lumma | e91bb25102e7e4bbdb585f4b08807d64dc37b3ff089813482013d529723853a4

Resubmissions

16/04/2023, 17:28

230416-v1237scd9y 10

Analysis

max time kernel
147s
max time network
105s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16/04/2023, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WeMod-Setup.exe
Size

141KB
MD5

5ec8aeda4193ec791606a73c67edadcf
SHA1

2c2765a19a18d60389a3d155ce378f65658513fa
SHA256

e91bb25102e7e4bbdb585f4b08807d64dc37b3ff089813482013d529723853a4
SHA512

d3807fc2afe67ce873886ce829a85e2d2af9cc3b06e68646b58433e32814e4481d2ba0222aba7b5509822d2046cbf0c896eeca5bc42165fcaa312d7b1a7d4507
SSDEEP

3072:Bojm4ILlCI+4COHCyhaEtHZkOpk97oc4ILlCI+4TOHHSafx:Bd+bwaEtHLhiHt

Score

10^/10

lumma discovery stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
1576	WeMod-Setup-638172701532252000.exe
440	Update.exe
1752	Squirrel.exe
544	WeMod.exe
480	Update.exe
1056	WeMod.exe

Loads dropped DLL 3 IoCs

pid	Process
1576	WeMod-Setup-638172701532252000.exe
544	WeMod.exe
1056	WeMod.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DOMStorage\wemod.com	WeMod-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DOMStorage	WeMod-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	WeMod-Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DOMStorage\wemod.com\NumberOfSubdomains = "1"	WeMod-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	WeMod-Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "35"	WeMod-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DOMStorage\api.wemod.com	WeMod-Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DOMStorage\api.wemod.com\ = "35"	WeMod-Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\DOMStorage\wemod.com\Total = "35"	WeMod-Setup.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\wemod\shell\open\command	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\wemod\shell	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\wemod\shell\open	WeMod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\wemod\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\WeMod\\app-8.6.0\\WeMod.exe\" \"%1\""	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\wemod	WeMod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\wemod\URL Protocol	WeMod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000_CLASSES\wemod\ = "URL:wemod"	WeMod.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
440	Update.exe
440	Update.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	284	WeMod-Setup.exe
Token: SeDebugPrivilege	440	Update.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe
Token: SeShutdownPrivilege	1056	WeMod.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
284	WeMod-Setup.exe
284	WeMod-Setup.exe

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 284 wrote to memory of 1576	284	WeMod-Setup.exe	30
PID 284 wrote to memory of 1576	284	WeMod-Setup.exe	30
PID 284 wrote to memory of 1576	284	WeMod-Setup.exe	30
PID 284 wrote to memory of 1576	284	WeMod-Setup.exe	30
PID 284 wrote to memory of 1576	284	WeMod-Setup.exe	30
PID 284 wrote to memory of 1576	284	WeMod-Setup.exe	30
PID 284 wrote to memory of 1576	284	WeMod-Setup.exe	30
PID 1576 wrote to memory of 440	1576	WeMod-Setup-638172701532252000.exe	31
PID 1576 wrote to memory of 440	1576	WeMod-Setup-638172701532252000.exe	31
PID 1576 wrote to memory of 440	1576	WeMod-Setup-638172701532252000.exe	31
PID 1576 wrote to memory of 440	1576	WeMod-Setup-638172701532252000.exe	31
PID 440 wrote to memory of 1752	440	Update.exe	32
PID 440 wrote to memory of 1752	440	Update.exe	32
PID 440 wrote to memory of 1752	440	Update.exe	32
PID 440 wrote to memory of 544	440	Update.exe	33
PID 440 wrote to memory of 544	440	Update.exe	33
PID 440 wrote to memory of 544	440	Update.exe	33
PID 440 wrote to memory of 544	440	Update.exe	33
PID 284 wrote to memory of 480	284	WeMod-Setup.exe	34
PID 284 wrote to memory of 480	284	WeMod-Setup.exe	34
PID 284 wrote to memory of 480	284	WeMod-Setup.exe	34
PID 480 wrote to memory of 1056	480	Update.exe	35
PID 480 wrote to memory of 1056	480	Update.exe	35
PID 480 wrote to memory of 1056	480	Update.exe	35
PID 480 wrote to memory of 1056	480	Update.exe	35
PID 1056 wrote to memory of 768	1056	WeMod.exe	36
PID 1056 wrote to memory of 768	1056	WeMod.exe	36
PID 1056 wrote to memory of 768	1056	WeMod.exe	36
PID 1056 wrote to memory of 768	1056	WeMod.exe	36

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe
"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:284
- C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638172701532252000.exe
  "C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638172701532252000.exe" --silent
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1576
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:440
  - - C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe
      "C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      4⤵
      Executes dropped EXE
      PID:1752
  - - C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
      "C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --squirrel-install 8.6.0
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:544
- C:\Users\Admin\AppData\Local\WeMod\Update.exe
  "C:\Users\Admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://?_inst=lQZ7ccfT5QfvKJew"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:480
- - C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
    "C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" wemod://?_inst=lQZ7ccfT5QfvKJew
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1056
  - - C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
      "C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=940 --field-trial-handle=1092,i,7664994156990686244,8953165846059046755,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:768

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
76B

MD5
2048a6e63ea6c66ea9001d9f51fe6c38

SHA1
6faf9dc016628783068f5430da2d6ab6ee99846d

SHA256
52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c

SHA512
c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
b43e5cf21598243f3078d787159d7bef

SHA1
dbe552b5455966b2cc59e6786dac21610cbbea0e

SHA256
36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80

SHA512
8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
b43e5cf21598243f3078d787159d7bef

SHA1
dbe552b5455966b2cc59e6786dac21610cbbea0e

SHA256
36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80

SHA512
8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\WeMod-8.6.0-full.nupkg

Filesize
98.2MB

MD5
5b65b8e7c722ea3cdd852a60e3a47e48

SHA1
78caa65d63160b9b3364633ed0435b91eb116d8d

SHA256
1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f

SHA512
059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638172701532252000.exe

Filesize
99.0MB

MD5
24985391366a2f90a132465022fb5f69

SHA1
f9564ca80e59a57a7fbc7b865c74ba079386b140

SHA256
689c4761b9897b14dbadf5dd833c603a2deecdeccfb1f7c5a6304b2afbe7cfee

SHA512
14bba15cb5d40ea02a40a227c2c57f63d65a9cbcc5448a7efe84f8c93648d5a7e9ebe2574e118fc775d34e73381af5096b3c4371efb2ef52de0effe776de657d

Download Submit
C:\Users\Admin\AppData\Local\WeMod\Update.exe

Filesize
1.8MB

MD5
2e4acb84ffaaf4ac65d1378491ea7ba8

SHA1
c927761e4512e2c9ef81d97c5a33a00c384fd0c7

SHA256
15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f

SHA512
b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

Download Submit
C:\Users\Admin\AppData\Local\WeMod\Update.exe

Filesize
1.8MB

MD5
2e4acb84ffaaf4ac65d1378491ea7ba8

SHA1
c927761e4512e2c9ef81d97c5a33a00c384fd0c7

SHA256
15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f

SHA512
b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

Download Submit
C:\Users\Admin\AppData\Local\WeMod\Update.exe

Filesize
1.8MB

MD5
2e4acb84ffaaf4ac65d1378491ea7ba8

SHA1
c927761e4512e2c9ef81d97c5a33a00c384fd0c7

SHA256
15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f

SHA512
b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe

Filesize
1.8MB

MD5
2e4acb84ffaaf4ac65d1378491ea7ba8

SHA1
c927761e4512e2c9ef81d97c5a33a00c384fd0c7

SHA256
15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f

SHA512
b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

Filesize
127.9MB

MD5
785460a10d3b9bb8e77cb0474dd405e6

SHA1
d905a695151b170d042fc60d938e1f978ab12e2e

SHA256
3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5

SHA512
e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

Filesize
127.9MB

MD5
785460a10d3b9bb8e77cb0474dd405e6

SHA1
d905a695151b170d042fc60d938e1f978ab12e2e

SHA256
3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5

SHA512
e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

Filesize
127.9MB

MD5
785460a10d3b9bb8e77cb0474dd405e6

SHA1
d905a695151b170d042fc60d938e1f978ab12e2e

SHA256
3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5

SHA512
e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

Filesize
127.9MB

MD5
785460a10d3b9bb8e77cb0474dd405e6

SHA1
d905a695151b170d042fc60d938e1f978ab12e2e

SHA256
3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5

SHA512
e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\chrome_100_percent.pak

Filesize
126KB

MD5
44a69827d4aa75426f3c577af2f8618e

SHA1
7bdd115425b05414b64dcdb7d980b92ecd3f15b3

SHA256
bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

SHA512
5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\chrome_200_percent.pak

Filesize
175KB

MD5
9c379fc04a7bf1a853b14834f58c9f4b

SHA1
c105120fd00001c9ebdf2b3b981ecccb02f8eefb

SHA256
b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

SHA512
f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

Filesize
2.4MB

MD5
6eb84bf78abc36ec975f0a72ec7d83d3

SHA1
b92944d2605822e2ffc5196ac299e2bf86c6e25f

SHA256
db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc

SHA512
5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\icudtl.dat

Filesize
10.0MB

MD5
cf9421b601645bda331c7136a0a9c3f8

SHA1
9950d66df9022f1caa941ab0e9647636f7b7a286

SHA256
8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

SHA512
bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\locales\en-US.pak

Filesize
302KB

MD5
3fef69b20e6f9599e9c2369398e571c0

SHA1
92be2b65b62938e6426ab333c82d70d337666784

SHA256
a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c

SHA512
3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources.pak

Filesize
5.2MB

MD5
f24c85d2b898b6b4de118f6a2e63a244

SHA1
731adfc20807874b70bda7e2661e66ff6987e069

SHA256
aca9267dd8f530135d67240aa897112467bae77cd5fe1a549c69732fdf2803c6

SHA512
b49f6a4eb870b01b48b4cfbf5a73c1727cf7847a9505f7c11ce6befdbef868484867f6e0ac66aea8177ca5cab2abba1cae5ac626a8e3f44fc001cac0fe820c61

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar

Filesize
6.6MB

MD5
9b47f8546d1258078638930f63f255e5

SHA1
0553dac387bbca7e2c8bca3feb52aff65048d688

SHA256
2ef3023f110b9dd9de28bfa84d9fcfa1e6babd76b2bf0f6a92bd624a67ec1f45

SHA512
614ca9bc4c792ddada2d8830c503197d547197d663ff08b8c89d2755ecdc9c83df1de3a7865e3c2cf4ebbc9892e1ae1534321bc564cbdd1652361d7fe4aa064d

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\icon.ico

Filesize
279KB

MD5
34ee19ccd44f31cd831dc50920f19890

SHA1
24545d2f4741fb5a4649840486ffd3597b7ade5b

SHA256
136cf9b3a30268d1d439df7b9fd9104cb1d83be7fd2b562c3e9a47450ae0df3d

SHA512
ded8ade93c143dc8abc7a76b03b4015a8637b2ee13b85dd70655d5857289f19ebef76562eace56a3ad3c2418fab5305bb0b6cadd0a412ddb781b8f496e82c74a

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\squirrel.exe

Filesize
1.8MB

MD5
2e4acb84ffaaf4ac65d1378491ea7ba8

SHA1
c927761e4512e2c9ef81d97c5a33a00c384fd0c7

SHA256
15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f

SHA512
b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\v8_context_snapshot.bin

Filesize
590KB

MD5
dd9ca4878bba782613cba372de1c36f4

SHA1
2eefcb6fcaa4b2ed717c952895710be5701871a7

SHA256
ea33ca96024769386ae0ff100c2ae239507006d7340f1f8bbc5bcfb4195f9226

SHA512
0791d3827a6de5745d3424c562b16604cf311ed6fcb4cf62d2c7f54ec0b7f3535b1114e919d2ba6d144cbe9f45418a555ab3fd801078bd8d563a656796f5d4e6

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES

Filesize
76B

MD5
2048a6e63ea6c66ea9001d9f51fe6c38

SHA1
6faf9dc016628783068f5430da2d6ab6ee99846d

SHA256
52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c

SHA512
c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES

Filesize
76B

MD5
2048a6e63ea6c66ea9001d9f51fe6c38

SHA1
6faf9dc016628783068f5430da2d6ab6ee99846d

SHA256
52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c

SHA512
c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

Download Submit
C:\Users\Admin\AppData\Local\WeMod\packages\WeMod-8.6.0-full.nupkg

Filesize
98.2MB

MD5
5b65b8e7c722ea3cdd852a60e3a47e48

SHA1
78caa65d63160b9b3364633ed0435b91eb116d8d

SHA256
1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f

SHA512
059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Local Storage\leveldb\CURRENT~RF6d87f6.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
b43e5cf21598243f3078d787159d7bef

SHA1
dbe552b5455966b2cc59e6786dac21610cbbea0e

SHA256
36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80

SHA512
8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

Filesize
2.4MB

MD5
6eb84bf78abc36ec975f0a72ec7d83d3

SHA1
b92944d2605822e2ffc5196ac299e2bf86c6e25f

SHA256
db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc

SHA512
5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

Download Submit
\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

Filesize
2.4MB

MD5
6eb84bf78abc36ec975f0a72ec7d83d3

SHA1
b92944d2605822e2ffc5196ac299e2bf86c6e25f

SHA256
db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc

SHA512
5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

Download Submit
memory/284-119-0x00000000003A0000-0x0000000000420000-memory.dmp

Filesize
512KB

Download
memory/284-140-0x00000000003A0000-0x0000000000420000-memory.dmp

Filesize
512KB

Download
memory/284-55-0x00000000003A0000-0x0000000000420000-memory.dmp

Filesize
512KB

Download
memory/284-54-0x00000000008D0000-0x00000000008F6000-memory.dmp

Filesize
152KB

Download
memory/284-56-0x00000000003A0000-0x0000000000420000-memory.dmp

Filesize
512KB

Download
memory/284-97-0x00000000220F0000-0x0000000022896000-memory.dmp

Filesize
7.6MB

Download
memory/284-118-0x00000000003A0000-0x0000000000420000-memory.dmp

Filesize
512KB

Download
memory/440-247-0x000000001B020000-0x000000001B0A0000-memory.dmp

Filesize
512KB

Download
memory/440-135-0x000000001B020000-0x000000001B0A0000-memory.dmp

Filesize
512KB

Download
memory/440-133-0x00000000003D0000-0x00000000005A6000-memory.dmp

Filesize
1.8MB

Download
memory/480-271-0x0000000000EF0000-0x00000000010CC000-memory.dmp

Filesize
1.9MB

Download
memory/768-293-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

Filesize
4KB

Download
memory/1056-311-0x0000000001290000-0x0000000001291000-memory.dmp

Filesize
4KB

Download
memory/1752-238-0x0000000000350000-0x000000000052C000-memory.dmp

Filesize
1.9MB

Download