Analysis Overview
SHA256
11c95b9e59cabea3ea32a971b67d1cea68b58fd4d58714a57311530d0f4652f7
Threat Level: Known bad
The file SPORE (Steam) Trainer Setup.exe was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Downloads MZ/PE file
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Unsigned PE
Enumerates physical storage devices
Checks processor information in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-04-30 17:15
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-30 17:15
Reported
2023-04-30 17:19
Platform
win10-20230220-en
Max time kernel
210s
Max time network
210s
Command Line
Signatures
Lumma Stealer
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
Checks installed software on the system
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod\shell\open | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\WeMod\\app-8.6.0\\WeMod.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod\URL Protocol | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod\ = "URL:wemod" | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod\shell\open\command | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\wemod\shell | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe
"C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe"
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe
"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe" --silent
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --squirrel-install 8.6.0
C:\Users\Admin\AppData\Local\WeMod\Update.exe
C:\Users\Admin\AppData\Local\WeMod\Update.exe --createShortcut WeMod.exe
C:\Users\Admin\AppData\Local\WeMod\Update.exe
"C:\Users\Admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://titles/10279?gameId=10279&_inst=wYAfGUswVRco9rlk"
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" wemod://titles/10279?gameId=10279&_inst=wYAfGUswVRco9rlk
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 --field-trial-handle=1564,i,6108345122184735149,12570329892888873274,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --force-ui-direction=ltr --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --mojo-platform-channel-handle=1936 --field-trial-handle=1564,i,6108345122184735149,12570329892888873274,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2328 --field-trial-handle=1564,i,6108345122184735149,12570329892888873274,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Local\WeMod\Update.exe
C:\Users\Admin\AppData\Local\WeMod\Update.exe --checkForUpdate https://api.wemod.com/client/channels/stable
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe WeMod\Support_1682882221110_Out
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1468 --field-trial-handle=1564,i,6108345122184735149,12570329892888873274,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.wemod.com | udp |
| US | 104.26.6.92:443 | api.wemod.com | tcp |
| US | 8.8.8.8:53 | 92.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 104.26.6.92:443 | api.wemod.com | tcp |
| US | 104.26.6.92:443 | api.wemod.com | tcp |
| US | 8.8.8.8:53 | storage-cdn.wemod.com | udp |
| US | 172.67.70.173:443 | storage-cdn.wemod.com | tcp |
| US | 8.8.8.8:53 | 173.70.67.172.in-addr.arpa | udp |
| AU | 104.46.162.224:443 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | 63.13.109.52.in-addr.arpa | udp |
| US | 172.67.70.173:443 | storage-cdn.wemod.com | tcp |
| US | 93.184.220.29:80 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 172.67.70.173:443 | storage-cdn.wemod.com | tcp |
| NL | 142.250.102.154:443 | tcp | |
| NL | 142.251.36.3:443 | tcp | |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
Files
memory/368-121-0x000001DABF7C0000-0x000001DABF7E6000-memory.dmp
memory/368-122-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp
memory/368-123-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp
memory/368-124-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp
memory/368-125-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp
memory/368-152-0x000001E2DFDE0000-0x000001E2E0586000-memory.dmp
memory/368-153-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp
memory/368-154-0x000001DADC540000-0x000001DADDBEE000-memory.dmp
memory/368-155-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp
memory/368-156-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe
| MD5 | 24985391366a2f90a132465022fb5f69 |
| SHA1 | f9564ca80e59a57a7fbc7b865c74ba079386b140 |
| SHA256 | 689c4761b9897b14dbadf5dd833c603a2deecdeccfb1f7c5a6304b2afbe7cfee |
| SHA512 | 14bba15cb5d40ea02a40a227c2c57f63d65a9cbcc5448a7efe84f8c93648d5a7e9ebe2574e118fc775d34e73381af5096b3c4371efb2ef52de0effe776de657d |
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789536909936.exe
| MD5 | 24985391366a2f90a132465022fb5f69 |
| SHA1 | f9564ca80e59a57a7fbc7b865c74ba079386b140 |
| SHA256 | 689c4761b9897b14dbadf5dd833c603a2deecdeccfb1f7c5a6304b2afbe7cfee |
| SHA512 | 14bba15cb5d40ea02a40a227c2c57f63d65a9cbcc5448a7efe84f8c93648d5a7e9ebe2574e118fc775d34e73381af5096b3c4371efb2ef52de0effe776de657d |
memory/368-161-0x000001DAD9D30000-0x000001DAD9D40000-memory.dmp
memory/368-166-0x000001DADC540000-0x000001DADDBEE000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | b43e5cf21598243f3078d787159d7bef |
| SHA1 | dbe552b5455966b2cc59e6786dac21610cbbea0e |
| SHA256 | 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80 |
| SHA512 | 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be |
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | b43e5cf21598243f3078d787159d7bef |
| SHA1 | dbe552b5455966b2cc59e6786dac21610cbbea0e |
| SHA256 | 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80 |
| SHA512 | 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be |
memory/4892-171-0x00000000008D0000-0x0000000000AA6000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
| MD5 | 2048a6e63ea6c66ea9001d9f51fe6c38 |
| SHA1 | 6faf9dc016628783068f5430da2d6ab6ee99846d |
| SHA256 | 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c |
| SHA512 | c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb |
C:\Users\Admin\AppData\Local\SquirrelTemp\WeMod-8.6.0-full.nupkg
| MD5 | 5b65b8e7c722ea3cdd852a60e3a47e48 |
| SHA1 | 78caa65d63160b9b3364633ed0435b91eb116d8d |
| SHA256 | 1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f |
| SHA512 | 059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d |
C:\Users\Admin\AppData\Local\WeMod\packages\WeMod-8.6.0-full.nupkg
| MD5 | 5b65b8e7c722ea3cdd852a60e3a47e48 |
| SHA1 | 78caa65d63160b9b3364633ed0435b91eb116d8d |
| SHA256 | 1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f |
| SHA512 | 059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\squirrel.exe
| MD5 | 2e4acb84ffaaf4ac65d1378491ea7ba8 |
| SHA1 | c927761e4512e2c9ef81d97c5a33a00c384fd0c7 |
| SHA256 | 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f |
| SHA512 | b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe
| MD5 | 2e4acb84ffaaf4ac65d1378491ea7ba8 |
| SHA1 | c927761e4512e2c9ef81d97c5a33a00c384fd0c7 |
| SHA256 | 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f |
| SHA512 | b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410 |
memory/5028-274-0x0000000000580000-0x000000000075C000-memory.dmp
memory/368-278-0x000001DADC540000-0x000001DADDBEE000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll
| MD5 | 6eb84bf78abc36ec975f0a72ec7d83d3 |
| SHA1 | b92944d2605822e2ffc5196ac299e2bf86c6e25f |
| SHA256 | db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc |
| SHA512 | 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll
| MD5 | 6eb84bf78abc36ec975f0a72ec7d83d3 |
| SHA1 | b92944d2605822e2ffc5196ac299e2bf86c6e25f |
| SHA256 | db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc |
| SHA512 | 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\icudtl.dat
| MD5 | cf9421b601645bda331c7136a0a9c3f8 |
| SHA1 | 9950d66df9022f1caa941ab0e9647636f7b7a286 |
| SHA256 | 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5 |
| SHA512 | bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\v8_context_snapshot.bin
| MD5 | dd9ca4878bba782613cba372de1c36f4 |
| SHA1 | 2eefcb6fcaa4b2ed717c952895710be5701871a7 |
| SHA256 | ea33ca96024769386ae0ff100c2ae239507006d7340f1f8bbc5bcfb4195f9226 |
| SHA512 | 0791d3827a6de5745d3424c562b16604cf311ed6fcb4cf62d2c7f54ec0b7f3535b1114e919d2ba6d144cbe9f45418a555ab3fd801078bd8d563a656796f5d4e6 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar
| MD5 | 9b47f8546d1258078638930f63f255e5 |
| SHA1 | 0553dac387bbca7e2c8bca3feb52aff65048d688 |
| SHA256 | 2ef3023f110b9dd9de28bfa84d9fcfa1e6babd76b2bf0f6a92bd624a67ec1f45 |
| SHA512 | 614ca9bc4c792ddada2d8830c503197d547197d663ff08b8c89d2755ecdc9c83df1de3a7865e3c2cf4ebbc9892e1ae1534321bc564cbdd1652361d7fe4aa064d |
C:\Users\Admin\AppData\Local\WeMod\update.exe
| MD5 | b43e5cf21598243f3078d787159d7bef |
| SHA1 | dbe552b5455966b2cc59e6786dac21610cbbea0e |
| SHA256 | 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80 |
| SHA512 | 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be |
memory/368-288-0x000001DADC540000-0x000001DADDBEE000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\Update.exe
| MD5 | b43e5cf21598243f3078d787159d7bef |
| SHA1 | dbe552b5455966b2cc59e6786dac21610cbbea0e |
| SHA256 | 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80 |
| SHA512 | 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be |
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES
| MD5 | 2048a6e63ea6c66ea9001d9f51fe6c38 |
| SHA1 | 6faf9dc016628783068f5430da2d6ab6ee99846d |
| SHA256 | 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c |
| SHA512 | c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb |
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES
| MD5 | 2048a6e63ea6c66ea9001d9f51fe6c38 |
| SHA1 | 6faf9dc016628783068f5430da2d6ab6ee99846d |
| SHA256 | 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c |
| SHA512 | c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb |
memory/4892-296-0x000000001B9F0000-0x000000001BA10000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\Update.exe
| MD5 | 2e4acb84ffaaf4ac65d1378491ea7ba8 |
| SHA1 | c927761e4512e2c9ef81d97c5a33a00c384fd0c7 |
| SHA256 | 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f |
| SHA512 | b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410 |
C:\Users\Admin\AppData\Local\WeMod\Update.exe
| MD5 | 2e4acb84ffaaf4ac65d1378491ea7ba8 |
| SHA1 | c927761e4512e2c9ef81d97c5a33a00c384fd0c7 |
| SHA256 | 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f |
| SHA512 | b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log
| MD5 | 05dc118395d5667f9633cae99cabb6bf |
| SHA1 | 3d00d128319aba15e8397a464d4118333fb96ac6 |
| SHA256 | 6ad4e32d22eb62e06443b69664a87f0b9c3ea234303836b487e88f947ba1e2c2 |
| SHA512 | c2ec22d039b1488b41acc91316a24f6b6575f941ac799e5a782956c26e217dee07d94cfeb87deb061a831f599743b89f9a83bfe179aa69cb686c9ee80e2bff0e |
memory/368-311-0x000001DADC540000-0x000001DADDBEE000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES
| MD5 | 2048a6e63ea6c66ea9001d9f51fe6c38 |
| SHA1 | 6faf9dc016628783068f5430da2d6ab6ee99846d |
| SHA256 | 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c |
| SHA512 | c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb |
memory/368-327-0x000001DADC540000-0x000001DADDBEE000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll
| MD5 | 6eb84bf78abc36ec975f0a72ec7d83d3 |
| SHA1 | b92944d2605822e2ffc5196ac299e2bf86c6e25f |
| SHA256 | db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc |
| SHA512 | 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\chrome_200_percent.pak
| MD5 | 9c379fc04a7bf1a853b14834f58c9f4b |
| SHA1 | c105120fd00001c9ebdf2b3b981ecccb02f8eefb |
| SHA256 | b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48 |
| SHA512 | f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\chrome_100_percent.pak
| MD5 | 44a69827d4aa75426f3c577af2f8618e |
| SHA1 | 7bdd115425b05414b64dcdb7d980b92ecd3f15b3 |
| SHA256 | bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b |
| SHA512 | 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources.pak
| MD5 | f24c85d2b898b6b4de118f6a2e63a244 |
| SHA1 | 731adfc20807874b70bda7e2661e66ff6987e069 |
| SHA256 | aca9267dd8f530135d67240aa897112467bae77cd5fe1a549c69732fdf2803c6 |
| SHA512 | b49f6a4eb870b01b48b4cfbf5a73c1727cf7847a9505f7c11ce6befdbef868484867f6e0ac66aea8177ca5cab2abba1cae5ac626a8e3f44fc001cac0fe820c61 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\locales\en-US.pak
| MD5 | 3fef69b20e6f9599e9c2369398e571c0 |
| SHA1 | 92be2b65b62938e6426ab333c82d70d337666784 |
| SHA256 | a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c |
| SHA512 | 3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\icon.ico
| MD5 | 34ee19ccd44f31cd831dc50920f19890 |
| SHA1 | 24545d2f4741fb5a4649840486ffd3597b7ade5b |
| SHA256 | 136cf9b3a30268d1d439df7b9fd9104cb1d83be7fd2b562c3e9a47450ae0df3d |
| SHA512 | ded8ade93c143dc8abc7a76b03b4015a8637b2ee13b85dd70655d5857289f19ebef76562eace56a3ad3c2418fab5305bb0b6cadd0a412ddb781b8f496e82c74a |
\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll
| MD5 | 6eb84bf78abc36ec975f0a72ec7d83d3 |
| SHA1 | b92944d2605822e2ffc5196ac299e2bf86c6e25f |
| SHA256 | db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc |
| SHA512 | 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll
| MD5 | 6eb84bf78abc36ec975f0a72ec7d83d3 |
| SHA1 | b92944d2605822e2ffc5196ac299e2bf86c6e25f |
| SHA256 | db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc |
| SHA512 | 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\D3DCompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader.dll
| MD5 | 66cafd13877168b0062349a5a639e4fe |
| SHA1 | 3936afd07d22d44d033908ae6d56c58ff395d755 |
| SHA256 | 270f2398c073b62660eb8ff492a8ed4c0b760b044d34a6b6fbaa42cf7cb78e84 |
| SHA512 | 8d1d2f9516510ae7b0d4a7f401800092005b5da58d70d22a9b893bca52ca2d928708b558e7d95a18e540ccd3180dd038ae629326b3b8f6a89a6e12d61b399901 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader.dll
| MD5 | 66cafd13877168b0062349a5a639e4fe |
| SHA1 | 3936afd07d22d44d033908ae6d56c58ff395d755 |
| SHA256 | 270f2398c073b62660eb8ff492a8ed4c0b760b044d34a6b6fbaa42cf7cb78e84 |
| SHA512 | 8d1d2f9516510ae7b0d4a7f401800092005b5da58d70d22a9b893bca52ca2d928708b558e7d95a18e540ccd3180dd038ae629326b3b8f6a89a6e12d61b399901 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
\Users\Admin\AppData\Local\WeMod\app-8.6.0\vulkan-1.dll
| MD5 | 75bdb977c84aa352ae7dd7782f89611e |
| SHA1 | 62f9fe878d2972098895796b3d887f517951ddeb |
| SHA256 | a43f02de6304eadaf539b127a2f02f95492abca28588d6e0f8cb115388b231cb |
| SHA512 | 5ed525be689fbb2a74dd2eb35a2099781c1c2848da524bd0a9d07c69154e1d131e30a08c690bb541231fcd14303fd3a6922bfb8ad47955020aebd81dee569561 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vulkan-1.dll
| MD5 | 75bdb977c84aa352ae7dd7782f89611e |
| SHA1 | 62f9fe878d2972098895796b3d887f517951ddeb |
| SHA256 | a43f02de6304eadaf539b127a2f02f95492abca28588d6e0f8cb115388b231cb |
| SHA512 | 5ed525be689fbb2a74dd2eb35a2099781c1c2848da524bd0a9d07c69154e1d131e30a08c690bb541231fcd14303fd3a6922bfb8ad47955020aebd81dee569561 |
\Users\Admin\AppData\Local\WeMod\app-8.6.0\libEGL.dll
| MD5 | 8b967ad62cc99673cde56980ed63575d |
| SHA1 | ad32b4e7ccfea0df27f9859be34aec8805ac1422 |
| SHA256 | 61c9a573c6f81b60ba4bbc5197580bbd79ece79872d20fcd3e105c9d286b8d5a |
| SHA512 | cd259a87a4cf47fdc9bbb41685c7a60aa4b4b493849be8ae57dc2295fb146c57297da6b4b8de7145a69b25cb5526f48d559f7273c4f4a5a022cd3c66364a11a3 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libegl.dll
| MD5 | 8b967ad62cc99673cde56980ed63575d |
| SHA1 | ad32b4e7ccfea0df27f9859be34aec8805ac1422 |
| SHA256 | 61c9a573c6f81b60ba4bbc5197580bbd79ece79872d20fcd3e105c9d286b8d5a |
| SHA512 | cd259a87a4cf47fdc9bbb41685c7a60aa4b4b493849be8ae57dc2295fb146c57297da6b4b8de7145a69b25cb5526f48d559f7273c4f4a5a022cd3c66364a11a3 |
\Users\Admin\AppData\Local\WeMod\app-8.6.0\libGLESv2.dll
| MD5 | 177e604afed9174818c288861079a67c |
| SHA1 | 251a142753a7231112939a43d4987e84c343e876 |
| SHA256 | dde9d5defb26f9380a576a7260e7b707139e8ee0440d2f2ac280f3244f17f9b6 |
| SHA512 | 3c29ea51691060285c89ad5e1b507054c96d6e026b0147353e9c0601b64c6c64fe677184a4514972e0c40694617ef728fe58ad39079c905f30a87683e2f7198a |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libglesv2.dll
| MD5 | 177e604afed9174818c288861079a67c |
| SHA1 | 251a142753a7231112939a43d4987e84c343e876 |
| SHA256 | dde9d5defb26f9380a576a7260e7b707139e8ee0440d2f2ac280f3244f17f9b6 |
| SHA512 | 3c29ea51691060285c89ad5e1b507054c96d6e026b0147353e9c0601b64c6c64fe677184a4514972e0c40694617ef728fe58ad39079c905f30a87683e2f7198a |
\Users\Admin\AppData\Local\WeMod\app-8.6.0\d3dcompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll
| MD5 | 6eb84bf78abc36ec975f0a72ec7d83d3 |
| SHA1 | b92944d2605822e2ffc5196ac299e2bf86c6e25f |
| SHA256 | db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc |
| SHA512 | 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e |
C:\Users\Admin\AppData\Local\WeMod\Update.exe
| MD5 | 2e4acb84ffaaf4ac65d1378491ea7ba8 |
| SHA1 | c927761e4512e2c9ef81d97c5a33a00c384fd0c7 |
| SHA256 | 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f |
| SHA512 | b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410 |
memory/2596-391-0x0000000000950000-0x0000000000960000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
| MD5 | 74bdec2a1b6ee5cc7276f47d13edc48a |
| SHA1 | 71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e |
| SHA256 | 7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19 |
| SHA512 | a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
| MD5 | 74bdec2a1b6ee5cc7276f47d13edc48a |
| SHA1 | 71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e |
| SHA256 | 7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19 |
| SHA512 | a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30 |
memory/4140-394-0x000001D76F630000-0x000001D76F720000-memory.dmp
memory/4140-399-0x000001D76FC30000-0x000001D76FC52000-memory.dmp
memory/4140-400-0x000001D771C60000-0x000001D771C70000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | 4e6d82154f96f31d6fd1defa755515fa |
| SHA1 | c146f7befed6fafbf59c6a94f97127c1c22da2fd |
| SHA256 | 22ec8a53b4ec45ec6c972c8d089d5a4e0bfee7bc0f405d2bd2b920a6cd6e9605 |
| SHA512 | eeeb804fabfabfaf8355135d707ef53dcb04b0e7e1aea36dbc4dd13c0eedc472f1c972bbdceb90a29817803521a3e7ad9dd4dbc4763816dfede924c57e870002 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | c3cb0f7e2e838fc37c90544310e48791 |
| SHA1 | 068493b2a67bc7b83a00d37ee4a5f14fc4f49e71 |
| SHA256 | 042f8f1ae077fa9f7ce0803f3749805651e273765db6d38a96472344ad9590d4 |
| SHA512 | f5f895a7b41eb39f0636eca187178ceedd91350e4b630880484352d668f02c48574b511801cae797b907fffd3ef344f54b8b74a908be99d8b13a74dc1b89f55a |
memory/4140-411-0x000001D771C60000-0x000001D771C70000-memory.dmp
C:\Users\Admin\AppData\Roaming\WeMod\Network\Network Persistent State~RFe58bbc9.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\WeMod\Network\Network Persistent State
| MD5 | def8b68a857bd315c21e9c0c1ed1dda7 |
| SHA1 | 370b4e3a59b74ec37bd0be194b61d6140dcfd962 |
| SHA256 | 55a1e183ba22647253a5af05e5c2d73c9384bed55762e8ca3928d65afa974dda |
| SHA512 | 7d95ccca6b4173ec7c4eddf79481c052090c492c8df42300d68ec86597cc918c2cd2ae59969727f6d8e2bd86537ed0e4b99792922e962d5a918c1081218fc8e5 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll
| MD5 | 6eb84bf78abc36ec975f0a72ec7d83d3 |
| SHA1 | b92944d2605822e2ffc5196ac299e2bf86c6e25f |
| SHA256 | db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc |
| SHA512 | 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e |
\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader.dll
| MD5 | 66cafd13877168b0062349a5a639e4fe |
| SHA1 | 3936afd07d22d44d033908ae6d56c58ff395d755 |
| SHA256 | 270f2398c073b62660eb8ff492a8ed4c0b760b044d34a6b6fbaa42cf7cb78e84 |
| SHA512 | 8d1d2f9516510ae7b0d4a7f401800092005b5da58d70d22a9b893bca52ca2d928708b558e7d95a18e540ccd3180dd038ae629326b3b8f6a89a6e12d61b399901 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-30 17:15
Reported
2023-04-30 17:18
Platform
win10v2004-20230220-en
Max time kernel
151s
Max time network
153s
Command Line
Signatures
Lumma Stealer
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\WeMod\Update.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
Checks installed software on the system
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\ = "URL:wemod" | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\shell\open\command | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\shell | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\shell\open | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\WeMod\\app-8.6.0\\WeMod.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\wemod\URL Protocol | C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe
"C:\Users\Admin\AppData\Local\Temp\SPORE (Steam) Trainer Setup.exe"
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe
"C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe" --silent
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --squirrel-install 8.6.0
C:\Users\Admin\AppData\Local\WeMod\Update.exe
C:\Users\Admin\AppData\Local\WeMod\Update.exe --createShortcut WeMod.exe
C:\Users\Admin\AppData\Local\WeMod\Update.exe
"C:\Users\Admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://titles/10279?gameId=10279&_inst=wYAfGUswVRco9rlk"
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" wemod://titles/10279?gameId=10279&_inst=wYAfGUswVRco9rlk
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1728,i,2106819194018410949,5109712828029631445,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --force-ui-direction=ltr --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --mojo-platform-channel-handle=2100 --field-trial-handle=1728,i,2106819194018410949,5109712828029631445,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
"C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2516 --field-trial-handle=1728,i,2106819194018410949,5109712828029631445,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Users\Admin\AppData\Local\WeMod\Update.exe
C:\Users\Admin\AppData\Local\WeMod\Update.exe --checkForUpdate https://api.wemod.com/client/channels/stable
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe WeMod\Support_1682882272917_Out
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| IE | 20.54.89.15:443 | tcp | |
| US | 8.8.8.8:53 | api.wemod.com | udp |
| US | 104.26.6.92:443 | api.wemod.com | tcp |
| US | 8.8.8.8:53 | 92.6.26.104.in-addr.arpa | udp |
| US | 104.26.6.92:443 | api.wemod.com | tcp |
| US | 8.8.8.8:53 | 164.113.223.173.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 104.26.6.92:443 | api.wemod.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | storage-cdn.wemod.com | udp |
| US | 104.26.7.92:443 | storage-cdn.wemod.com | tcp |
| US | 8.8.8.8:53 | 92.7.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 52.152.110.14:443 | tcp | |
| US | 52.152.110.14:443 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 20.189.173.3:443 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.143.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.8.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.103.197.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.220.44.20.in-addr.arpa | udp |
| US | 117.18.237.29:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 8.8.8.8:53 | storage-cdn.wemod.com | udp |
| US | 104.26.6.92:443 | storage-cdn.wemod.com | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.wemod.com | udp |
| US | 104.26.7.92:443 | api.wemod.com | tcp |
| US | 8.8.8.8:53 | 99.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.66.64.40.in-addr.arpa | udp |
| US | 104.26.7.92:443 | api.wemod.com | tcp |
| US | 8.8.8.8:53 | ga.wemod.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.nl | udp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | tcp |
| NL | 142.251.36.3:443 | www.google.nl | tcp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.232.18.117.in-addr.arpa | udp |
Files
memory/2156-133-0x00000262C6010000-0x00000262C6036000-memory.dmp
memory/2156-134-0x00000262E1030000-0x00000262E1040000-memory.dmp
memory/2156-135-0x00000262E1030000-0x00000262E1040000-memory.dmp
memory/2156-136-0x00000262E1030000-0x00000262E1040000-memory.dmp
memory/2156-137-0x00000262E1030000-0x00000262E1040000-memory.dmp
memory/2156-138-0x00000262E1030000-0x00000262E1040000-memory.dmp
memory/2156-163-0x0000026AE7FD0000-0x0000026AE8776000-memory.dmp
memory/2156-164-0x00000262E1030000-0x00000262E1040000-memory.dmp
memory/2156-165-0x00000262E1030000-0x00000262E1040000-memory.dmp
memory/2156-166-0x00000262E1030000-0x00000262E1040000-memory.dmp
memory/2156-167-0x00000262E1030000-0x00000262E1040000-memory.dmp
memory/2156-168-0x00000262E1030000-0x00000262E1040000-memory.dmp
memory/2156-169-0x00000262E1030000-0x00000262E1040000-memory.dmp
memory/2156-170-0x00000262E1030000-0x00000262E1040000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe
| MD5 | 24985391366a2f90a132465022fb5f69 |
| SHA1 | f9564ca80e59a57a7fbc7b865c74ba079386b140 |
| SHA256 | 689c4761b9897b14dbadf5dd833c603a2deecdeccfb1f7c5a6304b2afbe7cfee |
| SHA512 | 14bba15cb5d40ea02a40a227c2c57f63d65a9cbcc5448a7efe84f8c93648d5a7e9ebe2574e118fc775d34e73381af5096b3c4371efb2ef52de0effe776de657d |
C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638184789624499820.exe
| MD5 | 24985391366a2f90a132465022fb5f69 |
| SHA1 | f9564ca80e59a57a7fbc7b865c74ba079386b140 |
| SHA256 | 689c4761b9897b14dbadf5dd833c603a2deecdeccfb1f7c5a6304b2afbe7cfee |
| SHA512 | 14bba15cb5d40ea02a40a227c2c57f63d65a9cbcc5448a7efe84f8c93648d5a7e9ebe2574e118fc775d34e73381af5096b3c4371efb2ef52de0effe776de657d |
memory/2156-175-0x00000262E1030000-0x00000262E1040000-memory.dmp
memory/2156-176-0x00000262E1030000-0x00000262E1040000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | b43e5cf21598243f3078d787159d7bef |
| SHA1 | dbe552b5455966b2cc59e6786dac21610cbbea0e |
| SHA256 | 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80 |
| SHA512 | 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be |
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
| MD5 | b43e5cf21598243f3078d787159d7bef |
| SHA1 | dbe552b5455966b2cc59e6786dac21610cbbea0e |
| SHA256 | 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80 |
| SHA512 | 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be |
memory/1564-185-0x0000000000A40000-0x0000000000C16000-memory.dmp
memory/1564-186-0x000000001C500000-0x000000001C510000-memory.dmp
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
| MD5 | 2048a6e63ea6c66ea9001d9f51fe6c38 |
| SHA1 | 6faf9dc016628783068f5430da2d6ab6ee99846d |
| SHA256 | 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c |
| SHA512 | c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb |
C:\Users\Admin\AppData\Local\SquirrelTemp\WeMod-8.6.0-full.nupkg
| MD5 | 5b65b8e7c722ea3cdd852a60e3a47e48 |
| SHA1 | 78caa65d63160b9b3364633ed0435b91eb116d8d |
| SHA256 | 1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f |
| SHA512 | 059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d |
C:\Users\Admin\AppData\Local\WeMod\packages\WeMod-8.6.0-full.nupkg
| MD5 | 5b65b8e7c722ea3cdd852a60e3a47e48 |
| SHA1 | 78caa65d63160b9b3364633ed0435b91eb116d8d |
| SHA256 | 1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f |
| SHA512 | 059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\squirrel.exe
| MD5 | 2e4acb84ffaaf4ac65d1378491ea7ba8 |
| SHA1 | c927761e4512e2c9ef81d97c5a33a00c384fd0c7 |
| SHA256 | 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f |
| SHA512 | b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410 |
memory/1564-293-0x000000001C500000-0x000000001C510000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\Squirrel.exe
| MD5 | 2e4acb84ffaaf4ac65d1378491ea7ba8 |
| SHA1 | c927761e4512e2c9ef81d97c5a33a00c384fd0c7 |
| SHA256 | 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f |
| SHA512 | b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410 |
memory/2336-296-0x0000000000060000-0x000000000023C000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\squirrel.exe
| MD5 | 2e4acb84ffaaf4ac65d1378491ea7ba8 |
| SHA1 | c927761e4512e2c9ef81d97c5a33a00c384fd0c7 |
| SHA256 | 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f |
| SHA512 | b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410 |
memory/2336-298-0x000000001BB90000-0x000000001BBA0000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll
| MD5 | 6eb84bf78abc36ec975f0a72ec7d83d3 |
| SHA1 | b92944d2605822e2ffc5196ac299e2bf86c6e25f |
| SHA256 | db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc |
| SHA512 | 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll
| MD5 | 6eb84bf78abc36ec975f0a72ec7d83d3 |
| SHA1 | b92944d2605822e2ffc5196ac299e2bf86c6e25f |
| SHA256 | db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc |
| SHA512 | 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\v8_context_snapshot.bin
| MD5 | dd9ca4878bba782613cba372de1c36f4 |
| SHA1 | 2eefcb6fcaa4b2ed717c952895710be5701871a7 |
| SHA256 | ea33ca96024769386ae0ff100c2ae239507006d7340f1f8bbc5bcfb4195f9226 |
| SHA512 | 0791d3827a6de5745d3424c562b16604cf311ed6fcb4cf62d2c7f54ec0b7f3535b1114e919d2ba6d144cbe9f45418a555ab3fd801078bd8d563a656796f5d4e6 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\icudtl.dat
| MD5 | cf9421b601645bda331c7136a0a9c3f8 |
| SHA1 | 9950d66df9022f1caa941ab0e9647636f7b7a286 |
| SHA256 | 8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5 |
| SHA512 | bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar
| MD5 | 9b47f8546d1258078638930f63f255e5 |
| SHA1 | 0553dac387bbca7e2c8bca3feb52aff65048d688 |
| SHA256 | 2ef3023f110b9dd9de28bfa84d9fcfa1e6babd76b2bf0f6a92bd624a67ec1f45 |
| SHA512 | 614ca9bc4c792ddada2d8830c503197d547197d663ff08b8c89d2755ecdc9c83df1de3a7865e3c2cf4ebbc9892e1ae1534321bc564cbdd1652361d7fe4aa064d |
C:\Users\Admin\AppData\Local\WeMod\update.exe
| MD5 | b43e5cf21598243f3078d787159d7bef |
| SHA1 | dbe552b5455966b2cc59e6786dac21610cbbea0e |
| SHA256 | 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80 |
| SHA512 | 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be |
C:\Users\Admin\AppData\Local\WeMod\Update.exe
| MD5 | b43e5cf21598243f3078d787159d7bef |
| SHA1 | dbe552b5455966b2cc59e6786dac21610cbbea0e |
| SHA256 | 36fd9d2415858e7010345d3fc16536349a689f9d75ed005151cb4ff5e1d0cb80 |
| SHA512 | 8c41abd147c334fbff93871f08eb878e60c7be3e26487c601d741dfaa7a047d85e3d21ef10f47fafd65c569e90e9d1b32cad74fc4065e3c16728681f6c5df9be |
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES
| MD5 | 2048a6e63ea6c66ea9001d9f51fe6c38 |
| SHA1 | 6faf9dc016628783068f5430da2d6ab6ee99846d |
| SHA256 | 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c |
| SHA512 | c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb |
C:\Users\Admin\AppData\Local\WeMod\packages\WeMod-8.6.0-full.nupkg
| MD5 | 5b65b8e7c722ea3cdd852a60e3a47e48 |
| SHA1 | 78caa65d63160b9b3364633ed0435b91eb116d8d |
| SHA256 | 1b663486c0bf5ea10ecc69c3eaa7b46c565f3cf6c1144dcde260fa8611cfb20f |
| SHA512 | 059e220748dcaf694edc308f9a16d90975c0cd098158256ac9e4f8a77364896e5bca1452448492c15f5e22f1a1c3b06a0e73da081a5713988b1686da47fb6d3d |
memory/2032-312-0x0000000001710000-0x0000000001730000-memory.dmp
memory/2336-313-0x000000001BB90000-0x000000001BBA0000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
C:\Users\Admin\AppData\Local\WeMod\WeMod.exe
| MD5 | 3cfa1e47a878c62a4fb067f01dc2be63 |
| SHA1 | 76d8040012122c04a11d21d84729b6f3511d3170 |
| SHA256 | 9c2e8414037fe2ce9ab4bef2743b2a9aa0e0c34eaeb8bcb69a0ebc446b8a7037 |
| SHA512 | fb695949c1c0ec63c62ed55584c5e97d0a40342f64ed4f8adf62d820c70b44f7544e86b68205b5c0582f0e204dc2015ffb8c98f64ac5116084e7bf77bba25f3d |
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES
| MD5 | 2048a6e63ea6c66ea9001d9f51fe6c38 |
| SHA1 | 6faf9dc016628783068f5430da2d6ab6ee99846d |
| SHA256 | 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c |
| SHA512 | c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log
| MD5 | fcc4a55e80568c4693f6d2eff7ef757e |
| SHA1 | d24958d197482557722f616507d8b14dbeadebd8 |
| SHA256 | 1f5a1b10b49c35bff02f63ebaf8cd3faf74b51bd131d3dcfb952590c8bcd5eea |
| SHA512 | 67de4502abff297c90eb2cfbb3d03bfbef3400d6ee19b3cbb47b3ed9bad4b795946406a6975564321edff618d1a589076b57609c2ca38efc5650899a8483a271 |
C:\Users\Admin\AppData\Local\WeMod\Update.exe
| MD5 | 2e4acb84ffaaf4ac65d1378491ea7ba8 |
| SHA1 | c927761e4512e2c9ef81d97c5a33a00c384fd0c7 |
| SHA256 | 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f |
| SHA512 | b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410 |
C:\Users\Admin\AppData\Local\WeMod\Update.exe
| MD5 | 2e4acb84ffaaf4ac65d1378491ea7ba8 |
| SHA1 | c927761e4512e2c9ef81d97c5a33a00c384fd0c7 |
| SHA256 | 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f |
| SHA512 | b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410 |
C:\Users\Admin\AppData\Local\WeMod\packages\RELEASES
| MD5 | 2048a6e63ea6c66ea9001d9f51fe6c38 |
| SHA1 | 6faf9dc016628783068f5430da2d6ab6ee99846d |
| SHA256 | 52cc531dc4610e5fb892bc39bc91811a58096e9032f1c67f9f46555c1be3c32c |
| SHA512 | c4d47030b171a403d0990f769cc63ed109929ce3e9089a546fa144e748696d6d75f958d66c80f4aa84585db0977323cf7e0c428857ff898db373a4f2edb5b4cb |
memory/1556-349-0x000000001BFB0000-0x000000001BFC0000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll
| MD5 | 6eb84bf78abc36ec975f0a72ec7d83d3 |
| SHA1 | b92944d2605822e2ffc5196ac299e2bf86c6e25f |
| SHA256 | db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc |
| SHA512 | 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources.pak
| MD5 | f24c85d2b898b6b4de118f6a2e63a244 |
| SHA1 | 731adfc20807874b70bda7e2661e66ff6987e069 |
| SHA256 | aca9267dd8f530135d67240aa897112467bae77cd5fe1a549c69732fdf2803c6 |
| SHA512 | b49f6a4eb870b01b48b4cfbf5a73c1727cf7847a9505f7c11ce6befdbef868484867f6e0ac66aea8177ca5cab2abba1cae5ac626a8e3f44fc001cac0fe820c61 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\locales\en-US.pak
| MD5 | 3fef69b20e6f9599e9c2369398e571c0 |
| SHA1 | 92be2b65b62938e6426ab333c82d70d337666784 |
| SHA256 | a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c |
| SHA512 | 3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\chrome_200_percent.pak
| MD5 | 9c379fc04a7bf1a853b14834f58c9f4b |
| SHA1 | c105120fd00001c9ebdf2b3b981ecccb02f8eefb |
| SHA256 | b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48 |
| SHA512 | f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\chrome_100_percent.pak
| MD5 | 44a69827d4aa75426f3c577af2f8618e |
| SHA1 | 7bdd115425b05414b64dcdb7d980b92ecd3f15b3 |
| SHA256 | bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b |
| SHA512 | 5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll
| MD5 | 6eb84bf78abc36ec975f0a72ec7d83d3 |
| SHA1 | b92944d2605822e2ffc5196ac299e2bf86c6e25f |
| SHA256 | db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc |
| SHA512 | 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\icon.ico
| MD5 | 34ee19ccd44f31cd831dc50920f19890 |
| SHA1 | 24545d2f4741fb5a4649840486ffd3597b7ade5b |
| SHA256 | 136cf9b3a30268d1d439df7b9fd9104cb1d83be7fd2b562c3e9a47450ae0df3d |
| SHA512 | ded8ade93c143dc8abc7a76b03b4015a8637b2ee13b85dd70655d5857289f19ebef76562eace56a3ad3c2418fab5305bb0b6cadd0a412ddb781b8f496e82c74a |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll
| MD5 | 6eb84bf78abc36ec975f0a72ec7d83d3 |
| SHA1 | b92944d2605822e2ffc5196ac299e2bf86c6e25f |
| SHA256 | db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc |
| SHA512 | 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libEGL.dll
| MD5 | 8b967ad62cc99673cde56980ed63575d |
| SHA1 | ad32b4e7ccfea0df27f9859be34aec8805ac1422 |
| SHA256 | 61c9a573c6f81b60ba4bbc5197580bbd79ece79872d20fcd3e105c9d286b8d5a |
| SHA512 | cd259a87a4cf47fdc9bbb41685c7a60aa4b4b493849be8ae57dc2295fb146c57297da6b4b8de7145a69b25cb5526f48d559f7273c4f4a5a022cd3c66364a11a3 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libegl.dll
| MD5 | 8b967ad62cc99673cde56980ed63575d |
| SHA1 | ad32b4e7ccfea0df27f9859be34aec8805ac1422 |
| SHA256 | 61c9a573c6f81b60ba4bbc5197580bbd79ece79872d20fcd3e105c9d286b8d5a |
| SHA512 | cd259a87a4cf47fdc9bbb41685c7a60aa4b4b493849be8ae57dc2295fb146c57297da6b4b8de7145a69b25cb5526f48d559f7273c4f4a5a022cd3c66364a11a3 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libGLESv2.dll
| MD5 | 177e604afed9174818c288861079a67c |
| SHA1 | 251a142753a7231112939a43d4987e84c343e876 |
| SHA256 | dde9d5defb26f9380a576a7260e7b707139e8ee0440d2f2ac280f3244f17f9b6 |
| SHA512 | 3c29ea51691060285c89ad5e1b507054c96d6e026b0147353e9c0601b64c6c64fe677184a4514972e0c40694617ef728fe58ad39079c905f30a87683e2f7198a |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\libglesv2.dll
| MD5 | 177e604afed9174818c288861079a67c |
| SHA1 | 251a142753a7231112939a43d4987e84c343e876 |
| SHA256 | dde9d5defb26f9380a576a7260e7b707139e8ee0440d2f2ac280f3244f17f9b6 |
| SHA512 | 3c29ea51691060285c89ad5e1b507054c96d6e026b0147353e9c0601b64c6c64fe677184a4514972e0c40694617ef728fe58ad39079c905f30a87683e2f7198a |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\d3dcompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\D3DCompiler_47.dll
| MD5 | ab3be0c427c6e405fad496db1545bd61 |
| SHA1 | 76012f31db8618624bc8b563698b2669365e49cb |
| SHA256 | 827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6 |
| SHA512 | d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vulkan-1.dll
| MD5 | 75bdb977c84aa352ae7dd7782f89611e |
| SHA1 | 62f9fe878d2972098895796b3d887f517951ddeb |
| SHA256 | a43f02de6304eadaf539b127a2f02f95492abca28588d6e0f8cb115388b231cb |
| SHA512 | 5ed525be689fbb2a74dd2eb35a2099781c1c2848da524bd0a9d07c69154e1d131e30a08c690bb541231fcd14303fd3a6922bfb8ad47955020aebd81dee569561 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\WeMod.exe
| MD5 | 785460a10d3b9bb8e77cb0474dd405e6 |
| SHA1 | d905a695151b170d042fc60d938e1f978ab12e2e |
| SHA256 | 3fcada77230aff52ca5b9ef42caa6162f96779a0f33112141b2387b27a6543e5 |
| SHA512 | e4ff932c345c4e1158071b43cd939ed5800cb22b3f90c01ed6ea8f46a489846546cd90f316914ac06c47d50d260ddc92ea5a58ece52b1edc6681548199ea90fa |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vulkan-1.dll
| MD5 | 75bdb977c84aa352ae7dd7782f89611e |
| SHA1 | 62f9fe878d2972098895796b3d887f517951ddeb |
| SHA256 | a43f02de6304eadaf539b127a2f02f95492abca28588d6e0f8cb115388b231cb |
| SHA512 | 5ed525be689fbb2a74dd2eb35a2099781c1c2848da524bd0a9d07c69154e1d131e30a08c690bb541231fcd14303fd3a6922bfb8ad47955020aebd81dee569561 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader.dll
| MD5 | 66cafd13877168b0062349a5a639e4fe |
| SHA1 | 3936afd07d22d44d033908ae6d56c58ff395d755 |
| SHA256 | 270f2398c073b62660eb8ff492a8ed4c0b760b044d34a6b6fbaa42cf7cb78e84 |
| SHA512 | 8d1d2f9516510ae7b0d4a7f401800092005b5da58d70d22a9b893bca52ca2d928708b558e7d95a18e540ccd3180dd038ae629326b3b8f6a89a6e12d61b399901 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader.dll
| MD5 | 66cafd13877168b0062349a5a639e4fe |
| SHA1 | 3936afd07d22d44d033908ae6d56c58ff395d755 |
| SHA256 | 270f2398c073b62660eb8ff492a8ed4c0b760b044d34a6b6fbaa42cf7cb78e84 |
| SHA512 | 8d1d2f9516510ae7b0d4a7f401800092005b5da58d70d22a9b893bca52ca2d928708b558e7d95a18e540ccd3180dd038ae629326b3b8f6a89a6e12d61b399901 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\vk_swiftshader_icd.json
| MD5 | 8642dd3a87e2de6e991fae08458e302b |
| SHA1 | 9c06735c31cec00600fd763a92f8112d085bd12a |
| SHA256 | 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9 |
| SHA512 | f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\ffmpeg.dll
| MD5 | 6eb84bf78abc36ec975f0a72ec7d83d3 |
| SHA1 | b92944d2605822e2ffc5196ac299e2bf86c6e25f |
| SHA256 | db04507fffccb8c42d921c1e659fa1687838b76c3fc2985619d61abebd8075cc |
| SHA512 | 5154c5e922b634e1538a30df48671002574bc674b606d05bfb572de48a2ef0410a5919ff3686c4b3cc617a49692d21e02aa6b24f8b9b0c23e853e709221c1c2e |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\WeMod\Update.exe
| MD5 | 2e4acb84ffaaf4ac65d1378491ea7ba8 |
| SHA1 | c927761e4512e2c9ef81d97c5a33a00c384fd0c7 |
| SHA256 | 15a062eafbb7eceaf09142f9c39c8e4d998dd5a90700de81bcbe33a5ba34a35f |
| SHA512 | b14858a9cb845c3a9339c0f77b26f5151a926700352e8482a4242aed86b7a04c6fe8a4fd8246456d8d188790527db40faebf3f5c7dfe3bd229f877ca1b36d410 |
memory/2164-430-0x000000001CDE0000-0x000000001D308000-memory.dmp
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
| MD5 | 74bdec2a1b6ee5cc7276f47d13edc48a |
| SHA1 | 71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e |
| SHA256 | 7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19 |
| SHA512 | a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30 |
C:\Users\Admin\AppData\Local\WeMod\app-8.6.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
| MD5 | 74bdec2a1b6ee5cc7276f47d13edc48a |
| SHA1 | 71a8a2b69cb0e4f333812bd72fd06cf6e1a3b61e |
| SHA256 | 7fb226a4b4c6f72314f74bd5f667d678bb3b2c2d5d76c0c9b1b4a8fa0799fb19 |
| SHA512 | a0798582456212c55a74c1dfa059148726601440f7d64c5957ee5fc8fc14368017ff4af6d99295b8ce651a38bf3d086eef46f78a1fff7008552cf6a2e6984e30 |
memory/1216-433-0x0000028E0C590000-0x0000028E0C680000-memory.dmp
memory/1216-434-0x0000028E0E1B0000-0x0000028E0E1D2000-memory.dmp
memory/2164-435-0x0000000002AE0000-0x0000000002AF0000-memory.dmp
memory/1216-436-0x0000028E27A20000-0x0000028E27A30000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | 4e6d82154f96f31d6fd1defa755515fa |
| SHA1 | c146f7befed6fafbf59c6a94f97127c1c22da2fd |
| SHA256 | 22ec8a53b4ec45ec6c972c8d089d5a4e0bfee7bc0f405d2bd2b920a6cd6e9605 |
| SHA512 | eeeb804fabfabfaf8355135d707ef53dcb04b0e7e1aea36dbc4dd13c0eedc472f1c972bbdceb90a29817803521a3e7ad9dd4dbc4763816dfede924c57e870002 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | d5a2a59ac4faa27979dc2dd0e15f01bc |
| SHA1 | f1c196f2106d8cbade7c924f44c2430c1ec8a7cf |
| SHA256 | 19358775ace656abaf6684aa390a20ecbffceb1d8b90c8fb3b7468a3b6cacc78 |
| SHA512 | cb921d622da788ea3057fd2796a976d35932bfcd21369f9eac126f6e25189d8f4b90bf3ccad81a195f0cd3a4d4d6aa055ab5621e0c9664fa4547fa217c5b1bc2 |
memory/1216-451-0x0000028E27A20000-0x0000028E27A30000-memory.dmp