Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2023, 17:15

General

  • Target

    SPORE (Steam) Trainer Setup.exe

  • Size

    141KB

  • MD5

    0e029f4e50575af65f13c6cc9bf36c62

  • SHA1

    9e3e2a3817d55f100b25547dc92f9b316294002e

  • SHA256

    11c95b9e59cabea3ea32a971b67d1cea68b58fd4d58714a57311530d0f4652f7

  • SHA512

    20d7f4ce3d3c39e54380f24ef9983962a75d033f8c932150a77a3ca86b49003ec8eed03451148c99b4b522a7a659ad0e8dafb3e2dee121bbbc76587e212e01b1

  • SSDEEP

    3072:Bojm4ILlCI+4COHCyhaEtHZkOpk97oc4ILlCI+4TOHHSafx:Bd+bwaEtHLhiHt

Score
10/10

Malware Config

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 12 IoCs
  • Loads dropped DLL 10 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe
      "C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe" --silent
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3392
      • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
        "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1564
        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe
          "C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
          4⤵
          • Executes dropped EXE
          PID:2336
        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
          "C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --squirrel-install 8.6.0
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:760
          • C:\Users\Admin\AppData\Local\WeMod\Update.exe
            C:\Users\Admin\AppData\Local\WeMod\Update.exe --createShortcut WeMod.exe
            5⤵
            • Executes dropped EXE
            PID:2032
    • C:\Users\Admin\AppData\Local\WeMod\Update.exe
      "C:\Users\Admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://titles/10279?gameId=10279&_inst=wYAfGUswVRco9rlk"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1556
      • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
        "C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" wemod://titles/10279?gameId=10279&_inst=wYAfGUswVRco9rlk
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3856
        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
          "C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1728,i,2106819194018410949,5109712828029631445,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3536
        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
          "C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --force-ui-direction=ltr --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --mojo-platform-channel-handle=2100 --field-trial-handle=1728,i,2106819194018410949,5109712828029631445,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:5008
        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
          "C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2516 --field-trial-handle=1728,i,2106819194018410949,5109712828029631445,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1772
          • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
            C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe WeMod\Support_1682882272917_Out
            5⤵
            • Executes dropped EXE
            PID:1216
        • C:\Users\Admin\AppData\Local\WeMod\Update.exe
          C:\Users\Admin\AppData\Local\WeMod\Update.exe --checkForUpdate https://api.wemod.com/client/channels/stable
          4⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:2164

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

          Filesize

          1KB

          MD5

          4e6d82154f96f31d6fd1defa755515fa

          SHA1

          c146f7befed6fafbf59c6a94f97127c1c22da2fd

          SHA256

          22ec8a53b4ec45ec6c972c8d089d5a4e0bfee7bc0f405d2bd2b920a6cd6e9605

          SHA512

          eeeb804fabfabfaf8355135d707ef53dcb04b0e7e1aea36dbc4dd13c0eedc472f1c972bbdceb90a29817803521a3e7ad9dd4dbc4763816dfede924c57e870002

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

          Filesize

          438B

          MD5

          d5a2a59ac4faa27979dc2dd0e15f01bc

          SHA1

          f1c196f2106d8cbade7c924f44c2430c1ec8a7cf

          SHA256

          19358775ace656abaf6684aa390a20ecbffceb1d8b90c8fb3b7468a3b6cacc78

          SHA512

          cb921d622da788ea3057fd2796a976d35932bfcd21369f9eac126f6e25189d8f4b90bf3ccad81a195f0cd3a4d4d6aa055ab5621e0c9664fa4547fa217c5b1bc2

        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log

          Filesize

          1KB

          MD5

          fcc4a55e80568c4693f6d2eff7ef757e

          SHA1

          d24958d197482557722f616507d8b14dbeadebd8

          SHA256

          1f5a1b10b49c35bff02f63ebaf8cd3faf74b51bd131d3dcfb952590c8bcd5eea

          SHA512

          67de4502abff297c90eb2cfbb3d03bfbef3400d6ee19b3cbb47b3ed9bad4b795946406a6975564321edff618d1a589076b57609c2ca38efc5650899a8483a271

        • C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

          Filesize

          76B

          MD5

          2048a6e63ea6c66ea9001d9f51fe6c38

          SHA1

          6faf9dc016628783068f5430da2d6ab6ee99846d

          SHA256

          52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c

          SHA512

          c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

        • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

          Filesize

          1.8MB

          MD5

          b43e5cf21598243f3078d787159d7bef

          SHA1

          dbe552b5455966b2cc59e6786dac21610cbbea0e

          SHA256

          36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80

          SHA512

          8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

        • C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

          Filesize

          1.8MB

          MD5

          b43e5cf21598243f3078d787159d7bef

          SHA1

          dbe552b5455966b2cc59e6786dac21610cbbea0e

          SHA256

          36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80

          SHA512

          8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

        • C:\Users\Admin\AppData\Local\SquirrelTemp\WeMod-8.6.0-full.nupkg

          Filesize

          98.2MB

          MD5

          5b65b8e7c722ea3cdd852a60e3a47e48

          SHA1

          78caa65d63160b9b3364633ed0435b91eb116d8d

          SHA256

          1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f

          SHA512

          059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d

        • C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe

          Filesize

          99.0MB

          MD5

          24985391366a2f90a132465022fb5f69

          SHA1

          f9564ca80e59a57a7fbc7b865c74ba079386b140

          SHA256

          689c4761b9897b14dbadf5dd833c603a2deecdeccfb1f7c5a6304b2afbe7cfee

          SHA512

          14bba15cb5d40ea02a40a227c2c57f63d65a9cbcc5448a7efe84f8c93648d5a7e9ebe2574e118fc775d34e73381af5096b3c4371efb2ef52de0effe776de657d

        • C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe

          Filesize

          99.0MB

          MD5

          24985391366a2f90a132465022fb5f69

          SHA1

          f9564ca80e59a57a7fbc7b865c74ba079386b140

          SHA256

          689c4761b9897b14dbadf5dd833c603a2deecdeccfb1f7c5a6304b2afbe7cfee

          SHA512

          14bba15cb5d40ea02a40a227c2c57f63d65a9cbcc5448a7efe84f8c93648d5a7e9ebe2574e118fc775d34e73381af5096b3c4371efb2ef52de0effe776de657d

        • C:\Users\Admin\AppData\Local\WeMod\Update.exe

          Filesize

          1.8MB

          MD5

          b43e5cf21598243f3078d787159d7bef

          SHA1

          dbe552b5455966b2cc59e6786dac21610cbbea0e

          SHA256

          36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80

          SHA512

          8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

        • C:\Users\Admin\AppData\Local\WeMod\Update.exe

          Filesize

          1.8MB

          MD5

          2e4acb84ffaaf4ac65d1378491ea7ba8

          SHA1

          c927761e4512e2c9ef81d97c5a33a00c384fd0c7

          SHA256

          15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f

          SHA512

          b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

        • C:\Users\Admin\AppData\Local\WeMod\Update.exe

          Filesize

          1.8MB

          MD5

          2e4acb84ffaaf4ac65d1378491ea7ba8

          SHA1

          c927761e4512e2c9ef81d97c5a33a00c384fd0c7

          SHA256

          15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f

          SHA512

          b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

        • C:\Users\Admin\AppData\Local\WeMod\Update.exe

          Filesize

          1.8MB

          MD5

          2e4acb84ffaaf4ac65d1378491ea7ba8

          SHA1

          c927761e4512e2c9ef81d97c5a33a00c384fd0c7

          SHA256

          15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f

          SHA512

          b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

        • C:\Users\Admin\AppData\Local\WeMod\WeMod.exe

          Filesize

          536KB

          MD5

          3cfa1e47a878c62a4fb067f01dc2be63

          SHA1

          76d8040012122c04a11d21d84729b6f3511d3170

          SHA256

          9c2e8414037fe2ce9ab4bef2743b2a9aa0e0c34eaeb8bcb69a0ebc446b8a7037

          SHA512

          fb695949c1c0ec63c62ed55584c5e97d0a40342f64ed4f8adf62d820c70b44f7544e86b68205b5c0582f0e204dc2015ffb8c98f64ac5116084e7bf77bba25f3d

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\D3DCompiler_47.dll

          Filesize

          3.9MB

          MD5

          ab3be0c427c6e405fad496db1545bd61

          SHA1

          76012f31db8618624bc8b563698b2669365e49cb

          SHA256

          827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

          SHA512

          d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe

          Filesize

          1.8MB

          MD5

          2e4acb84ffaaf4ac65d1378491ea7ba8

          SHA1

          c927761e4512e2c9ef81d97c5a33a00c384fd0c7

          SHA256

          15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f

          SHA512

          b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

          Filesize

          127.9MB

          MD5

          785460a10d3b9bb8e77cb0474dd405e6

          SHA1

          d905a695151b170d042fc60d938e1f978ab12e2e

          SHA256

          3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5

          SHA512

          e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

          Filesize

          127.9MB

          MD5

          785460a10d3b9bb8e77cb0474dd405e6

          SHA1

          d905a695151b170d042fc60d938e1f978ab12e2e

          SHA256

          3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5

          SHA512

          e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

          Filesize

          127.9MB

          MD5

          785460a10d3b9bb8e77cb0474dd405e6

          SHA1

          d905a695151b170d042fc60d938e1f978ab12e2e

          SHA256

          3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5

          SHA512

          e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

          Filesize

          127.9MB

          MD5

          785460a10d3b9bb8e77cb0474dd405e6

          SHA1

          d905a695151b170d042fc60d938e1f978ab12e2e

          SHA256

          3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5

          SHA512

          e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

          Filesize

          127.9MB

          MD5

          785460a10d3b9bb8e77cb0474dd405e6

          SHA1

          d905a695151b170d042fc60d938e1f978ab12e2e

          SHA256

          3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5

          SHA512

          e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

          Filesize

          127.9MB

          MD5

          785460a10d3b9bb8e77cb0474dd405e6

          SHA1

          d905a695151b170d042fc60d938e1f978ab12e2e

          SHA256

          3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5

          SHA512

          e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

          Filesize

          127.9MB

          MD5

          785460a10d3b9bb8e77cb0474dd405e6

          SHA1

          d905a695151b170d042fc60d938e1f978ab12e2e

          SHA256

          3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5

          SHA512

          e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\chrome_100_percent.pak

          Filesize

          126KB

          MD5

          44a69827d4aa75426f3c577af2f8618e

          SHA1

          7bdd115425b05414b64dcdb7d980b92ecd3f15b3

          SHA256

          bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

          SHA512

          5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\chrome_200_percent.pak

          Filesize

          175KB

          MD5

          9c379fc04a7bf1a853b14834f58c9f4b

          SHA1

          c105120fd00001c9ebdf2b3b981ecccb02f8eefb

          SHA256

          b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

          SHA512

          f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\d3dcompiler_47.dll

          Filesize

          3.9MB

          MD5

          ab3be0c427c6e405fad496db1545bd61

          SHA1

          76012f31db8618624bc8b563698b2669365e49cb

          SHA256

          827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6

          SHA512

          d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

          Filesize

          2.4MB

          MD5

          6eb84bf78abc36ec975f0a72ec7d83d3

          SHA1

          b92944d2605822e2ffc5196ac299e2bf86c6e25f

          SHA256

          db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc

          SHA512

          5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

          Filesize

          2.4MB

          MD5

          6eb84bf78abc36ec975f0a72ec7d83d3

          SHA1

          b92944d2605822e2ffc5196ac299e2bf86c6e25f

          SHA256

          db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc

          SHA512

          5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

          Filesize

          2.4MB

          MD5

          6eb84bf78abc36ec975f0a72ec7d83d3

          SHA1

          b92944d2605822e2ffc5196ac299e2bf86c6e25f

          SHA256

          db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc

          SHA512

          5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

          Filesize

          2.4MB

          MD5

          6eb84bf78abc36ec975f0a72ec7d83d3

          SHA1

          b92944d2605822e2ffc5196ac299e2bf86c6e25f

          SHA256

          db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc

          SHA512

          5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

          Filesize

          2.4MB

          MD5

          6eb84bf78abc36ec975f0a72ec7d83d3

          SHA1

          b92944d2605822e2ffc5196ac299e2bf86c6e25f

          SHA256

          db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc

          SHA512

          5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

          Filesize

          2.4MB

          MD5

          6eb84bf78abc36ec975f0a72ec7d83d3

          SHA1

          b92944d2605822e2ffc5196ac299e2bf86c6e25f

          SHA256

          db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc

          SHA512

          5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\icudtl.dat

          Filesize

          10.0MB

          MD5

          cf9421b601645bda331c7136a0a9c3f8

          SHA1

          9950d66df9022f1caa941ab0e9647636f7b7a286

          SHA256

          8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

          SHA512

          bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libEGL.dll

          Filesize

          377KB

          MD5

          8b967ad62cc99673cde56980ed63575d

          SHA1

          ad32b4e7ccfea0df27f9859be34aec8805ac1422

          SHA256

          61c9a573c6f81b60ba4bbc5197580bbd79ece79872d20fcd3e105c9d286b8d5a

          SHA512

          cd259a87a4cf47fdc9bbb41685c7a60aa4b4b493849be8ae57dc2295fb146c57297da6b4b8de7145a69b25cb5526f48d559f7273c4f4a5a022cd3c66364a11a3

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libGLESv2.dll

          Filesize

          6.2MB

          MD5

          177e604afed9174818c288861079a67c

          SHA1

          251a142753a7231112939a43d4987e84c343e876

          SHA256

          dde9d5defb26f9380a576a7260e7b707139e8ee0440d2f2ac280f3244f17f9b6

          SHA512

          3c29ea51691060285c89ad5e1b507054c96d6e026b0147353e9c0601b64c6c64fe677184a4514972e0c40694617ef728fe58ad39079c905f30a87683e2f7198a

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libegl.dll

          Filesize

          377KB

          MD5

          8b967ad62cc99673cde56980ed63575d

          SHA1

          ad32b4e7ccfea0df27f9859be34aec8805ac1422

          SHA256

          61c9a573c6f81b60ba4bbc5197580bbd79ece79872d20fcd3e105c9d286b8d5a

          SHA512

          cd259a87a4cf47fdc9bbb41685c7a60aa4b4b493849be8ae57dc2295fb146c57297da6b4b8de7145a69b25cb5526f48d559f7273c4f4a5a022cd3c66364a11a3

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libglesv2.dll

          Filesize

          6.2MB

          MD5

          177e604afed9174818c288861079a67c

          SHA1

          251a142753a7231112939a43d4987e84c343e876

          SHA256

          dde9d5defb26f9380a576a7260e7b707139e8ee0440d2f2ac280f3244f17f9b6

          SHA512

          3c29ea51691060285c89ad5e1b507054c96d6e026b0147353e9c0601b64c6c64fe677184a4514972e0c40694617ef728fe58ad39079c905f30a87683e2f7198a

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\locales\en-US.pak

          Filesize

          302KB

          MD5

          3fef69b20e6f9599e9c2369398e571c0

          SHA1

          92be2b65b62938e6426ab333c82d70d337666784

          SHA256

          a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c

          SHA512

          3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources.pak

          Filesize

          5.2MB

          MD5

          f24c85d2b898b6b4de118f6a2e63a244

          SHA1

          731adfc20807874b70bda7e2661e66ff6987e069

          SHA256

          aca9267dd8f530135d67240aa897112467bae77cd5fe1a549c69732fdf2803c6

          SHA512

          b49f6a4eb870b01b48b4cfbf5a73c1727cf7847a9505f7c11ce6befdbef868484867f6e0ac66aea8177ca5cab2abba1cae5ac626a8e3f44fc001cac0fe820c61

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar

          Filesize

          6.6MB

          MD5

          9b47f8546d1258078638930f63f255e5

          SHA1

          0553dac387bbca7e2c8bca3feb52aff65048d688

          SHA256

          2ef3023f110b9dd9de28bfa84d9fcfa1e6babd76b2bf0f6a92bd624a67ec1f45

          SHA512

          614ca9bc4c792ddada2d8830c503197d547197d663ff08b8c89d2755ecdc9c83df1de3a7865e3c2cf4ebbc9892e1ae1534321bc564cbdd1652361d7fe4aa064d

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe

          Filesize

          945KB

          MD5

          74bdec2a1b6ee5cc7276f47d13edc48a

          SHA1

          71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e

          SHA256

          7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19

          SHA512

          a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe

          Filesize

          945KB

          MD5

          74bdec2a1b6ee5cc7276f47d13edc48a

          SHA1

          71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e

          SHA256

          7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19

          SHA512

          a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\icon.ico

          Filesize

          279KB

          MD5

          34ee19ccd44f31cd831dc50920f19890

          SHA1

          24545d2f4741fb5a4649840486ffd3597b7ade5b

          SHA256

          136cf9b3a30268d1d439df7b9fd9104cb1d83be7fd2b562c3e9a47450ae0df3d

          SHA512

          ded8ade93c143dc8abc7a76b03b4015a8637b2ee13b85dd70655d5857289f19ebef76562eace56a3ad3c2418fab5305bb0b6cadd0a412ddb781b8f496e82c74a

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\squirrel.exe

          Filesize

          1.8MB

          MD5

          2e4acb84ffaaf4ac65d1378491ea7ba8

          SHA1

          c927761e4512e2c9ef81d97c5a33a00c384fd0c7

          SHA256

          15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f

          SHA512

          b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\squirrel.exe

          Filesize

          1.8MB

          MD5

          2e4acb84ffaaf4ac65d1378491ea7ba8

          SHA1

          c927761e4512e2c9ef81d97c5a33a00c384fd0c7

          SHA256

          15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f

          SHA512

          b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\v8_context_snapshot.bin

          Filesize

          590KB

          MD5

          dd9ca4878bba782613cba372de1c36f4

          SHA1

          2eefcb6fcaa4b2ed717c952895710be5701871a7

          SHA256

          ea33ca96024769386ae0ff100c2ae239507006d7340f1f8bbc5bcfb4195f9226

          SHA512

          0791d3827a6de5745d3424c562b16604cf311ed6fcb4cf62d2c7f54ec0b7f3535b1114e919d2ba6d144cbe9f45418a555ab3fd801078bd8d563a656796f5d4e6

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader.dll

          Filesize

          4.2MB

          MD5

          66cafd13877168b0062349a5a639e4fe

          SHA1

          3936afd07d22d44d033908ae6d56c58ff395d755

          SHA256

          270f2398c073b62660eb8ff492a8ed4c0b760b044d34a6b6fbaa42cf7cb78e84

          SHA512

          8d1d2f9516510ae7b0d4a7f401800092005b5da58d70d22a9b893bca52ca2d928708b558e7d95a18e540ccd3180dd038ae629326b3b8f6a89a6e12d61b399901

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader.dll

          Filesize

          4.2MB

          MD5

          66cafd13877168b0062349a5a639e4fe

          SHA1

          3936afd07d22d44d033908ae6d56c58ff395d755

          SHA256

          270f2398c073b62660eb8ff492a8ed4c0b760b044d34a6b6fbaa42cf7cb78e84

          SHA512

          8d1d2f9516510ae7b0d4a7f401800092005b5da58d70d22a9b893bca52ca2d928708b558e7d95a18e540ccd3180dd038ae629326b3b8f6a89a6e12d61b399901

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader_icd.json

          Filesize

          106B

          MD5

          8642dd3a87e2de6e991fae08458e302b

          SHA1

          9c06735c31cec00600fd763a92f8112d085bd12a

          SHA256

          32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

          SHA512

          f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vulkan-1.dll

          Filesize

          754KB

          MD5

          75bdb977c84aa352ae7dd7782f89611e

          SHA1

          62f9fe878d2972098895796b3d887f517951ddeb

          SHA256

          a43f02de6304eadaf539b127a2f02f95492abca28588d6e0f8cb115388b231cb

          SHA512

          5ed525be689fbb2a74dd2eb35a2099781c1c2848da524bd0a9d07c69154e1d131e30a08c690bb541231fcd14303fd3a6922bfb8ad47955020aebd81dee569561

        • C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vulkan-1.dll

          Filesize

          754KB

          MD5

          75bdb977c84aa352ae7dd7782f89611e

          SHA1

          62f9fe878d2972098895796b3d887f517951ddeb

          SHA256

          a43f02de6304eadaf539b127a2f02f95492abca28588d6e0f8cb115388b231cb

          SHA512

          5ed525be689fbb2a74dd2eb35a2099781c1c2848da524bd0a9d07c69154e1d131e30a08c690bb541231fcd14303fd3a6922bfb8ad47955020aebd81dee569561

        • C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES

          Filesize

          76B

          MD5

          2048a6e63ea6c66ea9001d9f51fe6c38

          SHA1

          6faf9dc016628783068f5430da2d6ab6ee99846d

          SHA256

          52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c

          SHA512

          c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

        • C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES

          Filesize

          76B

          MD5

          2048a6e63ea6c66ea9001d9f51fe6c38

          SHA1

          6faf9dc016628783068f5430da2d6ab6ee99846d

          SHA256

          52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c

          SHA512

          c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

        • C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES

          Filesize

          76B

          MD5

          2048a6e63ea6c66ea9001d9f51fe6c38

          SHA1

          6faf9dc016628783068f5430da2d6ab6ee99846d

          SHA256

          52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c

          SHA512

          c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

        • C:\Users\Admin\AppData\Local\WeMod\packages\WeMod-8.6.0-full.nupkg

          Filesize

          98.2MB

          MD5

          5b65b8e7c722ea3cdd852a60e3a47e48

          SHA1

          78caa65d63160b9b3364633ed0435b91eb116d8d

          SHA256

          1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f

          SHA512

          059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d

        • C:\Users\Admin\AppData\Local\WeMod\packages\WeMod-8.6.0-full.nupkg

          Filesize

          98.2MB

          MD5

          5b65b8e7c722ea3cdd852a60e3a47e48

          SHA1

          78caa65d63160b9b3364633ed0435b91eb116d8d

          SHA256

          1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f

          SHA512

          059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d

        • C:\Users\Admin\AppData\Local\WeMod\update.exe

          Filesize

          1.8MB

          MD5

          b43e5cf21598243f3078d787159d7bef

          SHA1

          dbe552b5455966b2cc59e6786dac21610cbbea0e

          SHA256

          36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80

          SHA512

          8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

        • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

          Filesize

          2B

          MD5

          f3b25701fe362ec84616a93a45ce9998

          SHA1

          d62636d8caec13f04e28442a0a6fa1afeb024bbb

          SHA256

          b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

          SHA512

          98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

        • memory/1216-451-0x0000028E27A20000-0x0000028E27A30000-memory.dmp

          Filesize

          64KB

        • memory/1216-436-0x0000028E27A20000-0x0000028E27A30000-memory.dmp

          Filesize

          64KB

        • memory/1216-434-0x0000028E0E1B0000-0x0000028E0E1D2000-memory.dmp

          Filesize

          136KB

        • memory/1216-433-0x0000028E0C590000-0x0000028E0C680000-memory.dmp

          Filesize

          960KB

        • memory/1556-349-0x000000001BFB0000-0x000000001BFC0000-memory.dmp

          Filesize

          64KB

        • memory/1564-293-0x000000001C500000-0x000000001C510000-memory.dmp

          Filesize

          64KB

        • memory/1564-185-0x0000000000A40000-0x0000000000C16000-memory.dmp

          Filesize

          1.8MB

        • memory/1564-186-0x000000001C500000-0x000000001C510000-memory.dmp

          Filesize

          64KB

        • memory/2032-312-0x0000000001710000-0x0000000001730000-memory.dmp

          Filesize

          128KB

        • memory/2156-163-0x0000026AE7FD0000-0x0000026AE8776000-memory.dmp

          Filesize

          7.6MB

        • memory/2156-165-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2156-175-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2156-170-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2156-138-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2156-168-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2156-164-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2156-167-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2156-166-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2156-133-0x00000262C6010000-0x00000262C6036000-memory.dmp

          Filesize

          152KB

        • memory/2156-136-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2156-137-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2156-134-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2156-176-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2156-169-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2156-135-0x00000262E1030000-0x00000262E1040000-memory.dmp

          Filesize

          64KB

        • memory/2164-430-0x000000001CDE0000-0x000000001D308000-memory.dmp

          Filesize

          5.2MB

        • memory/2164-435-0x0000000002AE0000-0x0000000002AF0000-memory.dmp

          Filesize

          64KB

        • memory/2336-296-0x0000000000060000-0x000000000023C000-memory.dmp

          Filesize

          1.9MB

        • memory/2336-313-0x000000001BB90000-0x000000001BBA0000-memory.dmp

          Filesize

          64KB

        • memory/2336-298-0x000000001BB90000-0x000000001BBA0000-memory.dmp

          Filesize

          64KB