hxxps://www[.]wemod[.]com/cheats/roblox-trainers

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 20:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.wemod.com/cheats/roblox-trainers

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation	WeMod-Setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation	WeMod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation	WeMod.exe

Executes dropped EXE 12 IoCs

pid	Process
4324	WeMod-Setup.exe
2256	Update.exe
1232	Squirrel.exe
1320	WeMod.exe
3936	Update.exe
4360	Update.exe
3672	WeMod.exe
4628	WeMod.exe
4580	WeMod.exe
3264	WeMod.exe
3596	Update.exe
4112	WeModAuxiliaryService.exe

Loads dropped DLL 9 IoCs

pid	Process
1320	WeMod.exe
3672	WeMod.exe
4628	WeMod.exe
4628	WeMod.exe
4628	WeMod.exe
4628	WeMod.exe
4628	WeMod.exe
4580	WeMod.exe
3264	WeMod.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	WeMod.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	WeMod.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WeMod.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WeMod.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\api.wemod.com\ = "35"	WeMod-Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wemod.com\Total = "35"	WeMod-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	WeMod-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wemod.com	WeMod-Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\wemod.com\NumberOfSubdomains = "1"	WeMod-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	WeMod-Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "35"	WeMod-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\DOMStorage\wemod.com	WeMod-Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\DOMStorage\api.wemod.com	WeMod-Setup.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{30B670F0-5812-427F-AB23-80E5DD7DFBEA}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\wemod	WeMod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\wemod\URL Protocol	WeMod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\wemod\ = "URL:wemod"	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\wemod\shell\open\command	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\wemod\shell	WeMod.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\wemod\shell\open	WeMod.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\wemod\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\WeMod\\app-9.2.1\\WeMod.exe\" \"%1\""	WeMod.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 153539.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
692	msedge.exe
692	msedge.exe
3388	identity_helper.exe
3388	identity_helper.exe
1488	msedge.exe
1488	msedge.exe
2256	Update.exe
2256	Update.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2256	Update.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeDebugPrivilege	3596	Update.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe
Token: SeShutdownPrivilege	3672	WeMod.exe
Token: SeCreatePagefilePrivilege	3672	WeMod.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe
692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 692 wrote to memory of 448	692	msedge.exe	82
PID 692 wrote to memory of 448	692	msedge.exe	82
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 3772	692	msedge.exe	83
PID 692 wrote to memory of 1668	692	msedge.exe	84
PID 692 wrote to memory of 1668	692	msedge.exe	84
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85
PID 692 wrote to memory of 4280	692	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wemod.com/cheats/roblox-trainers
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa712346f8,0x7ffa71234708,0x7ffa71234718
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1488
- C:\Users\Admin\Downloads\WeMod-Setup.exe
  "C:\Users\Admin\Downloads\WeMod-Setup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:4324
- - C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638539956121523121.exe
    "C:\Users\Admin\AppData\Local\Temp\WeMod-Setup-638539956121523121.exe" --silent
    3⤵
    PID:3392
  - - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2256
    - - C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\Squirrel.exe
        
        "C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
        5⤵
        Executes dropped EXE
        
        PID:1232
    - - C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\WeMod.exe
        
        "C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\WeMod.exe" --squirrel-install 9.2.1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1320
      - C:\Users\Admin\AppData\Local\WeMod\Update.exe
        
        C:\Users\Admin\AppData\Local\WeMod\Update.exe --createShortcut WeMod.exe
        6⤵
        Executes dropped EXE
        
        PID:3936
- - C:\Users\Admin\AppData\Local\WeMod\Update.exe
    "C:\Users\Admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://?_inst=60Hgvzv1VILRb8vD"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:4360
  - - C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\WeMod.exe
      "C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\WeMod.exe" wemod://?_inst=60Hgvzv1VILRb8vD
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:3672
    - - C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\WeMod.exe
        
        "C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\WeMod.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1708,i,16303722525177056195,4335852728704463439,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1700 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\WeMod.exe
        
        "C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\WeMod.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --force-ui-direction=ltr --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --field-trial-handle=2252,i,16303722525177056195,4335852728704463439,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:3
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\WeMod.exe
        
        "C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\WeMod.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\WeMod" --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2372,i,16303722525177056195,4335852728704463439,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2468 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3264
      - C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
        
        C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe WeMod\Support_1718398832099_Out
        6⤵
        Executes dropped EXE
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\WeMod\Update.exe
        
        C:\Users\Admin\AppData\Local\WeMod\Update.exe --checkForUpdate https://api.wemod.com/client/channels/stable?osVersion=10.0.19041
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1316 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6283826070342543781,5440308149535439108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:1320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log

Filesize
1KB

MD5
fcc4a55e80568c4693f6d2eff7ef757e

SHA1
d24958d197482557722f616507d8b14dbeadebd8

SHA256
1f5a1b10b49c35bff02f63ebaf8cd3faf74b51bd131d3dcfb952590c8bcd5eea

SHA512
67de4502abff297c90eb2cfbb3d03bfbef3400d6ee19b3cbb47b3ed9bad4b795946406a6975564321edff618d1a589076b57609c2ca38efc5650899a8483a271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
1024KB

MD5
4566a2d79d0ffd99fc45d31ce0c6f14e

SHA1
7bad824171684da2649d195d5bc5b188a15d3e85

SHA256
975e52f0677196e5e4d71a5cc4deb087edd981c87eb1889d8e83963a1265668e

SHA512
678c0b19e802e117fc01d6d7513316eed3f952f431021008b191652503e1458a355645b95fd17c4345ef88dd2d002981bb9f50fe0c2003b86dd5c6f8281f9dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
f7525bebf92899964d9de55f4e0e00c8

SHA1
ad68daf39588ae23240cd25707207a3b7f71cf86

SHA256
70eef1fb4e11209f16f8dd689318e4c0b922038259f0fd2dde6c69138f5d2ba8

SHA512
6d13a889e759f7b0c11d3db50c2dc575b90959dd5fdc4a1c773d63445d09178fd99949fb296765748235307b478485828ee37bfa2653ea1e1bbf087c23868b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ead367e90f3353f7bb3d65f5b4667945

SHA1
167ba0a2bc6da4c2f4ef61e498bb66bab03daceb

SHA256
c6f1e28643247012bcffbb80e61e09f93affce9814234521bf3b4aafc3ed51bb

SHA512
28f37b72f552756db9ce35e3a8589e50b371bbf66c16f64dec2b535a6d364e2e96838c194662849fe48f6548b4b6c6483ca3597cee58d0d5dc5363c0250e3f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6245bd0995aa9895b9f79b709a932644

SHA1
8db0c1abf9521d1fdbae3e75a809129c189ed866

SHA256
cbf2953aa529bd278679d6f290dcabd58f155cf647f943047aa816b526eeed98

SHA512
ef56b204cc63f5f137ba3746a16cf6d163be5fa31991688ba6479dcbd3711ec42b1c810e60b1ef6e0b22fd79323fc1ac8da421c22bd2ca638d71e5038ad4db14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
235524a054591c47cc828b58acfce48b

SHA1
bb7be112195716d0d08c5c61baa0d3023b231e56

SHA256
d359b14d413c2b05aa98bfddc894f48f77e09cbd9b6ee870fcbae795e8afefbc

SHA512
caa1225624e79a86ec1c988375da88b3a52cdd049d80e93ebc255e3bc5cbedc1a1c91e233790b960f128998fae8fd8131967f670d3b423d5661625277070c01c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
824a777b30bbef0fcb56b9d92d02a17e

SHA1
2684e92cfdc504b4fb2426ab95c20cb75bc4825e

SHA256
8b9f967953b5c7fbeb7ec856a433e98723729a149ea3d0d55240226770ff8ec9

SHA512
6dfe71d6b937b63e75a73f53491d53f224450280650db0968943aa92fa7d8fdf15a77ca85c46a49ed066be6b041ee1a52380fec63167af129b42766f716437cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
809921098368233be8a2cea5d8653426

SHA1
f6c79d68fe056e6abc34491ca93314ec4f1eb301

SHA256
0110567bdabee400ba72b24c25989723f24fd9aa62579b5419343ffeaf060dfb

SHA512
ae9459e30cf71ac7d9962e194085c74e552a089f2bbd57280e166981bee0d9a4c491403f587b35aeb6aa9788f60cab15b8c8a3ff9a499df9ca7a89885f35b1ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d099497833782c22f5c428b68735a65c

SHA1
e15ec2109354692505abe2b80f3d45530963c419

SHA256
a7d9cf9f7b06576e32cbce3c30176e78ce6065e0832d0ea16ad2134075a5ea46

SHA512
7a6aebee2eeabf39d664950f94e6ba29b27241353a8ad0c550c18570810e1487d36b862803bbf23138ec68d60a5cb7cf948185086935a994d028ebfb724ff361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3b4e0d2aa37f71a42264716dbf474410

SHA1
9e3745a759901e575e3545990954f2543487911f

SHA256
a9f03e6fd3da67f0549db465713c1157df0f8088aa4f7b2631ebbd656a4ff685

SHA512
b46f3efa283a5f0443b90eccc30db334fa0099c41af60df3100af5a1c8b6beb2ad70e82a68c051318c580f044e88674032dfd3ef4c673afa867a05e1957acd13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a7775beae3040871b316ac4e357b7187

SHA1
9921331f045d18ec405289be7c7c17b171c59f9b

SHA256
593e225f833a07b25bc0e34aec9082fea9ae3228d78e8f698e36bc3220425a27

SHA512
22fa35f463831ea507c33fcecce8dd01d3b4470fefa1c1bea21731abb0ac1f7f5ac754bfee1fe7432197694ace73ecdc00a4e9bdcbfe60ffbea79a726f191e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
39313d8678c388dfd080468da382d8db

SHA1
845196f68e092908772f645cdd4498aae3822ba1

SHA256
e68e628e04f33fea7004254024fad4ead2bdef5a2698b38f6cc8174b4bcc196a

SHA512
479b38f3f5d945147cb49cb1cd265456b3243e60a3196e539e33ee2011dac94041610fd02b2ceef949fb3544f40b9edbfc326b52d8a7b87dba8ddbdc89796ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f3a7.TMP

Filesize
1KB

MD5
7bc2b8c41d6b7ef5e76601413b3a1546

SHA1
9bdcecdfcf0ce9980d9f40a07e6166b4e4371c3f

SHA256
554403b4992fa02d8c1827bdff50f73cdd042d84152090a893ca41c6afac9156

SHA512
cddd794f85befa5589d925bda467329c85004e5e0c4a543ac2b2ea1e14d80e1d34f2db92d6c1c527a017a5e835b31ac47a5322bae8c3e5b67ece4818a401ea0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b1032e8c15685e5db2176b7d294ad26f

SHA1
515385c801c788b6390482bc50cd214cac244002

SHA256
e0567c4dc1b9e621c8e5c438205dcd2d6446f339c67ba7607052c4c70e78a315

SHA512
f46dd99bd5af0463c8a6dd8bddaaa7753e83b0b28745b40b1345c9a91c7345084ca0d0f6e3577476a3f51f564f90f07c4ba6cc63a4e160fb734e789c1b3eb49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
47959c5b9ec41afad9317d2996d4f5a0

SHA1
6ef7815f6fa8d4a3ea8a4482248f418d40cc845c

SHA256
c9da75920810affa43cbc7889fd8a4597ee7331c29e9520be57c89e511ab2ebf

SHA512
af15d52d70939f5718eab0f4e2de74bdd1de91b7e2086f596bf05a31a81dd25fdc5a24a182c905a9ea6e3a5b058cf4d463d034f9c85a9719a8f6be26304d02a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c0279827-123b-4a65-bdc7-c9876d58b26a.tmp

Filesize
12KB

MD5
9dbdf7d34b527968a77a59c24a83c432

SHA1
ba342aa7ebd3174eb0fc96ca6f1b28bb53ef8e3a

SHA256
7a2109167b5f31f6c6af5e467f643503efcafe886f7790239a85a0f4120cbe16

SHA512
edf0ac030f462dd717190161e77ed0aa36a0534488319cf5fa0ae2cc4e1fcdca0cfc76b45d72c82c5d8f04bdf9f7d20cc2c3efa49421d6bcb6787dc78f6692fb

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
76B

MD5
9dcddeae4e452715e655264522449887

SHA1
01dd5ab8111b85594c600a0f4eb9a559aa30d5ea

SHA256
4f4f34d2cce247872cc61313c46f4faeba6bc164eff1a6e562e69702c5aa7db5

SHA512
d5776859fb16d0150f41ab633040efd629c47a2b3768e6a3e91ac643bde0eafc467c8eb9569ee12c87bfe892bb75cf2759c7da758bda71ff410f50ec913daf3b

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
b114d36a8b9f4b2e1efd9d04f23fcda4

SHA1
51e3a5147cf04ae8d3cc330f9a91f57a702b966b

SHA256
73ef0773033bc64412fa40b181183f15882fe375ccb51d7b23702447428db775

SHA512
dd764c94d0c7715bb3213ef6987428665669cffe89182f6bff0aae6b9dbc061abfd36d3d7b39e4f47f539047c5a51a57f2a4b1628ea165d51c1da78905b6833f

Download Submit
C:\Users\Admin\AppData\Local\WeMod\WeMod.exe

Filesize
539KB

MD5
086b2887930e6e5ea0eed63f372145ae

SHA1
84a34aea51078b34f0c855ceb0a903453e80d6b2

SHA256
6a44ab4d2f77abd6a049af0bf742efe056653b18de2efaab0a9ffe45dcbe3482

SHA512
bb02ea6a20cada49f5c50bcdaf81060d668d4f433c280a3a56aa94bd3d6af1320226b7762d339a5950e244b7eb72667c153747a88c7fa2febf1c99090111494b

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\chrome_100_percent.pak

Filesize
146KB

MD5
6c2827fe702f454c8452a72ea0faf53c

SHA1
881f297efcbabfa52dd4cfe5bd2433a5568cc564

SHA256
2fb9826a1b43c84c08f26c4b4556c6520f8f5eef8ab1c83011031eb2d83d6663

SHA512
5619ad3fca8ea51b24ea759f42685c8dc7769dd3b8774d8be1917e0a25fa17e8a544f6882617b4faa63c6c4f29844b515d07db965c8ea50d5d491cdda7281fc5

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\chrome_200_percent.pak

Filesize
220KB

MD5
77088f98a0f7ea522795baec5c930d03

SHA1
9b272f152e19c478fcbd7eacf7356c3d601350ed

SHA256
83d9243037b2f7e62d0fdfce19ca72e488c18e9691961e2d191e84fb3f2f7a5d

SHA512
5b19115422d3133e81f17eedbacee4c8e140970120419d6bbfe0e99cf5528d513eea6583548fa8a6259b260d73fab77758ad95137b61fe9056101dd5772e8f4a

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\ffmpeg.dll

Filesize
2.6MB

MD5
404dc58b965152860b11cae1c0ec36c1

SHA1
ec9d53790afd7e11c3fd1d134abcffe09e65ddcf

SHA256
80b5a1274e14c2e5e9e0de6a9beb15c1e78c7cb7735037e541037aff08914662

SHA512
63a72dac79814efc5b1443f615c9a1fade04a703dd5c7522e0abb41918596deea78fdc43336782e3c2aa94bc55a0a599d4f0548b9d373a3dc1530383a0721bd5

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\icudtl.dat

Filesize
10.2MB

MD5
74bded81ce10a426df54da39cfa132ff

SHA1
eb26bcc7d24be42bd8cfbded53bd62d605989bbf

SHA256
7bf96c193befbf23514401f8f6568076450ade52dd1595b85e4dfcf3de5f6fb9

SHA512
bd7b7b52d31803b2d4b1fd8cb76481931ed8abb98d779b893d3965231177bdd33386461e1a820b384712013904da094e3cd15ee24a679ddc766132677a8be54a

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\libEGL.dll

Filesize
479KB

MD5
54fff319475ad7a95371c868067ee270

SHA1
8a28934ae0fea0b6ffe78548a18f0672c3a30596

SHA256
90af3be9072f0f8c6e974988680bd4203b05d65a421bc020a15d554436774306

SHA512
d4881a64f919e0e01aae5e46fa4b47669c4d881b928ee5f99890950d638b8c9b164ba94d6f40da1dc838b44ade5d8756609d17a9c3ff37d87413a4a86daeb9a5

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\libGLESv2.dll

Filesize
7.6MB

MD5
8746f5a8263c0e8d87bf976796d5bfed

SHA1
c838276c8264ad4d2e0e3af8c52d31a16552cf00

SHA256
0ca48796162085431451b7ce007c01f91b96e8ea0df2b740889376e5aac0de83

SHA512
9798eb92b6eeff20f4c0855b7634319c6c40ba85d6b90c4a161ae061a06022dabac03f67ad91aba452516850a638c8f2b243157288f1684833acd35967a6b86b

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\locales\en-US.pak

Filesize
443KB

MD5
88bbc725e7eedf18ef1e54e98f86f696

SHA1
831d6402443fc366758f478e55647a9baa0aa42f

SHA256
95fd54494d992d46e72dad420ceee86e170527b94d77bfaaa2bfc01f83902795

SHA512
92a5c6cfc2d88272bb5144e7ee5c48337f2c42083bc9777506b738e3bcb8f5a2c34af00c4ccc63b24fb158c79f69e7205b398c9e22634dae554410450978a2c4

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\resources.pak

Filesize
5.1MB

MD5
a1373fd7976b2505d5a7bcc5c5612095

SHA1
aada11c623580a07d4ee6a51ae8a36088f521274

SHA256
ed14046f28a70e190b336824de2d907fb6c2b411ee9d68906eba747440eb4b05

SHA512
f7acd3fcd80bd87fdd0ca16ee8fc12b5dd4ef5cc2c868f01bf8b026f1a60d0f39610c5666de8431d24269fea1b0aca11af8e7b6ec75a125fa1d088a6fd071d4d

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\resources\app.asar

Filesize
7.8MB

MD5
d60e6acbdde569a5e633c251fe5146d6

SHA1
2b1746b6d65c34f85de37da13cbf28b06091f938

SHA256
38126304b7c5bd8d4df3df99efbd482b8adad55208249538725e1f0f1fe080f9

SHA512
ae958e9bb95cbd19381fef3fe38e794873446a11b8e444e53bb70907e87a7fa6d968a672a5450f669c1d30a4a5b8550ed0ec64b39ca6b7b85f20d400a99f768e

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\resources\app.asar.unpacked\static\unpacked\icon.ico

Filesize
279KB

MD5
34ee19ccd44f31cd831dc50920f19890

SHA1
24545d2f4741fb5a4649840486ffd3597b7ade5b

SHA256
136cf9b3a30268d1d439df7b9fd9104cb1d83be7fd2b562c3e9a47450ae0df3d

SHA512
ded8ade93c143dc8abc7a76b03b4015a8637b2ee13b85dd70655d5857289f19ebef76562eace56a3ad3c2418fab5305bb0b6cadd0a412ddb781b8f496e82c74a

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\squirrel.exe

Filesize
1.8MB

MD5
2a0e92bcd2f0ca55cd824450becdf308

SHA1
8633786326af95627ea746ef955bab1ad9d73860

SHA256
e97c54fbfba434a9799bf3af71f1d97fbd029b07cb53da036cde4c7fed119db4

SHA512
b7f758313e137258c8ceab64b470977aa156c69297b577ed2814db0c60b8d63dd6eaca2ed603dc117ab0699aadf166f192674d4e78cb612bb266f4467d5b6d79

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\v8_context_snapshot.bin

Filesize
641KB

MD5
228cb75c5b14fb790ec913a34c12b4d6

SHA1
aa6dbfb6cd403be3110f85c2a3ae72ab575645fb

SHA256
bb9c5a66316280c3d90ad63e20e34a7311972632bfd927f9d192407c13714444

SHA512
ab6b94de633b71a99b58f3924b0b8a351e0899ccff0fdab35e06938ad22ed62548a331b0b296a886f67941a642fd32d00ec2297b0d687139c0e57d2919739c19

Download Submit
C:\Users\Admin\AppData\Local\WeMod\app-9.2.1\vk_swiftshader.dll

Filesize
5.1MB

MD5
ef984be900c822d8f4cc382fb1630b20

SHA1
38fb482c7177747bc478071cbc32a95a83910785

SHA256
3e1068de9e6a540f106b86b9b0fb3e792635f63490ca12f15946cebfbbf9167c

SHA512
311ce1384326ec9e533980b547162ed66ea22ca065540d0cac3e6e67e1c311901396169d5bc0096a9ef1e84dd92adb08f735b46b1923c33a33b49b51dabbd346

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Network\TransportSecurity

Filesize
523B

MD5
ea64ce8f9f504efe4a0724d39feacbee

SHA1
51d551616fe05dd273545a9b74b07cc4813fc53a

SHA256
a9734c10c507f222f930dbfbb5017e6050bbe25f20fc0692f1a533f79d019300

SHA512
85e3bb7bbb4336574c49ec3b47dfc47a4a08e84fdaf9189ea31a2c6770c1b05b6ddceba5894a69c28aaea520a3b7548f31bf6dadb9f9a42bff5174dd1f267b9a

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Network\TransportSecurity~RFe5923da.TMP

Filesize
523B

MD5
5d22741498844c185b0ad16892b170db

SHA1
1aa03606b75098943729dee8b08fb6f8600693b4

SHA256
18f53e1b43854ba9789b7179119406bd56f9df487bb4a39fea2436a74b59659d

SHA512
1cb0fe690a54da3d29e3b626859fe058968229570d90b9fdcb6931a6b0390761a4c315b3eebafdf0a29b1ffc08a2313e5fcde55b70725ac46773ae7b918c9a13

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Code Cache\js\index-dir\temp-index

Filesize
48B

MD5
f4b897a9746661ca83755ac7be0fdc8b

SHA1
9d48b3cdf11def43ad3f52c9902c265c636be0ef

SHA256
4b339353c2a9182fba874439fef0a6b382c5b400a8d687afe83a6cbce4ba2894

SHA512
0ec045cff585571ec013b1bb0e56da13abd2bfdb1bddca1b812f82a31cfbccdfd318d1f6f454a7c88de0790953793482f4047ba5a4aa2c69dcc7bd0255f1729d

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Partitions\ads\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\WeMod\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\Downloads\WeMod-Setup.exe

Filesize
141KB

MD5
c150af09c55d4cc4101ffcd829f9ea57

SHA1
25d2de41f0562accd0c41ba9d452c265b1ac2c65

SHA256
3b158a17a51163926ff4365b9d1351337bbb47e4cc9c18833748166845530106

SHA512
eb06b7294608a4e919d7bfe5ad94fb8239164297f9e9e7e407638cedb237749cce342f22861b03be0fba159c107ed585e337e7b1d1c6a7bcd95eeaa0701cfe8b

Download Submit
memory/1232-488-0x00000000007B0000-0x000000000098C000-memory.dmp

Filesize
1.9MB

Download
memory/2256-370-0x00000000009B0000-0x0000000000B86000-memory.dmp

Filesize
1.8MB

Download
memory/3596-631-0x000000001C800000-0x000000001CD28000-memory.dmp

Filesize
5.2MB

Download
memory/3936-505-0x0000000002990000-0x00000000029B0000-memory.dmp

Filesize
128KB

Download
memory/4112-632-0x000001A986A20000-0x000001A986A42000-memory.dmp

Filesize
136KB

Download
memory/4112-630-0x000001A986550000-0x000001A986640000-memory.dmp

Filesize
960KB

Download