5
ed9ba505da635589cb5fc6623f6859bd

SHA1
21fe4f04404fcea097b3f214fd3181f91a56822b

SHA256
d605d0c3fce033205c510dc1dae25fc64eb2fc9a3f99c2a8df25eb968a4db763

SHA512
842b3c43e334a5fc706ba286fa23f7501854772f58240f14971944361caac5a985a445e565fe5d31aaed97aaea196e3a8c59d5275386d10703cff42384d2f24f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\vk_swiftshader_icd.json
Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\vulkan-1.dll
Filesize
754KB

MD5
a6826e4c60449ca4b6f4f285ce981260

SHA1
c7134e9715c365154882108b9b45b99d6462b785

SHA256
a5267fd66fda82bc09aa71cfd7fa138e606178769548482fbff2fd0a80e4b795

SHA512
cb664e0b29185e00aff14167305db3e63a4e91a0053183d5463caa0d735250b57dc6a8412850b8a4ad2c2145ccb21423b22d0ce7e76e6a995e37f3af801f46d9

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.5.0\vulkan-1.dll
Filesize
754KB

MD5
a6826e4c60449ca4b6f4f285ce981260

SHA1
c7134e9715c365154882108b9b45b99d6462b785

SHA256
a5267fd66fda82bc09aa71cfd7fa138e606178769548482fbff2fd0a80e4b795

SHA512
cb664e0b29185e00aff14167305db3e63a4e91a0053183d5463caa0d735250b57dc6a8412850b8a4ad2c2145ccb21423b22d0ce7e76e6a995e37f3af801f46d9

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES
Filesize
76B

MD5
0b90c6926befa5dbf6d2d8d97e650ea5

SHA1
0c8e2327f01a4c6455a42d5f18e56242d2658082

SHA256
18fc2d9a4c3405043bcd54b2c8193f1fd110a531b83177b168ba3d25bac8ed11

SHA512
24da3d6bddf930d80e04798f5fe60db73748eeeae8238de5bb5a5b7d98df73d66a456159be819d574d5ff5fc6f0663c57ea3044892b810549c26aca168ce8491

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES
Filesize
76B

MD5
0b90c6926befa5dbf6d2d8d97e650ea5

SHA1
0c8e2327f01a4c6455a42d5f18e56242d2658082

SHA256
18fc2d9a4c3405043bcd54b2c8193f1fd110a531b83177b168ba3d25bac8ed11

SHA512
24da3d6bddf930d80e04798f5fe60db73748eeeae8238de5bb5a5b7d98df73d66a456159be819d574d5ff5fc6f0663c57ea3044892b810549c26aca168ce8491

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\WeMod-8.5.0-full.nupkg
Filesize
98.1MB

MD5
660861f1171364698499519c06c22d57

SHA1
30142d06e585bfc832f7fe2b9afbb933f928ac6f

SHA256
4fe7046f9e17618013c0f8038d607ddac3738cf814ace553724bb20a24e4a34c

SHA512
1bc16c595db7f6b7408de8d46c8ba0f2a7869442875624f530ca13c8685c5ddcbb8448c738f1c97c0f2905dc9383689fb7351e4f55df646fe552de664e1a4c6f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
6KB

MD5
2fe74bfbf6590c32c26bb6ea0a94fb53

SHA1
4cf30e8e6be82707446e0b9768f6b20209a0a4be

SHA256
fc9e6fdcbd46e9a6d077717386e80b88ffdc102c9271b66017bb0c359cef1c22

SHA512
fa7d1b7093e0f97309bfd9937d74954db458f0bdc3fa01f209bdc6e6933968f87c96c3a0fc36c7ac56d11af9b905922d1b61ce90f8c11fcdfc1de276419f67af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
Filesize
6KB

MD5
0531a0997debda781e692eb5cd6cb2d4

SHA1
188befe7d817f7e4a9ce7e61fb6c6f3f7c2ed494

SHA256
f3207b429871bab26d663db3c19d672798eb2873d0fcbd84be394111063f530c

SHA512
b63a4b028fcab73df1ba123efebf310a088249db1ef0310ed8c05ca1404ac6c0065268ae3d9f79934a263de94c45a95037f9ab7dc8baffae05a284906c0cfa30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
Filesize
6KB

MD5
feb8a52858c8167a58f36caa1b37f116

SHA1
7ae7f9d2721ae3c579f9e18e4fea679e8c848158

SHA256
adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

SHA512
109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionCheckpoints.json.tmp
Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
f33a705c2c7a102179b1e146c7837050

SHA1
a7144ce744dd5360959274aa5d866457a574b86b

SHA256
901f03c8b74655d51b614ec8bf3ad841aa811e5047574d6a295bf6eb1c919fd1

SHA512
d3a633ca3a1995f1bc6ed9048cf57c8378797a00b7310c6be0a00ac606336a454e7f765f6ad666aa1ee8bfddbb1977118b10fed57a2dd054cdd985f87f7d1e3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore.jsonlz4
Filesize
4KB

MD5
e042ec75a1e0798fbd8be357f955250f

SHA1
f0f8463d46244e6a78b61cd7adc1d420fd965f0c

SHA256
0285779d053ea9412d7d13406760c71ae03b7b57ce53297ac818ea195505b056

SHA512
4fbb8d16821f261b867689c767fceddf5069e3d189ff0c691f0e9990b8b4daee8c89a13d4746c83137d5661cb40641c9fb2fab29facfda5db4c941905fb77ba2

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Network\Network Persistent State
Filesize
1KB

MD5
81970616c0268ac1a07eb8e3764a16c3

SHA1
3d27c78a84665196f8a8779217d48ca04b713c26

SHA256
ef4e246b2b8a7aa99fb9b9a4575f5d275dee61d815739fa682c72c9ded543b82

SHA512
237c0c2d4a1920dde02dd2d23a846f1170803b4e6b35ee482567c79ae8463839f8419937cbf87084d7aa53d907adc4ad580e90d11964ba06de334e10a08497c5

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Network\Network Persistent State
Filesize
1KB

MD5
ca35856510bad1fbacfcc7b97cce5e0c

SHA1
512218ad7c4a5afbab8b4b695c8afc36d9fc54f5

SHA256
69a11452f3137a086e60cc53a5f4e52d9888a0c0b64fcaf5d62cfb909af38d88

SHA512
3a6a6ebc00ba0d4924d63464346f0cd65f99a28aec02027a9b660f537e03eb6c9789264b87bfb3ade284b90f58e1e5caba92d8e43221832bb7abcb3567d3b895

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Network\Network Persistent State~RFe5b08b7.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Code Cache\js\index-dir\the-real-index
Filesize
984B

MD5
ed721812f8c10886821474409623bc27

SHA1
a77471986e5ab0a0eedf6e35ee170c38dcb5108d

SHA256
86827ac8463d7a75f0295ed8a57363e29f5623a909f661285f1b7171307d251d

SHA512
e821325328fa283c5fccd33b5aed3d8ec4854318724239beaf778c3c2b8543e41322ba6b12267f4f1aa8cd6b93609f1e22434221e21a75473b394393401fbfe4

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Code Cache\js\index-dir\the-real-index~RFe62462b.TMP
Filesize
48B

MD5
c7b419d16d038adc7278dd2a87ed3912

SHA1
44b2deddf032394f144bdd00700bf18fc3bc39c5

SHA256
d866b8588f617105c000a7942b70574818b215a1d79dac3bdff7a70e5b548006

SHA512
0eee250f6ea4052d4ce02467301c1c8b7e44711d069e272abb25ade0a28cba385aab3d3bf7d7e9870272c71532db740edfeab5f0d16e9c90efc24e69cc35f770

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\DawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\DawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\DawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Local Storage\leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Network\Network Persistent State
Filesize
2KB

MD5
02352a4c53167fc25ccbe1d1fa202b82

SHA1
c713b5a23fc86ef164a6495fe394e53e8b56a270

SHA256
4698238667000424aaa14cec9c315de3d17b7c0c70e20c5b10060e05153edb9d

SHA512
b95d488e47a236e153da0530709c32de4706f137f8f087bd2c096d248cb24848794945f98af580987ac7c75e5125a238f38f6b7930d844210c36dfa80b819883

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Network\TransportSecurity
Filesize
370B

MD5
71271c9dc657e83daec867c28cf71240

SHA1
226c28d9f1abb8c3bfe84f2e9585d0713d6d1c84

SHA256
14a165a7e561846db6f9a2fb721bdeac523d47573f281764daffe42bdc2f0b4a

SHA512
939c904524cd85859ceeb1dc35770f634fa1bc88d91e6b70ced4a20e4d74d4e67f0b0c964bb426457dd2297d423dd497c05cb382f3231d86841cfe7a386822e2

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Network\TransportSecurity
Filesize
370B

MD5
1e8a2f0d35f92a6b610350cfdbc9c710

SHA1
40237e1e39349055f468b44d141c707bd3251d5b

SHA256
c5286aa033a9f83aa5d1159ed1eb7e3139cb336f48d771433b6be5a435af042e

SHA512
5d5e78ff108e0c79f599ef6005310f355f6781a30e7019ba94d06856b57ed4492fcdaab8b2ae51b6fcb119a6e87342cc9f199924e8a0faeb68f2e5b9fedc0094

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Network\TransportSecurity
Filesize
370B

MD5
fd9a7069dedf2e4aeef656b92d740048

SHA1
b1fb0c5bb354bb795a78af9f946e5edcc3ff4135

SHA256
769c1522fc1a8c4df35b5f00ae29e26f296de0cb0ac890ec359a86d11e3aa962

SHA512
e7206f6c8f3be67e4deb66cd42b7d5e9e887fbb8d20dcd4b349a450adcf3aea3420bd019b26bad1c2b10389b2145152d667a6c0373d24a19c143e45277348d92

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Network\TransportSecurity~RFe6251c4.TMP
Filesize
370B

MD5
46b4b1595293199df21382092b4fdf36

SHA1
9ece616fdb3bdc6887a0e086d37bd460c5c9c840

SHA256
340d37a3fb2aa87b8a05f838ca67b55e4297713b57ddcd66c1697946b9de370e

SHA512
fc22be12f7cb6844d5faf4d6862672598e850ed666d7ca80f0e7dc32412abcb528f9f57c97eb8722409e12d50757b50e89574ec6eeed82ba9c023614baae5ee4

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
memory/972-381-0x00000000025B0000-0x00000000025C0000-memory.dmp

Filesize
64KB

Download
memory/972-385-0x000000001B180000-0x000000001B2CE000-memory.dmp

Filesize
1.3MB

Download
memory/1044-194-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/1044-201-0x0000013498960000-0x0000013498AAE000-memory.dmp

Filesize
1.3MB

Download
memory/1044-378-0x0000013498960000-0x0000013498AAE000-memory.dmp

Filesize
1.3MB

Download
memory/1044-134-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/1044-135-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/1044-136-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/1044-137-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/1044-138-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/1044-176-0x0000013D007B0000-0x0000013D00F56000-memory.dmp

Filesize
7.6MB

Download
memory/1044-178-0x0000013498960000-0x0000013498AAE000-memory.dmp

Filesize
1.3MB

Download
memory/1044-179-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/1044-180-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/1044-212-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/1044-181-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/1044-182-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/1044-183-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/1044-133-0x00000134FE3F0000-0x00000134FE416000-memory.dmp

Filesize
152KB

Download
memory/1044-195-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/1044-196-0x0000013498960000-0x0000013498AAE000-memory.dmp

Filesize
1.3MB

Download
memory/1044-213-0x00000134988F0000-0x0000013498900000-memory.dmp

Filesize
64KB

Download
memory/3096-328-0x000000001BD40000-0x000000001BE8E000-memory.dmp

Filesize
1.3MB

Download
memory/3096-210-0x0000000000FE0000-0x00000000011B6000-memory.dmp

Filesize
1.8MB

Download
memory/3096-345-0x000000001BC60000-0x000000001BC80000-memory.dmp

Filesize
128KB

Download
memory/3096-340-0x000000001BD40000-0x000000001BE8E000-memory.dmp

Filesize
1.3MB

Download
memory/3096-356-0x000000001BD40000-0x000000001BE8E000-memory.dmp

Filesize
1.3MB

Download
memory/3096-336-0x000000001BD40000-0x000000001BE8E000-memory.dmp

Filesize
1.3MB

Download
memory/3096-214-0x000000001BFE0000-0x000000001BFF0000-memory.dmp

Filesize
64KB

Download
memory/4300-465-0x000000001E0E0000-0x000000001E608000-memory.dmp

Filesize
5.2MB

Download
memory/4300-466-0x0000000000FB0000-0x0000000000FC0000-memory.dmp

Filesize
64KB

Download
memory/4408-516-0x000000000EAA0000-0x000000000EAA1000-memory.dmp

Filesize
4KB

Download
memory/4408-515-0x000000000EAA0000-0x000000000EAA1000-memory.dmp

Filesize
4KB

Download
memory/4408-507-0x000000000EAA0000-0x000000000EAA1000-memory.dmp

Filesize
4KB

Download
memory/4408-508-0x000000000EAA0000-0x000000000EAA1000-memory.dmp

Filesize
4KB

Download
memory/4408-512-0x000000000EAA0000-0x000000000EAA1000-memory.dmp

Filesize
4KB

Download
memory/4408-514-0x000000000EAA0000-0x000000000EAA1000-memory.dmp

Filesize
4KB

Download
memory/4408-513-0x000000000EAA0000-0x000000000EAA1000-memory.dmp

Filesize
4KB

Download
memory/4408-518-0x000000000EAA0000-0x000000000EAA1000-memory.dmp

Filesize
4KB

Download
memory/4408-517-0x000000000EAA0000-0x000000000EAA1000-memory.dmp

Filesize
4KB

Download
memory/4408-506-0x000000000EAA0000-0x000000000EAA1000-memory.dmp

Filesize
4KB

Download
memory/4644-337-0x000000001B8A0000-0x000000001B9EE000-memory.dmp

Filesize
1.3MB

Download
memory/4644-363-0x000000001B8A0000-0x000000001B9EE000-memory.dmp

Filesize
1.3MB

Download
memory/4644-323-0x0000000000C40000-0x0000000000E1C000-memory.dmp

Filesize
1.9MB

Download
memory/4644-346-0x000000001BA60000-0x000000001BA70000-memory.dmp

Filesize
64KB

Download
memory/5044-491-0x000001826C940000-0x000001826C950000-memory.dmp

Filesize
64KB

Download
memory/5044-480-0x000001826C940000-0x000001826C950000-memory.dmp

Filesize
64KB

Download
memory/5044-469-0x000001826DFD0000-0x000001826DFF2000-memory.dmp

Filesize
136KB

Download
memory/5044-468-0x000001826C360000-0x000001826C450000-memory.dmp

Filesize
960KB

Download