Malware Analysis Report

2025-08-06 00:51

Sample ID 230430-vsq1zacb91
Target SPORE (Steam) Trainer Setup.exe
SHA256 11c95b9e59cabea3ea32a971b67d1cea68b58fd4d58714a57311530d0f4652f7
Tags
lumma discovery stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

11c95b9e59cabea3ea32a971b67d1cea68b58fd4d58714a57311530d0f4652f7

Threat Level: Known bad

The file SPORE (Steam) Trainer Setup.exe was found to be: Known bad.

Malicious Activity Summary

lumma discovery stealer

Lumma Stealer

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Unsigned PE

Enumerates physical storage devices

Checks processor information in registry

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-04-30 17:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-30 17:15

Reported

2023-04-30 17:19

Platform

win10-20230220-en

Max time kernel

210s

Max time network

210s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe"

Signatures

Lumma Stealer

stealer lumma

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod\shell\open C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\WeMod\\app-8.6.0\\WeMod.exe\" \"%1\"" C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod\URL Protocol C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod\ = "URL:wemod" C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod\shell\open\command C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key created \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod\shell C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 368 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe
PID 368 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe
PID 368 wrote to memory of 1180 N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe
PID 1180 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 1180 wrote to memory of 4892 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 4892 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe
PID 4892 wrote to memory of 5028 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe
PID 4892 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 4892 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 4892 wrote to memory of 1700 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 1700 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 1700 wrote to memory of 4668 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 368 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 368 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 2544 wrote to memory of 212 N/A C:\Users\Admin\AppData\Local\WeMod\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 2544 wrote to memory of 212 N/A C:\Users\Admin\AppData\Local\WeMod\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 2544 wrote to memory of 212 N/A C:\Users\Admin\AppData\Local\WeMod\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2500 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 828 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 4228 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 212 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 212 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe

"C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe"

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe

"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe" --silent

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --squirrel-install 8.6.0

C:\Users\Admin\AppData\Local\WeMod\Update.exe

C:\Users\Admin\AppData\Local\WeMod\Update.exe --createShortcut WeMod.exe

C:\Users\Admin\AppData\Local\WeMod\Update.exe

"C:\Users\Admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://titles/10279?gameId=10279&_inst=wYAfGUswVRco9rlk"

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" wemod://titles/10279?gameId=10279&_inst=wYAfGUswVRco9rlk

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1564,i,6108345122184735149,12570329892888873274,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --force-ui-direction=ltr --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --mojo-platform-channel-handle=1936 --field-trial-handle=1564,i,6108345122184735149,12570329892888873274,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2328 --field-trial-handle=1564,i,6108345122184735149,12570329892888873274,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\WeMod\Update.exe

C:\Users\Admin\AppData\Local\WeMod\Update.exe --checkForUpdate https://api.wemod.com/client/channels/stable

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe WeMod\Support_1682882221110_Out

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1468 --field-trial-handle=1564,i,6108345122184735149,12570329892888873274,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.wemod.com udp
US 104.26.6.92:443 api.wemod.com tcp
US 8.8.8.8:53 92.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 104.26.6.92:443 api.wemod.com tcp
US 104.26.6.92:443 api.wemod.com tcp
US 8.8.8.8:53 storage-cdn.wemod.com udp
US 172.67.70.173:443 storage-cdn.wemod.com tcp
US 8.8.8.8:53 173.70.67.172.in-addr.arpa udp
AU 104.46.162.224:443 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 172.67.70.173:443 storage-cdn.wemod.com tcp
US 93.184.220.29:80 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 172.67.70.173:443 storage-cdn.wemod.com tcp
NL 142.250.102.154:443 tcp
NL 142.251.36.3:443 tcp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 154.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp

Files

memory/368-121-0x000001DABF7C0000-0x000001DABF7E6000-memory.dmp

memory/368-122-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp

memory/368-123-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp

memory/368-124-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp

memory/368-125-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp

memory/368-152-0x000001E2DFDE0000-0x000001E2E0586000-memory.dmp

memory/368-153-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp

memory/368-154-0x000001DADC540000-0x000001DADDBEE000-memory.dmp

memory/368-155-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp

memory/368-156-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe

MD5 24985391366a2f90a132465022fb5f69
SHA1 f9564ca80e59a57a7fbc7b865c74ba079386b140
SHA256 689c4761b9897b14dbadf5dd833c603a2deecdeccfb1f7c5a6304b2afbe7cfee
SHA512 14bba15cb5d40ea02a40a227c2c57f63d65a9cbcc5448a7efe84f8c93648d5a7e9ebe2574e118fc775d34e73381af5096b3c4371efb2ef52de0effe776de657d

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe

MD5 24985391366a2f90a132465022fb5f69
SHA1 f9564ca80e59a57a7fbc7b865c74ba079386b140
SHA256 689c4761b9897b14dbadf5dd833c603a2deecdeccfb1f7c5a6304b2afbe7cfee
SHA512 14bba15cb5d40ea02a40a227c2c57f63d65a9cbcc5448a7efe84f8c93648d5a7e9ebe2574e118fc775d34e73381af5096b3c4371efb2ef52de0effe776de657d

memory/368-161-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp

memory/368-166-0x000001DADC540000-0x000001DADDBEE000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 b43e5cf21598243f3078d787159d7bef
SHA1 dbe552b5455966b2cc59e6786dac21610cbbea0e
SHA256 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80
SHA512 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 b43e5cf21598243f3078d787159d7bef
SHA1 dbe552b5455966b2cc59e6786dac21610cbbea0e
SHA256 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80
SHA512 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

memory/4892-171-0x00000000008D0000-0x0000000000AA6000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

MD5 2048a6e63ea6c66ea9001d9f51fe6c38
SHA1 6faf9dc016628783068f5430da2d6ab6ee99846d
SHA256 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c
SHA512 c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

C:\Users\Admin\AppData\Local\SquirrelTemp\WeMod-8.6.0-full.nupkg

MD5 5b65b8e7c722ea3cdd852a60e3a47e48
SHA1 78caa65d63160b9b3364633ed0435b91eb116d8d
SHA256 1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f
SHA512 059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d

C:\Users\Admin\AppData\Local\WeMod\packages\WeMod-8.6.0-full.nupkg

MD5 5b65b8e7c722ea3cdd852a60e3a47e48
SHA1 78caa65d63160b9b3364633ed0435b91eb116d8d
SHA256 1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f
SHA512 059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\squirrel.exe

MD5 2e4acb84ffaaf4ac65d1378491ea7ba8
SHA1 c927761e4512e2c9ef81d97c5a33a00c384fd0c7
SHA256 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f
SHA512 b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe

MD5 2e4acb84ffaaf4ac65d1378491ea7ba8
SHA1 c927761e4512e2c9ef81d97c5a33a00c384fd0c7
SHA256 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f
SHA512 b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

memory/5028-274-0x0000000000580000-0x000000000075C000-memory.dmp

memory/368-278-0x000001DADC540000-0x000001DADDBEE000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

MD5 6eb84bf78abc36ec975f0a72ec7d83d3
SHA1 b92944d2605822e2ffc5196ac299e2bf86c6e25f
SHA256 db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc
SHA512 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

MD5 6eb84bf78abc36ec975f0a72ec7d83d3
SHA1 b92944d2605822e2ffc5196ac299e2bf86c6e25f
SHA256 db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc
SHA512 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\icudtl.dat

MD5 cf9421b601645bda331c7136a0a9c3f8
SHA1 9950d66df9022f1caa941ab0e9647636f7b7a286
SHA256 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5
SHA512 bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\v8_context_snapshot.bin

MD5 dd9ca4878bba782613cba372de1c36f4
SHA1 2eefcb6fcaa4b2ed717c952895710be5701871a7
SHA256 ea33ca96024769386ae0ff100c2ae239507006d7340f1f8bbc5bcfb4195f9226
SHA512 0791d3827a6de5745d3424c562b16604cf311ed6fcb4cf62d2c7f54ec0b7f3535b1114e919d2ba6d144cbe9f45418a555ab3fd801078bd8d563a656796f5d4e6

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar

MD5 9b47f8546d1258078638930f63f255e5
SHA1 0553dac387bbca7e2c8bca3feb52aff65048d688
SHA256 2ef3023f110b9dd9de28bfa84d9fcfa1e6babd76b2bf0f6a92bd624a67ec1f45
SHA512 614ca9bc4c792ddada2d8830c503197d547197d663ff08b8c89d2755ecdc9c83df1de3a7865e3c2cf4ebbc9892e1ae1534321bc564cbdd1652361d7fe4aa064d

C:\Users\Admin\AppData\Local\WeMod\update.exe

MD5 b43e5cf21598243f3078d787159d7bef
SHA1 dbe552b5455966b2cc59e6786dac21610cbbea0e
SHA256 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80
SHA512 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

memory/368-288-0x000001DADC540000-0x000001DADDBEE000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\Update.exe

MD5 b43e5cf21598243f3078d787159d7bef
SHA1 dbe552b5455966b2cc59e6786dac21610cbbea0e
SHA256 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80
SHA512 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES

MD5 2048a6e63ea6c66ea9001d9f51fe6c38
SHA1 6faf9dc016628783068f5430da2d6ab6ee99846d
SHA256 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c
SHA512 c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES

MD5 2048a6e63ea6c66ea9001d9f51fe6c38
SHA1 6faf9dc016628783068f5430da2d6ab6ee99846d
SHA256 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c
SHA512 c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

memory/4892-296-0x000000001B9F0000-0x000000001BA10000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\Update.exe

MD5 2e4acb84ffaaf4ac65d1378491ea7ba8
SHA1 c927761e4512e2c9ef81d97c5a33a00c384fd0c7
SHA256 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f
SHA512 b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

C:\Users\Admin\AppData\Local\WeMod\Update.exe

MD5 2e4acb84ffaaf4ac65d1378491ea7ba8
SHA1 c927761e4512e2c9ef81d97c5a33a00c384fd0c7
SHA256 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f
SHA512 b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log

MD5 05dc118395d5667f9633cae99cabb6bf
SHA1 3d00d128319aba15e8397a464d4118333fb96ac6
SHA256 6ad4e32d22eb62e06443b69664a87f0b9c3ea234303836b487e88f947ba1e2c2
SHA512 c2ec22d039b1488b41acc91316a24f6b6575f941ac799e5a782956c26e217dee07d94cfeb87deb061a831f599743b89f9a83bfe179aa69cb686c9ee80e2bff0e

memory/368-311-0x000001DADC540000-0x000001DADDBEE000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES

MD5 2048a6e63ea6c66ea9001d9f51fe6c38
SHA1 6faf9dc016628783068f5430da2d6ab6ee99846d
SHA256 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c
SHA512 c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

memory/368-327-0x000001DADC540000-0x000001DADDBEE000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

MD5 6eb84bf78abc36ec975f0a72ec7d83d3
SHA1 b92944d2605822e2ffc5196ac299e2bf86c6e25f
SHA256 db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc
SHA512 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\chrome_200_percent.pak

MD5 9c379fc04a7bf1a853b14834f58c9f4b
SHA1 c105120fd00001c9ebdf2b3b981ecccb02f8eefb
SHA256 b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48
SHA512 f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\chrome_100_percent.pak

MD5 44a69827d4aa75426f3c577af2f8618e
SHA1 7bdd115425b05414b64dcdb7d980b92ecd3f15b3
SHA256 bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b
SHA512 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources.pak

MD5 f24c85d2b898b6b4de118f6a2e63a244
SHA1 731adfc20807874b70bda7e2661e66ff6987e069
SHA256 aca9267dd8f530135d67240aa897112467bae77cd5fe1a549c69732fdf2803c6
SHA512 b49f6a4eb870b01b48b4cfbf5a73c1727cf7847a9505f7c11ce6befdbef868484867f6e0ac66aea8177ca5cab2abba1cae5ac626a8e3f44fc001cac0fe820c61

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\locales\en-US.pak

MD5 3fef69b20e6f9599e9c2369398e571c0
SHA1 92be2b65b62938e6426ab333c82d70d337666784
SHA256 a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c
SHA512 3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\icon.ico

MD5 34ee19ccd44f31cd831dc50920f19890
SHA1 24545d2f4741fb5a4649840486ffd3597b7ade5b
SHA256 136cf9b3a30268d1d439df7b9fd9104cb1d83be7fd2b562c3e9a47450ae0df3d
SHA512 ded8ade93c143dc8abc7a76b03b4015a8637b2ee13b85dd70655d5857289f19ebef76562eace56a3ad3c2418fab5305bb0b6cadd0a412ddb781b8f496e82c74a

\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

MD5 6eb84bf78abc36ec975f0a72ec7d83d3
SHA1 b92944d2605822e2ffc5196ac299e2bf86c6e25f
SHA256 db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc
SHA512 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

MD5 6eb84bf78abc36ec975f0a72ec7d83d3
SHA1 b92944d2605822e2ffc5196ac299e2bf86c6e25f
SHA256 db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc
SHA512 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\D3DCompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader.dll

MD5 66cafd13877168b0062349a5a639e4fe
SHA1 3936afd07d22d44d033908ae6d56c58ff395d755
SHA256 270f2398c073b62660eb8ff492a8ed4c0b760b044d34a6b6fbaa42cf7cb78e84
SHA512 8d1d2f9516510ae7b0d4a7f401800092005b5da58d70d22a9b893bca52ca2d928708b558e7d95a18e540ccd3180dd038ae629326b3b8f6a89a6e12d61b399901

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader.dll

MD5 66cafd13877168b0062349a5a639e4fe
SHA1 3936afd07d22d44d033908ae6d56c58ff395d755
SHA256 270f2398c073b62660eb8ff492a8ed4c0b760b044d34a6b6fbaa42cf7cb78e84
SHA512 8d1d2f9516510ae7b0d4a7f401800092005b5da58d70d22a9b893bca52ca2d928708b558e7d95a18e540ccd3180dd038ae629326b3b8f6a89a6e12d61b399901

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

\Users\Admin\AppData\Local\WeMod\app-8.6.0\vulkan-1.dll

MD5 75bdb977c84aa352ae7dd7782f89611e
SHA1 62f9fe878d2972098895796b3d887f517951ddeb
SHA256 a43f02de6304eadaf539b127a2f02f95492abca28588d6e0f8cb115388b231cb
SHA512 5ed525be689fbb2a74dd2eb35a2099781c1c2848da524bd0a9d07c69154e1d131e30a08c690bb541231fcd14303fd3a6922bfb8ad47955020aebd81dee569561

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vulkan-1.dll

MD5 75bdb977c84aa352ae7dd7782f89611e
SHA1 62f9fe878d2972098895796b3d887f517951ddeb
SHA256 a43f02de6304eadaf539b127a2f02f95492abca28588d6e0f8cb115388b231cb
SHA512 5ed525be689fbb2a74dd2eb35a2099781c1c2848da524bd0a9d07c69154e1d131e30a08c690bb541231fcd14303fd3a6922bfb8ad47955020aebd81dee569561

\Users\Admin\AppData\Local\WeMod\app-8.6.0\libEGL.dll

MD5 8b967ad62cc99673cde56980ed63575d
SHA1 ad32b4e7ccfea0df27f9859be34aec8805ac1422
SHA256 61c9a573c6f81b60ba4bbc5197580bbd79ece79872d20fcd3e105c9d286b8d5a
SHA512 cd259a87a4cf47fdc9bbb41685c7a60aa4b4b493849be8ae57dc2295fb146c57297da6b4b8de7145a69b25cb5526f48d559f7273c4f4a5a022cd3c66364a11a3

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libegl.dll

MD5 8b967ad62cc99673cde56980ed63575d
SHA1 ad32b4e7ccfea0df27f9859be34aec8805ac1422
SHA256 61c9a573c6f81b60ba4bbc5197580bbd79ece79872d20fcd3e105c9d286b8d5a
SHA512 cd259a87a4cf47fdc9bbb41685c7a60aa4b4b493849be8ae57dc2295fb146c57297da6b4b8de7145a69b25cb5526f48d559f7273c4f4a5a022cd3c66364a11a3

\Users\Admin\AppData\Local\WeMod\app-8.6.0\libGLESv2.dll

MD5 177e604afed9174818c288861079a67c
SHA1 251a142753a7231112939a43d4987e84c343e876
SHA256 dde9d5defb26f9380a576a7260e7b707139e8ee0440d2f2ac280f3244f17f9b6
SHA512 3c29ea51691060285c89ad5e1b507054c96d6e026b0147353e9c0601b64c6c64fe677184a4514972e0c40694617ef728fe58ad39079c905f30a87683e2f7198a

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libglesv2.dll

MD5 177e604afed9174818c288861079a67c
SHA1 251a142753a7231112939a43d4987e84c343e876
SHA256 dde9d5defb26f9380a576a7260e7b707139e8ee0440d2f2ac280f3244f17f9b6
SHA512 3c29ea51691060285c89ad5e1b507054c96d6e026b0147353e9c0601b64c6c64fe677184a4514972e0c40694617ef728fe58ad39079c905f30a87683e2f7198a

\Users\Admin\AppData\Local\WeMod\app-8.6.0\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

MD5 6eb84bf78abc36ec975f0a72ec7d83d3
SHA1 b92944d2605822e2ffc5196ac299e2bf86c6e25f
SHA256 db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc
SHA512 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

C:\Users\Admin\AppData\Local\WeMod\Update.exe

MD5 2e4acb84ffaaf4ac65d1378491ea7ba8
SHA1 c927761e4512e2c9ef81d97c5a33a00c384fd0c7
SHA256 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f
SHA512 b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

memory/2596-391-0x0000000000950000-0x0000000000960000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe

MD5 74bdec2a1b6ee5cc7276f47d13edc48a
SHA1 71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e
SHA256 7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19
SHA512 a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe

MD5 74bdec2a1b6ee5cc7276f47d13edc48a
SHA1 71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e
SHA256 7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19
SHA512 a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30

memory/4140-394-0x000001D76F630000-0x000001D76F720000-memory.dmp

memory/4140-399-0x000001D76FC30000-0x000001D76FC52000-memory.dmp

memory/4140-400-0x000001D771C60000-0x000001D771C70000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 4e6d82154f96f31d6fd1defa755515fa
SHA1 c146f7befed6fafbf59c6a94f97127c1c22da2fd
SHA256 22ec8a53b4ec45ec6c972c8d089d5a4e0bfee7bc0f405d2bd2b920a6cd6e9605
SHA512 eeeb804fabfabfaf8355135d707ef53dcb04b0e7e1aea36dbc4dd13c0eedc472f1c972bbdceb90a29817803521a3e7ad9dd4dbc4763816dfede924c57e870002

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 c3cb0f7e2e838fc37c90544310e48791
SHA1 068493b2a67bc7b83a00d37ee4a5f14fc4f49e71
SHA256 042f8f1ae077fa9f7ce0803f3749805651e273765db6d38a96472344ad9590d4
SHA512 f5f895a7b41eb39f0636eca187178ceedd91350e4b630880484352d668f02c48574b511801cae797b907fffd3ef344f54b8b74a908be99d8b13a74dc1b89f55a

memory/4140-411-0x000001D771C60000-0x000001D771C70000-memory.dmp

C:\Users\Admin\AppData\Roaming\WeMod\Network\Network Persistent State~RFe58bbc9.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\WeMod\Network\Network Persistent State

MD5 def8b68a857bd315c21e9c0c1ed1dda7
SHA1 370b4e3a59b74ec37bd0be194b61d6140dcfd962
SHA256 55a1e183ba22647253a5af05e5c2d73c9384bed55762e8ca3928d65afa974dda
SHA512 7d95ccca6b4173ec7c4eddf79481c052090c492c8df42300d68ec86597cc918c2cd2ae59969727f6d8e2bd86537ed0e4b99792922e962d5a918c1081218fc8e5

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

MD5 6eb84bf78abc36ec975f0a72ec7d83d3
SHA1 b92944d2605822e2ffc5196ac299e2bf86c6e25f
SHA256 db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc
SHA512 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader.dll

MD5 66cafd13877168b0062349a5a639e4fe
SHA1 3936afd07d22d44d033908ae6d56c58ff395d755
SHA256 270f2398c073b62660eb8ff492a8ed4c0b760b044d34a6b6fbaa42cf7cb78e84
SHA512 8d1d2f9516510ae7b0d4a7f401800092005b5da58d70d22a9b893bca52ca2d928708b558e7d95a18e540ccd3180dd038ae629326b3b8f6a89a6e12d61b399901

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-30 17:15

Reported

2023-04-30 17:18

Platform

win10v2004-20230220-en

Max time kernel

151s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe"

Signatures

Lumma Stealer

stealer lumma

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\WeMod\Update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\ = "URL:wemod" C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\shell\open\command C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\shell C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\shell\open C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\WeMod\\app-8.6.0\\WeMod.exe\" \"%1\"" C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\URL Protocol C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\Update.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2156 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe
PID 2156 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe
PID 2156 wrote to memory of 3392 N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe
PID 3392 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 3392 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
PID 1564 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe
PID 1564 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe
PID 1564 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 1564 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 1564 wrote to memory of 760 N/A C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 760 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 760 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 2156 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 2156 wrote to memory of 1556 N/A C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 1556 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\WeMod\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 1556 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\WeMod\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 1556 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\WeMod\Update.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 3536 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 5008 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
PID 3856 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe
PID 3856 wrote to memory of 2164 N/A C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe C:\Users\Admin\AppData\Local\WeMod\Update.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe

"C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe"

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe

"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe" --silent

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --squirrel-install 8.6.0

C:\Users\Admin\AppData\Local\WeMod\Update.exe

C:\Users\Admin\AppData\Local\WeMod\Update.exe --createShortcut WeMod.exe

C:\Users\Admin\AppData\Local\WeMod\Update.exe

"C:\Users\Admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://titles/10279?gameId=10279&_inst=wYAfGUswVRco9rlk"

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" wemod://titles/10279?gameId=10279&_inst=wYAfGUswVRco9rlk

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1728,i,2106819194018410949,5109712828029631445,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --force-ui-direction=ltr --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --mojo-platform-channel-handle=2100 --field-trial-handle=1728,i,2106819194018410949,5109712828029631445,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2516 --field-trial-handle=1728,i,2106819194018410949,5109712828029631445,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\WeMod\Update.exe

C:\Users\Admin\AppData\Local\WeMod\Update.exe --checkForUpdate https://api.wemod.com/client/channels/stable

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe WeMod\Support_1682882272917_Out

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
IE 20.54.89.15:443 tcp
US 8.8.8.8:53 api.wemod.com udp
US 104.26.6.92:443 api.wemod.com tcp
US 8.8.8.8:53 92.6.26.104.in-addr.arpa udp
US 104.26.6.92:443 api.wemod.com tcp
US 8.8.8.8:53 164.113.223.173.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 104.26.6.92:443 api.wemod.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 storage-cdn.wemod.com udp
US 104.26.7.92:443 storage-cdn.wemod.com tcp
US 8.8.8.8:53 92.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 52.152.110.14:443 tcp
US 52.152.110.14:443 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 20.189.173.3:443 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 254.143.241.8.in-addr.arpa udp
US 8.8.8.8:53 45.8.109.52.in-addr.arpa udp
US 8.8.8.8:53 14.103.197.20.in-addr.arpa udp
US 8.8.8.8:53 42.220.44.20.in-addr.arpa udp
US 117.18.237.29:80 tcp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 storage-cdn.wemod.com udp
US 104.26.6.92:443 storage-cdn.wemod.com tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 api.wemod.com udp
US 104.26.7.92:443 api.wemod.com tcp
US 8.8.8.8:53 99.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 113.66.64.40.in-addr.arpa udp
US 104.26.7.92:443 api.wemod.com tcp
US 8.8.8.8:53 ga.wemod.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.nl udp
NL 142.250.102.154:443 stats.g.doubleclick.net tcp
NL 142.251.36.3:443 www.google.nl tcp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 154.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 240.232.18.117.in-addr.arpa udp

Files

memory/2156-133-0x00000262C6010000-0x00000262C6036000-memory.dmp

memory/2156-134-0x00000262E1030000-0x00000262E1040000-memory.dmp

memory/2156-135-0x00000262E1030000-0x00000262E1040000-memory.dmp

memory/2156-136-0x00000262E1030000-0x00000262E1040000-memory.dmp

memory/2156-137-0x00000262E1030000-0x00000262E1040000-memory.dmp

memory/2156-138-0x00000262E1030000-0x00000262E1040000-memory.dmp

memory/2156-163-0x0000026AE7FD0000-0x0000026AE8776000-memory.dmp

memory/2156-164-0x00000262E1030000-0x00000262E1040000-memory.dmp

memory/2156-165-0x00000262E1030000-0x00000262E1040000-memory.dmp

memory/2156-166-0x00000262E1030000-0x00000262E1040000-memory.dmp

memory/2156-167-0x00000262E1030000-0x00000262E1040000-memory.dmp

memory/2156-168-0x00000262E1030000-0x00000262E1040000-memory.dmp

memory/2156-169-0x00000262E1030000-0x00000262E1040000-memory.dmp

memory/2156-170-0x00000262E1030000-0x00000262E1040000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe

MD5 24985391366a2f90a132465022fb5f69
SHA1 f9564ca80e59a57a7fbc7b865c74ba079386b140
SHA256 689c4761b9897b14dbadf5dd833c603a2deecdeccfb1f7c5a6304b2afbe7cfee
SHA512 14bba15cb5d40ea02a40a227c2c57f63d65a9cbcc5448a7efe84f8c93648d5a7e9ebe2574e118fc775d34e73381af5096b3c4371efb2ef52de0effe776de657d

C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe

MD5 24985391366a2f90a132465022fb5f69
SHA1 f9564ca80e59a57a7fbc7b865c74ba079386b140
SHA256 689c4761b9897b14dbadf5dd833c603a2deecdeccfb1f7c5a6304b2afbe7cfee
SHA512 14bba15cb5d40ea02a40a227c2c57f63d65a9cbcc5448a7efe84f8c93648d5a7e9ebe2574e118fc775d34e73381af5096b3c4371efb2ef52de0effe776de657d

memory/2156-175-0x00000262E1030000-0x00000262E1040000-memory.dmp

memory/2156-176-0x00000262E1030000-0x00000262E1040000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 b43e5cf21598243f3078d787159d7bef
SHA1 dbe552b5455966b2cc59e6786dac21610cbbea0e
SHA256 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80
SHA512 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

MD5 b43e5cf21598243f3078d787159d7bef
SHA1 dbe552b5455966b2cc59e6786dac21610cbbea0e
SHA256 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80
SHA512 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

memory/1564-185-0x0000000000A40000-0x0000000000C16000-memory.dmp

memory/1564-186-0x000000001C500000-0x000000001C510000-memory.dmp

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

MD5 2048a6e63ea6c66ea9001d9f51fe6c38
SHA1 6faf9dc016628783068f5430da2d6ab6ee99846d
SHA256 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c
SHA512 c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

C:\Users\Admin\AppData\Local\SquirrelTemp\WeMod-8.6.0-full.nupkg

MD5 5b65b8e7c722ea3cdd852a60e3a47e48
SHA1 78caa65d63160b9b3364633ed0435b91eb116d8d
SHA256 1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f
SHA512 059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d

C:\Users\Admin\AppData\Local\WeMod\packages\WeMod-8.6.0-full.nupkg

MD5 5b65b8e7c722ea3cdd852a60e3a47e48
SHA1 78caa65d63160b9b3364633ed0435b91eb116d8d
SHA256 1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f
SHA512 059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\squirrel.exe

MD5 2e4acb84ffaaf4ac65d1378491ea7ba8
SHA1 c927761e4512e2c9ef81d97c5a33a00c384fd0c7
SHA256 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f
SHA512 b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

memory/1564-293-0x000000001C500000-0x000000001C510000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe

MD5 2e4acb84ffaaf4ac65d1378491ea7ba8
SHA1 c927761e4512e2c9ef81d97c5a33a00c384fd0c7
SHA256 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f
SHA512 b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

memory/2336-296-0x0000000000060000-0x000000000023C000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\squirrel.exe

MD5 2e4acb84ffaaf4ac65d1378491ea7ba8
SHA1 c927761e4512e2c9ef81d97c5a33a00c384fd0c7
SHA256 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f
SHA512 b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

memory/2336-298-0x000000001BB90000-0x000000001BBA0000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

MD5 6eb84bf78abc36ec975f0a72ec7d83d3
SHA1 b92944d2605822e2ffc5196ac299e2bf86c6e25f
SHA256 db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc
SHA512 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

MD5 6eb84bf78abc36ec975f0a72ec7d83d3
SHA1 b92944d2605822e2ffc5196ac299e2bf86c6e25f
SHA256 db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc
SHA512 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\v8_context_snapshot.bin

MD5 dd9ca4878bba782613cba372de1c36f4
SHA1 2eefcb6fcaa4b2ed717c952895710be5701871a7
SHA256 ea33ca96024769386ae0ff100c2ae239507006d7340f1f8bbc5bcfb4195f9226
SHA512 0791d3827a6de5745d3424c562b16604cf311ed6fcb4cf62d2c7f54ec0b7f3535b1114e919d2ba6d144cbe9f45418a555ab3fd801078bd8d563a656796f5d4e6

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\icudtl.dat

MD5 cf9421b601645bda331c7136a0a9c3f8
SHA1 9950d66df9022f1caa941ab0e9647636f7b7a286
SHA256 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5
SHA512 bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar

MD5 9b47f8546d1258078638930f63f255e5
SHA1 0553dac387bbca7e2c8bca3feb52aff65048d688
SHA256 2ef3023f110b9dd9de28bfa84d9fcfa1e6babd76b2bf0f6a92bd624a67ec1f45
SHA512 614ca9bc4c792ddada2d8830c503197d547197d663ff08b8c89d2755ecdc9c83df1de3a7865e3c2cf4ebbc9892e1ae1534321bc564cbdd1652361d7fe4aa064d

C:\Users\Admin\AppData\Local\WeMod\update.exe

MD5 b43e5cf21598243f3078d787159d7bef
SHA1 dbe552b5455966b2cc59e6786dac21610cbbea0e
SHA256 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80
SHA512 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

C:\Users\Admin\AppData\Local\WeMod\Update.exe

MD5 b43e5cf21598243f3078d787159d7bef
SHA1 dbe552b5455966b2cc59e6786dac21610cbbea0e
SHA256 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80
SHA512 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be

C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES

MD5 2048a6e63ea6c66ea9001d9f51fe6c38
SHA1 6faf9dc016628783068f5430da2d6ab6ee99846d
SHA256 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c
SHA512 c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

C:\Users\Admin\AppData\Local\WeMod\packages\WeMod-8.6.0-full.nupkg

MD5 5b65b8e7c722ea3cdd852a60e3a47e48
SHA1 78caa65d63160b9b3364633ed0435b91eb116d8d
SHA256 1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f
SHA512 059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d

memory/2032-312-0x0000000001710000-0x0000000001730000-memory.dmp

memory/2336-313-0x000000001BB90000-0x000000001BBA0000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

C:\Users\Admin\AppData\Local\WeMod\WeMod.exe

MD5 3cfa1e47a878c62a4fb067f01dc2be63
SHA1 76d8040012122c04a11d21d84729b6f3511d3170
SHA256 9c2e8414037fe2ce9ab4bef2743b2a9aa0e0c34eaeb8bcb69a0ebc446b8a7037
SHA512 fb695949c1c0ec63c62ed55584c5e97d0a40342f64ed4f8adf62d820c70b44f7544e86b68205b5c0582f0e204dc2015ffb8c98f64ac5116084e7bf77bba25f3d

C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES

MD5 2048a6e63ea6c66ea9001d9f51fe6c38
SHA1 6faf9dc016628783068f5430da2d6ab6ee99846d
SHA256 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c
SHA512 c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log

MD5 fcc4a55e80568c4693f6d2eff7ef757e
SHA1 d24958d197482557722f616507d8b14dbeadebd8
SHA256 1f5a1b10b49c35bff02f63ebaf8cd3faf74b51bd131d3dcfb952590c8bcd5eea
SHA512 67de4502abff297c90eb2cfbb3d03bfbef3400d6ee19b3cbb47b3ed9bad4b795946406a6975564321edff618d1a589076b57609c2ca38efc5650899a8483a271

C:\Users\Admin\AppData\Local\WeMod\Update.exe

MD5 2e4acb84ffaaf4ac65d1378491ea7ba8
SHA1 c927761e4512e2c9ef81d97c5a33a00c384fd0c7
SHA256 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f
SHA512 b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

C:\Users\Admin\AppData\Local\WeMod\Update.exe

MD5 2e4acb84ffaaf4ac65d1378491ea7ba8
SHA1 c927761e4512e2c9ef81d97c5a33a00c384fd0c7
SHA256 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f
SHA512 b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES

MD5 2048a6e63ea6c66ea9001d9f51fe6c38
SHA1 6faf9dc016628783068f5430da2d6ab6ee99846d
SHA256 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c
SHA512 c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb

memory/1556-349-0x000000001BFB0000-0x000000001BFC0000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

MD5 6eb84bf78abc36ec975f0a72ec7d83d3
SHA1 b92944d2605822e2ffc5196ac299e2bf86c6e25f
SHA256 db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc
SHA512 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources.pak

MD5 f24c85d2b898b6b4de118f6a2e63a244
SHA1 731adfc20807874b70bda7e2661e66ff6987e069
SHA256 aca9267dd8f530135d67240aa897112467bae77cd5fe1a549c69732fdf2803c6
SHA512 b49f6a4eb870b01b48b4cfbf5a73c1727cf7847a9505f7c11ce6befdbef868484867f6e0ac66aea8177ca5cab2abba1cae5ac626a8e3f44fc001cac0fe820c61

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\locales\en-US.pak

MD5 3fef69b20e6f9599e9c2369398e571c0
SHA1 92be2b65b62938e6426ab333c82d70d337666784
SHA256 a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c
SHA512 3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\chrome_200_percent.pak

MD5 9c379fc04a7bf1a853b14834f58c9f4b
SHA1 c105120fd00001c9ebdf2b3b981ecccb02f8eefb
SHA256 b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48
SHA512 f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\chrome_100_percent.pak

MD5 44a69827d4aa75426f3c577af2f8618e
SHA1 7bdd115425b05414b64dcdb7d980b92ecd3f15b3
SHA256 bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b
SHA512 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

MD5 6eb84bf78abc36ec975f0a72ec7d83d3
SHA1 b92944d2605822e2ffc5196ac299e2bf86c6e25f
SHA256 db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc
SHA512 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\icon.ico

MD5 34ee19ccd44f31cd831dc50920f19890
SHA1 24545d2f4741fb5a4649840486ffd3597b7ade5b
SHA256 136cf9b3a30268d1d439df7b9fd9104cb1d83be7fd2b562c3e9a47450ae0df3d
SHA512 ded8ade93c143dc8abc7a76b03b4015a8637b2ee13b85dd70655d5857289f19ebef76562eace56a3ad3c2418fab5305bb0b6cadd0a412ddb781b8f496e82c74a

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

MD5 6eb84bf78abc36ec975f0a72ec7d83d3
SHA1 b92944d2605822e2ffc5196ac299e2bf86c6e25f
SHA256 db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc
SHA512 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libEGL.dll

MD5 8b967ad62cc99673cde56980ed63575d
SHA1 ad32b4e7ccfea0df27f9859be34aec8805ac1422
SHA256 61c9a573c6f81b60ba4bbc5197580bbd79ece79872d20fcd3e105c9d286b8d5a
SHA512 cd259a87a4cf47fdc9bbb41685c7a60aa4b4b493849be8ae57dc2295fb146c57297da6b4b8de7145a69b25cb5526f48d559f7273c4f4a5a022cd3c66364a11a3

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libegl.dll

MD5 8b967ad62cc99673cde56980ed63575d
SHA1 ad32b4e7ccfea0df27f9859be34aec8805ac1422
SHA256 61c9a573c6f81b60ba4bbc5197580bbd79ece79872d20fcd3e105c9d286b8d5a
SHA512 cd259a87a4cf47fdc9bbb41685c7a60aa4b4b493849be8ae57dc2295fb146c57297da6b4b8de7145a69b25cb5526f48d559f7273c4f4a5a022cd3c66364a11a3

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libGLESv2.dll

MD5 177e604afed9174818c288861079a67c
SHA1 251a142753a7231112939a43d4987e84c343e876
SHA256 dde9d5defb26f9380a576a7260e7b707139e8ee0440d2f2ac280f3244f17f9b6
SHA512 3c29ea51691060285c89ad5e1b507054c96d6e026b0147353e9c0601b64c6c64fe677184a4514972e0c40694617ef728fe58ad39079c905f30a87683e2f7198a

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libglesv2.dll

MD5 177e604afed9174818c288861079a67c
SHA1 251a142753a7231112939a43d4987e84c343e876
SHA256 dde9d5defb26f9380a576a7260e7b707139e8ee0440d2f2ac280f3244f17f9b6
SHA512 3c29ea51691060285c89ad5e1b507054c96d6e026b0147353e9c0601b64c6c64fe677184a4514972e0c40694617ef728fe58ad39079c905f30a87683e2f7198a

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\d3dcompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\D3DCompiler_47.dll

MD5 ab3be0c427c6e405fad496db1545bd61
SHA1 76012f31db8618624bc8b563698b2669365e49cb
SHA256 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
SHA512 d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vulkan-1.dll

MD5 75bdb977c84aa352ae7dd7782f89611e
SHA1 62f9fe878d2972098895796b3d887f517951ddeb
SHA256 a43f02de6304eadaf539b127a2f02f95492abca28588d6e0f8cb115388b231cb
SHA512 5ed525be689fbb2a74dd2eb35a2099781c1c2848da524bd0a9d07c69154e1d131e30a08c690bb541231fcd14303fd3a6922bfb8ad47955020aebd81dee569561

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe

MD5 785460a10d3b9bb8e77cb0474dd405e6
SHA1 d905a695151b170d042fc60d938e1f978ab12e2e
SHA256 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5
SHA512 e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vulkan-1.dll

MD5 75bdb977c84aa352ae7dd7782f89611e
SHA1 62f9fe878d2972098895796b3d887f517951ddeb
SHA256 a43f02de6304eadaf539b127a2f02f95492abca28588d6e0f8cb115388b231cb
SHA512 5ed525be689fbb2a74dd2eb35a2099781c1c2848da524bd0a9d07c69154e1d131e30a08c690bb541231fcd14303fd3a6922bfb8ad47955020aebd81dee569561

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader.dll

MD5 66cafd13877168b0062349a5a639e4fe
SHA1 3936afd07d22d44d033908ae6d56c58ff395d755
SHA256 270f2398c073b62660eb8ff492a8ed4c0b760b044d34a6b6fbaa42cf7cb78e84
SHA512 8d1d2f9516510ae7b0d4a7f401800092005b5da58d70d22a9b893bca52ca2d928708b558e7d95a18e540ccd3180dd038ae629326b3b8f6a89a6e12d61b399901

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader.dll

MD5 66cafd13877168b0062349a5a639e4fe
SHA1 3936afd07d22d44d033908ae6d56c58ff395d755
SHA256 270f2398c073b62660eb8ff492a8ed4c0b760b044d34a6b6fbaa42cf7cb78e84
SHA512 8d1d2f9516510ae7b0d4a7f401800092005b5da58d70d22a9b893bca52ca2d928708b558e7d95a18e540ccd3180dd038ae629326b3b8f6a89a6e12d61b399901

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll

MD5 6eb84bf78abc36ec975f0a72ec7d83d3
SHA1 b92944d2605822e2ffc5196ac299e2bf86c6e25f
SHA256 db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc
SHA512 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\WeMod\Update.exe

MD5 2e4acb84ffaaf4ac65d1378491ea7ba8
SHA1 c927761e4512e2c9ef81d97c5a33a00c384fd0c7
SHA256 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f
SHA512 b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410

memory/2164-430-0x000000001CDE0000-0x000000001D308000-memory.dmp

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe

MD5 74bdec2a1b6ee5cc7276f47d13edc48a
SHA1 71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e
SHA256 7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19
SHA512 a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30

C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe

MD5 74bdec2a1b6ee5cc7276f47d13edc48a
SHA1 71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e
SHA256 7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19
SHA512 a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30

memory/1216-433-0x0000028E0C590000-0x0000028E0C680000-memory.dmp

memory/1216-434-0x0000028E0E1B0000-0x0000028E0E1D2000-memory.dmp

memory/2164-435-0x0000000002AE0000-0x0000000002AF0000-memory.dmp

memory/1216-436-0x0000028E27A20000-0x0000028E27A30000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 4e6d82154f96f31d6fd1defa755515fa
SHA1 c146f7befed6fafbf59c6a94f97127c1c22da2fd
SHA256 22ec8a53b4ec45ec6c972c8d089d5a4e0bfee7bc0f405d2bd2b920a6cd6e9605
SHA512 eeeb804fabfabfaf8355135d707ef53dcb04b0e7e1aea36dbc4dd13c0eedc472f1c972bbdceb90a29817803521a3e7ad9dd4dbc4763816dfede924c57e870002

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 d5a2a59ac4faa27979dc2dd0e15f01bc
SHA1 f1c196f2106d8cbade7c924f44c2430c1ec8a7cf
SHA256 19358775ace656abaf6684aa390a20ecbffceb1d8b90c8fb3b7468a3b6cacc78
SHA512 cb921d622da788ea3057fd2796a976d35932bfcd21369f9eac126f6e25189d8f4b90bf3ccad81a195f0cd3a4d4d6aa055ab5621e0c9664fa4547fa217c5b1bc2

memory/1216-451-0x0000028E27A20000-0x0000028E27A30000-memory.dmp