General Info

File name

WeMod-Setup.exe

Full analysis
https://app.any.run/tasks/cec49a49-9421-4f8a-b8b7-031280292fa2
Verdict
Malicious activity
Analysis date
11/8/2019, 16:24:54
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5

e0bf99717f74e9e01bed819cee22d905

SHA1

ac805270f760a0041f3ecb2448c32c9886ef6739

SHA256

7bcbc8329a84a0986d24ec8f93af8fbec48d928f4406dd03dffdbb34f1d8bb30

SSDEEP

1536:uP3C75n6UGB8M/kLu9qtz5IsH6aEu4afE91rkc3/oclgRV905bPy+9G:8Sx6UG+Fu9qwIXfE/kc3/ov2e+9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • Update.exe (PID: 2844)
  • Update.exe (PID: 3452)
  • Update.exe (PID: 1944)
  • Squirrel.exe (PID: 3492)
  • Update.exe (PID: 1316)
Loads dropped or rewritten executable
  • WeMod.exe (PID: 2248)
  • WeMod.exe (PID: 520)
  • WeMod.exe (PID: 3964)
  • WeMod.exe (PID: 2660)
  • WeMod.exe (PID: 2276)
Application launched itself
  • WeMod.exe (PID: 2660)
  • WeMod.exe (PID: 3964)
Reads Environment values
  • Update.exe (PID: 2844)
  • Update.exe (PID: 1944)
Creates a software uninstall entry
  • Update.exe (PID: 1944)
Modifies the open verb of a shell class
  • WeMod.exe (PID: 3964)
Executable content was dropped or overwritten
  • Squirrel.exe (PID: 3492)
  • WeMod-6.2.7[1].exe (PID: 3856)
  • Update.exe (PID: 1944)
Creates files in the user directory
  • WeMod.exe (PID: 3964)
  • WeMod-Setup.exe (PID: 1896)
  • Update.exe (PID: 1316)
Reads the hosts file
  • WeMod.exe (PID: 3964)
  • WeMod.exe (PID: 2660)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   UPX compressed Win32 Executable (39.3%)
.exe
|   Win32 EXE Yoda's Crypter (38.6%)
.dll
|   Win32 Dynamic Link Library (generic) (9.5%)
.exe
|   Win32 Executable (generic) (6.5%)
.exe
|   Generic Win/DOS Executable (2.9%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:09:27 04:43:27+02:00
PEType:
PE32
LinkerVersion:
14.15
CodeSize:
53248
InitializedDataSize:
16384
UninitializedDataSize:
77824
EntryPoint:
0x20950
OSVersion:
6
ImageVersion:
null
SubsystemVersion:
6
Subsystem:
Windows GUI
FileVersionNumber:
5.0.0.0
ProductVersionNumber:
5.0.0.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
CompanyName:
Daring Development Inc.
FileDescription:
WeMod Setup
FileVersion:
5.0.0.0
LegalCopyright:
Copyright (C) 2018
ProductName:
WeMod
ProductVersion:
5.0.0.0
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
27-Sep-2018 02:43:27
Detected languages
English - United States
CompanyName:
Daring Development Inc.
FileDescription:
WeMod Setup
FileVersion:
5.0.0.0
LegalCopyright:
Copyright (C) 2018
ProductName:
WeMod
ProductVersion:
5.0.0.0
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000108
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
3
Time date stamp:
27-Sep-2018 02:43:27
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
UPX0 0x00001000 0x00013000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
UPX1 0x00014000 0x0000D000 0x0000CC00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.91245
.rsrc 0x00021000 0x00004000 0x00003800 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 7.67704
Resources
1

102

Imports
    KERNEL32.DLL

    GDI32.dll

    gdiplus.dll

    SHELL32.dll

    SHLWAPI.dll

    urlmon.dll

    USER32.dll

    WININET.dll

Exports

    No exports.

Screenshots

Processes

Total processes
47
Monitored processes
13
Malicious processes
4
Suspicious processes
2

Behavior graph

+
start drop and start drop and start wemod-setup.exe wemod-6.2.7[1].exe update.exe squirrel.exe wemod.exe no specs update.exe no specs wemod.exe no specs update.exe no specs wemod.exe wemod.exe no specs wemod.exe no specs wemod.exe no specs update.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1896
CMD
"C:\Users\admin\AppData\Local\Temp\WeMod-Setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\WeMod-Setup.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Daring Development Inc.
Description
WeMod Setup
Version
5.0.0.0
Modules
Image
c:\users\admin\appdata\local\temp\wemod-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\lh043oam\wemod-6.2.7[1].exe
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\wemod\update.exe

PID
3856
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\WeMod-6.2.7[1].exe" --silent
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\WeMod-6.2.7[1].exe
Indicators
Parent process
WeMod-Setup.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
WeMod
Description
WeMod - Cheats and Mods
Version
6.2.7
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\lh043oam\wemod-6.2.7[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\squirreltemp\update.exe

PID
1944
CMD
"C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe" --install . --silent
Path
C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe
Indicators
Parent process
WeMod-6.2.7[1].exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
GitHub
Description
Update
Version
1.9.1.0
Modules
Image
c:\users\admin\appdata\local\squirreltemp\update.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\0d5a8e6f89227cc5d954e65856f9cf1a\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\e7873d3bd71f6122c2a954be1bb5bb28\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\b34cda03a984c515b31faf410e5b7e39\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\4d290752f65a065fcde70178562c3383\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\msvcp120_clr0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\shell32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\wemod\app-6.2.7\squirrel.exe
c:\users\admin\appdata\local\wemod\app-6.2.7\infinity.exe
c:\users\admin\appdata\local\wemod\app-6.2.7\wemod.exe
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\linkinfo.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\61dfb69c9ad6ed96809170d54d80b8a6\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.comp46f2b404#\0a6fed4a3d60bba766a643e4bc2e5968\system.componentmodel.dataannotations.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml.linq\f68563fb25af65c25de37130ebcd576c\system.xml.linq.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll

PID
3492
CMD
"C:\Users\admin\AppData\Local\WeMod\app-6.2.7\Squirrel.exe" --updateSelf=C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe
Path
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\Squirrel.exe
Indicators
Parent process
Update.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\wemod\app-6.2.7\squirrel.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\0d5a8e6f89227cc5d954e65856f9cf1a\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\e7873d3bd71f6122c2a954be1bb5bb28\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\b34cda03a984c515b31faf410e5b7e39\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\4d290752f65a065fcde70178562c3383\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\msvcp120_clr0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\shell32.dll

PID
2660
CMD
"C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe" --squirrel-install 6.2.7
Path
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe
Indicators
No indicators
Parent process
Update.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
WeMod
Description
WeMod - Cheats and Mods
Version
6.2.7
Modules
Image
c:\users\admin\appdata\local\wemod\app-6.2.7\wemod.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\wemod\app-6.2.7\ffmpeg.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\hid.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\wemod\update.exe
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wintrust.dll

PID
1316
CMD
C:\Users\admin\AppData\Local\WeMod\Update.exe --createShortcut WeMod.exe
Path
C:\Users\admin\AppData\Local\WeMod\Update.exe
Indicators
No indicators
Parent process
WeMod.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
GitHub
Description
Update
Version
1.9.1.0
Modules
Image
c:\users\admin\appdata\local\wemod\update.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\0d5a8e6f89227cc5d954e65856f9cf1a\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\e7873d3bd71f6122c2a954be1bb5bb28\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\b34cda03a984c515b31faf410e5b7e39\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\4d290752f65a065fcde70178562c3383\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\msvcp120_clr0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\shell32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.comp46f2b404#\0a6fed4a3d60bba766a643e4bc2e5968\system.componentmodel.dataannotations.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml.linq\f68563fb25af65c25de37130ebcd576c\system.xml.linq.ni.dll
c:\users\admin\appdata\local\wemod\app-6.2.7\wemod.exe
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\users\admin\appdata\local\wemod\wemod.exe
c:\windows\system32\netutils.dll

PID
2276
CMD
"C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe" --type=gpu-process --field-trial-handle=1152,2571582987136341375,14975323822799265097,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=15640722177483167165 --mojo-platform-channel-handle=1156 --ignored=" --type=renderer " /prefetch:2
Path
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe
Indicators
No indicators
Parent process
WeMod.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
WeMod
Description
WeMod - Cheats and Mods
Version
6.2.7
Modules
Image
c:\users\admin\appdata\local\wemod\app-6.2.7\wemod.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\wemod\app-6.2.7\ffmpeg.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll

PID
3452
CMD
"C:\Users\admin\AppData\Local\WeMod\Update.exe" --processStart "WeMod.exe" --process-start-args "wemod://?_inst=6wZQ2ctVROl69pEU"
Path
C:\Users\admin\AppData\Local\WeMod\Update.exe
Indicators
No indicators
Parent process
WeMod-Setup.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\wemod\update.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\0d5a8e6f89227cc5d954e65856f9cf1a\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\e7873d3bd71f6122c2a954be1bb5bb28\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\b34cda03a984c515b31faf410e5b7e39\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\4d290752f65a065fcde70178562c3383\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\msvcp120_clr0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\shell32.dll
c:\windows\system32\propsys.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll

PID
3964
CMD
"C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe" wemod://?_inst=6wZQ2ctVROl69pEU
Path
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe
Indicators
Parent process
Update.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
WeMod
Description
WeMod - Cheats and Mods
Version
6.2.7
Modules
Image
c:\users\admin\appdata\local\wemod\app-6.2.7\wemod.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\wemod\app-6.2.7\ffmpeg.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\hid.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\users\admin\appdata\local\wemod\update.exe

PID
520
CMD
"C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe" --type=gpu-process --field-trial-handle=1080,15786151774496379567,7409869370519320832,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --service-request-channel-token=5408731606948648093 --mojo-platform-channel-handle=1096 --ignored=" --type=renderer " /prefetch:2
Path
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe
Indicators
No indicators
Parent process
WeMod.exe
User
admin
Integrity Level
LOW
Exit code
4
Version:
Company
WeMod
Description
WeMod - Cheats and Mods
Version
6.2.7
Modules
Image
c:\users\admin\appdata\local\wemod\app-6.2.7\wemod.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\wemod\app-6.2.7\ffmpeg.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\hid.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\users\admin\appdata\local\wemod\app-6.2.7\d3dcompiler_47.dll
c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll

PID
2248
CMD
"C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe" --type=renderer --field-trial-handle=1080,15786151774496379567,7409869370519320832,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=com.squirrel.WeMod.WeMod --app-path="C:\Users\admin\AppData\Local\WeMod\app-6.2.7\resources\app.asar" --node-integration --no-sandbox --no-zygote --background-color=#111111 --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=76226209252007930 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1544 /prefetch:1
Path
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe
Indicators
No indicators
Parent process
WeMod.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
WeMod
Description
WeMod - Cheats and Mods
Version
6.2.7
Modules
Image
c:\users\admin\appdata\local\wemod\app-6.2.7\wemod.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\wemod\app-6.2.7\ffmpeg.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\hid.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\cryptbase.dll

PID
2028
CMD
"C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe" --type=gpu-process --field-trial-handle=1080,15786151774496379567,7409869370519320832,131072 --disable-features=LayoutNG,SpareRendererForSitePerProcess --gpu-preferences=IAAAAAAAAADgAAAgAAAAAAAAYAAAAAAACAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --use-gl=swiftshader-webgl --service-request-channel-token=5224380338433302320 --mojo-platform-channel-handle=1308 --ignored=" --type=renderer " /prefetch:2
Path
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe
Indicators
No indicators
Parent process
WeMod.exe
User
admin
Integrity Level
LOW
Exit code
4
Version:
Company
WeMod
Description
WeMod - Cheats and Mods
Version
6.2.7
Modules
Image
c:\users\admin\appdata\local\wemod\app-6.2.7\wemod.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\wemod\app-6.2.7\ffmpeg.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\hid.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\users\admin\appdata\local\wemod\app-6.2.7\d3dcompiler_47.dll
c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
c:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll

PID
2844
CMD
C:\Users\admin\AppData\Local\WeMod\Update.exe --checkForUpdate https://api.wemod.com/client/channels/stable
Path
C:\Users\admin\AppData\Local\WeMod\Update.exe
Indicators
Parent process
WeMod.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\wemod\update.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\97e047cf68e9a7d90e196d072cd49cac\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\e071297bb06faa961bef045ae5f25fdc\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\21a1606b6c00f9abe7db55c02e0f87c9\system.core.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\0d5a8e6f89227cc5d954e65856f9cf1a\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\e7873d3bd71f6122c2a954be1bb5bb28\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\b34cda03a984c515b31faf410e5b7e39\presentationframework.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\4d290752f65a065fcde70178562c3383\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\system32\msvcp120_clr0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.web\7c32e936a07e0c7d9cae3ac27497f613\system.web.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\cd03f9386e02f56502e01a25ddd7e0a7\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\7c8f75f367134a030cba4a127dc62a2f\system.xml.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\webengine4.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runteb92aa12#\62a6b39f4f68c25dfd2f6308d7541401\system.runtime.serialization.ni.dll

Registry activity

Total events
1731
Read events
1622
Write events
109
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
1896
WeMod-Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WeMod-Setup_RASAPI32
EnableFileTracing
0
1896
WeMod-Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WeMod-Setup_RASAPI32
EnableConsoleTracing
0
1896
WeMod-Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WeMod-Setup_RASAPI32
FileTracingMask
4294901760
1896
WeMod-Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WeMod-Setup_RASAPI32
ConsoleTracingMask
4294901760
1896
WeMod-Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WeMod-Setup_RASAPI32
MaxFileSize
1048576
1896
WeMod-Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WeMod-Setup_RASAPI32
FileDirectory
%windir%\tracing
1896
WeMod-Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WeMod-Setup_RASMANCS
EnableFileTracing
0
1896
WeMod-Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WeMod-Setup_RASMANCS
EnableConsoleTracing
0
1896
WeMod-Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WeMod-Setup_RASMANCS
FileTracingMask
4294901760
1896
WeMod-Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WeMod-Setup_RASMANCS
ConsoleTracingMask
4294901760
1896
WeMod-Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WeMod-Setup_RASMANCS
MaxFileSize
1048576
1896
WeMod-Setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\WeMod-Setup_RASMANCS
FileDirectory
%windir%\tracing
1896
WeMod-Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
1896
WeMod-Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
1896
WeMod-Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1896
WeMod-Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1896
WeMod-Setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
1896
WeMod-Setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
1896
WeMod-Setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
1896
WeMod-Setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
1896
WeMod-Setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
1896
WeMod-Setup.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
1896
WeMod-Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE
LastScavenge
1
1896
WeMod-Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE
LastScavenge_TIMESTAMP
528EA7D04896D501
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1944
Update.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
1944
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
EnableFileTracing
0
1944
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
EnableConsoleTracing
0
1944
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
FileTracingMask
4294901760
1944
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
ConsoleTracingMask
4294901760
1944
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
MaxFileSize
1048576
1944
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASAPI32
FileDirectory
%windir%\tracing
1944
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
EnableFileTracing
0
1944
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
EnableConsoleTracing
0
1944
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
FileTracingMask
4294901760
1944
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
ConsoleTracingMask
4294901760
1944
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
MaxFileSize
1048576
1944
Update.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Update_RASMANCS
FileDirectory
%windir%\tracing
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WeMod
DisplayIcon
C:\Users\admin\AppData\Local\WeMod\app.ico
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WeMod
DisplayName
WeMod
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WeMod
DisplayVersion
6.2.7
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WeMod
InstallDate
20191108
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WeMod
InstallLocation
C:\Users\admin\AppData\Local\WeMod
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WeMod
Publisher
WeMod
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WeMod
QuietUninstallString
"C:\Users\admin\AppData\Local\WeMod\Update.exe" --uninstall -s
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WeMod
UninstallString
"C:\Users\admin\AppData\Local\WeMod\Update.exe" --uninstall
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WeMod
URLUpdateInfo
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WeMod
EstimatedSize
62007
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WeMod
NoModify
1
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WeMod
NoRepair
1
1944
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\WeMod
Language
1033
2660
WeMod.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
WeMod.exe
1316
Update.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
3452
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3452
Update.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3964
WeMod.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
WeMod.exe
3964
WeMod.exe
write
HKEY_CLASSES_ROOT\wemod
URL Protocol
3964
WeMod.exe
write
HKEY_CLASSES_ROOT\wemod
URL:wemod
3964
WeMod.exe
write
HKEY_CLASSES_ROOT\wemod\shell\open\command
"C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe" "%1"
3964
WeMod.exe
write
HKEY_CLASSES_ROOT\infinity
URL Protocol
3964
WeMod.exe
write
HKEY_CLASSES_ROOT\infinity
URL:infinity
3964
WeMod.exe
write
HKEY_CLASSES_ROOT\infinity\shell\open\command
"C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe" "%1"
3964
WeMod.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US
2248
WeMod.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
WeMod.exe
2844
Update.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
LanguageList
en-US

Files activity

Executable files
15
Suspicious files
6
Text files
20
Unknown types
59

Dropped files

PID
Process
Filename
Type
3856
WeMod-6.2.7[1].exe
C:\Users\admin\AppData\Local\SquirrelTemp\Update.exe
executable
MD5: 6c8fdb5c1429e2594c3cf9c11ba9ee1c
SHA256: 78c393d4e54e59a5b744807cb79bd664bc4cdaefdc85dcf3772f5e302f5d86cf
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\squirrel.exe
executable
MD5: 0768ee8e954dc97c5296ed8fce1174db
SHA256: 7ea2bc35a69120bb4f0cafc90a5b07803ac7f5fb25299c7189d419cd185d2f81
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\libEGL.dll
executable
MD5: a04ad4c7bdf609a15dd6e4526626df95
SHA256: 516093cc14acd1c294b029b5bf934b6af52c844fef55daeaa0e69c4f256182d6
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\Infinity.exe
executable
MD5: ed1130f9bd209ade016fe90eaeaf41b9
SHA256: 1bc1a92068044412063008a82243d9b6ce7549e17cdb8b9e74fa746d0bb79752
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe
executable
MD5: 2f3a4c3e629c8961abb055c67b51ea33
SHA256: dc6f4e3be2299be4e89e0344005ac9dd3b1bf286553ea04e3392d46eb756e88c
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\ffmpeg.dll
executable
MD5: c223f6d84d8d2900843af1b6efe488b5
SHA256: ce6139693c583df09bccbabbc1b12df743410a3a2452d98ef36ad56bbd1b8d48
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\d3dcompiler_47.dll
executable
MD5: d2d0ff97605d2c2f8921e93062eb01ff
SHA256: 4056e0804a13d791362555636ba34158fade7c1e71599e415a285de1472d83d5
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\WeMod.exe
executable
MD5: 8e0fef893f17896f209fb14f0500848a
SHA256: 641506c140a85dc580c009ba5a5a6cd466845dbc1993f7e5ceadf5542ec393bd
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\Update.exe
executable
MD5: 6c8fdb5c1429e2594c3cf9c11ba9ee1c
SHA256: 78c393d4e54e59a5b744807cb79bd664bc4cdaefdc85dcf3772f5e302f5d86cf
3492
Squirrel.exe
C:\Users\admin\AppData\Local\WeMod\Update.exe
executable
MD5: 0768ee8e954dc97c5296ed8fce1174db
SHA256: 7ea2bc35a69120bb4f0cafc90a5b07803ac7f5fb25299c7189d419cd185d2f81
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\resources\app.asar.unpacked\static\unpacked\native\node_sqlite3.node
executable
MD5: ed5b29aadc2ee83ecf748ac4f6db8f49
SHA256: b12de4d301abdcea39773f3dd02bca58d92793d1e0f5d48f89547eaa9c216194
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\libGLESv2.dll
executable
MD5: a092484f7ee088a2299f5c9a7b803c07
SHA256: cc8c057226a256105aa5c0d793427f89ce3e591c933839b58a5424d2b10c1f98
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerLib_x64.dll
executable
MD5: e739561ba0cad190cbd8c4ae69e4857c
SHA256: bf45d6dc9e4208c73c63456362f254e9e900b18fc5439c193959ce8f614bc1da
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerLib_x86.dll
executable
MD5: cfeceac24d48df12cbd410de1c02233d
SHA256: 10cfb4de6f5299dff0a8037b65d739afdf128e5528ec0dbb8d9f6f2001e7d6ac
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\Infinity.exe
executable
MD5: 9daec87f4c3d988bc974e3017d373268
SHA256: 759c15a63bb8b813229315d47a7c7c23e718e188719e98c6a1f79ae8a43a09e7
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\sk.pak
pgc
MD5: c85c1df88e2f77d00b7c3d2404ab19ba
SHA256: 419086c8f14c0e66e78c592357cba028a7f659087a73facc12c54b555ff9ba42
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\GPUCache\index
––
MD5:  ––
SHA256:  ––
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\Code Cache\js\index-dir\the-real-index
binary
MD5: 4e807bfbf1be850855466d2408b6ebdd
SHA256: 4fb9d38a9c4482e1ec6ef0b311fd71321aa8a6cfb9bd1f4ac3ff67aa39c0e68e
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\Code Cache\js\index-dir\temp-index
––
MD5:  ––
SHA256:  ––
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\Code Cache\js\index
text
MD5: 54cb446f628b2ea4a5bce5769910512e
SHA256: fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
3452
Update.exe
C:\Users\admin\AppData\Local\WeMod\SquirrelSetup.log
text
MD5: a3483d2aaf1498209e8f99c35f0dd0fe
SHA256: 79a87fc530b026e0928959cd673ad7430c3b605c636cf038b8d7421fb75ae9af
2844
Update.exe
C:\Users\admin\AppData\Local\WeMod\SquirrelSetup.log
text
MD5: eb7304fb956cfba7a64ae7cd25812ffa
SHA256: edec384b5d673e943c204dffb8462704ab5fadba0a088d80b1593f4febdefc77
3492
Squirrel.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\SquirrelSetup.log
text
MD5: 9fc80f08e5e78f74c7b1b9dd636c66d8
SHA256: 94a749810c28e186dbb31dc70408edf3ca005acd88163bd45e9dd81eb2a100c1
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app.ico
image
MD5: dbd9c3fcec439b53931226fe479c9714
SHA256: 8fcc0d24bb0bb445a46a512ba7c6ea08bd9ca33251fd14c4b4d5b2520296958e
1944
Update.exe
C:\Users\admin\AppData\Local\SquirrelTemp\SquirrelSetup.log
text
MD5: 7edff3393e6dd112f25a9e3dae9351e9
SHA256: 6a5fc4939be673567e009a1f53f5e159e33ce0dbc8061af572cdc2226a22ae7a
1944
Update.exe
C:\Users\admin\AppData\Local\Temp\.squirrel-lock-9DFC3435C4B5D64D0AF82A784017AD8332B2D922
––
MD5:  ––
SHA256:  ––
1944
Update.exe
C:\Users\admin\AppData\Local\Temp\64f552f1-554c-408d-b0eb-b0266340947c.png
––
MD5:  ––
SHA256:  ––
1316
Update.exe
C:\Users\admin\AppData\Local\WeMod\SquirrelSetup.log
text
MD5: e8baac7794c9ff5f702e9516899c6aa2
SHA256: 4f31df582ab92ed62ae1a4f29c0cdfeb58f3dda2da51d9ce1c7a9a761103b881
1316
Update.exe
C:\Users\admin\Desktop\WeMod.lnk
lnk
MD5: b46ed2208f1537f72ec83986eec6fb49
SHA256: d9cda6a2810fa739426e87943183905aa036bb52dfcb7600a30626c92e34bef8
1316
Update.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeMod\WeMod.lnk
lnk
MD5: 3b8ff771218efcd42ec2ffd000ce3177
SHA256: 4d26204dd4dce7148fda0dff2db2e6b0a6a299ad64a449c95ae5c8679d01ba91
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\packages\RELEASES
text
MD5: fc7b6c2afe6fbacd4f65bb44b0bd5c4f
SHA256: 5a4235ccf54c9b0530a19cf394413552244bfcadfd616dd47bb705b6ab046c76
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\packages\SquirrelTemp\tempa
––
MD5:  ––
SHA256:  ––
2844
Update.exe
C:\Users\admin\AppData\Local\WeMod\packages\.betaId
text
MD5: 7bb4a0e92f6784eea8ddb80fe13d4e41
SHA256: 31e3719fdc920f687f3a0534ea7090756043b29b0e78fe5bc7536beeb24f7dae
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\WeMod.exe
––
MD5:  ––
SHA256:  ––
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\v8_context_snapshot.bin
dbf
MD5: 4453a66a6e810591ea9f5122514d7cb7
SHA256: 71a3723be4d336849ad93174116a1d8566a07fd3fe0a3bed781ea386589fb441
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\Local Storage\leveldb\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\snapshot_blob.bin
binary
MD5: f66e0617c6e783e917c37da5469d1764
SHA256: 8e944bda07ab390d3a137413dc74dc72fdc3f16860845d9a54d7c6ecbe00b945
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\resources\electron.asar
asar
MD5: b61369fb1e6b08fdf70ea8b71e2ac3a7
SHA256: a08e71b922d0d579028c40d835cc7b6aaad90f2229972a096938d72c0e386730
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\Local Storage\leveldb\000001.dbtmp
––
MD5:  ––
SHA256:  ––
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\Local Storage\leveldb\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\Cache\f_000001
ini
MD5: 6cadb449e8e59c2576de643e2d3a0624
SHA256: 7182ea5e2d7f1c798ae72e200c4536f14da31d1dbcd1ce3d547afee963904233
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\resources\app.asar.unpacked\static\unpacked\recurly.js
text
MD5: b73aab29ac6de50f6abc3bd04aec0611
SHA256: 37a7ff80c8cafd2900a9285bdeba195bd60058f7df93b0acfa14d849155c75f5
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\resources\app.asar.unpacked\static\unpacked\lock.ico
image
MD5: 72c021946d5fe27cffdfbee9f967fb86
SHA256: ab5e433feae115ac9515db22c8f6c0738cb6150ee10bb119e744ec66305200f6
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\resources\app.asar.unpacked\static\unpacked\icon_white.ico
image
MD5: 94040f14e509e735605e422887a5281a
SHA256: bf505ea77bf0301409e287b5cb160444b573bdc03a9f1627ed6afc46faa938ac
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\resources\app.asar.unpacked\static\unpacked\icon.ico
image
MD5: 38b099c13a11369964f311a4aa15c79e
SHA256: 5afd942916500d93ab2f5bda982b78b251e3a9ef89846aafbb786a9be8858637
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\Cache\data_3
––
MD5:  ––
SHA256:  ––
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\resources\app.asar
––
MD5:  ––
SHA256:  ––
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\resources.pak
––
MD5:  ––
SHA256:  ––
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\natives_blob.bin
binary
MD5: f8ac49858ca8739658ff44c296f8aba6
SHA256: 354ff502a0e1ed73df4e5c7b52970356b04777461f6e169f72a8567ab5f4c317
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\vi.pak
pgc
MD5: d9db64b78080316869f205f42b84260e
SHA256: 50bba0691bc455593d7de384919bf94192146913aa284978562980a9133b6ca6
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\uk.pak
pgc
MD5: 94e1255a4fd96a01b682d11ac2857f7e
SHA256: 0ba7a12ec28551668ed040f61f11e1915fd179523b2666763f8e49ac2fb11f3a
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\th.pak
pgc
MD5: 3996edb53025e36acecf0b73569dd599
SHA256: 9a1d6dbfcea5ca1bb467248621de9264e7d15cf7a258972afc5a290940d49d14
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\tr.pak
pgc
MD5: f23f78a13094fcc5f68305ba17edd890
SHA256: e3adedd4c5ab2fbea3179d1cb6aa9a55f52578d68fb20ca95e3b77412e14a5c5
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\zh-CN.pak
pgc
MD5: 70c1c4a056531bd252abd576a6dbe23c
SHA256: 4761cb1e3c2be71182af806101bace3ab03580ba6734c29aff2510e36b983f4c
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\zh-TW.pak
pgc
MD5: d1a7eb6983ae36dada0089423aa25ff5
SHA256: b3bfc4a6df345e277c2afe97ef29876d25d284c1e260a7cd772ac01b0b4ea6bb
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\sr.pak
pgc
MD5: 9d0189ac9d6572c57f92d779dbf572b4
SHA256: 51a3331c64df68fa6b5afa51436230d4bf37340f87e8b51446b60c0337c81d71
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\sw.pak
pgc
MD5: f0dea2c306f7c4128bb1c9020bd3152b
SHA256: 26ade36d77e0ad25fe6001d2b7fc10a791505af10febe5bdc2034c3e9bfd52af
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\sv.pak
pgc
MD5: 7e39cf773d4ff3a8304054d98a52aaa7
SHA256: 79a69b14451221fa094877e08a04194ccaaca45aeb32c427c42a835476903e0a
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\ta.pak
pgc
MD5: 34170ed9578088395e279dab6779891e
SHA256: 6023a0b405cfd84aaf52fad23e4d85ce5f4bcd22c4ad9ea0ca95a10116c08023
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\te.pak
pgc
MD5: bc498b3197814e8f4376817ec8cf414b
SHA256: a4e25c43dda20a5eaafed9935b367076fef86656c0d61b4c03837c3395e237b4
1896
WeMod-Setup.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 641ecde801353feca110c6cbdb481200
SHA256: ef396865b82cbf38472fba917c558dc4d72bdd983f8f6fbd20a4e270be422fea
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\sl.pak
pgc
MD5: a9cef3cd4d53f1f300ac2d299b87c101
SHA256: 3d85aa7fba2d924472df8c7d04e4e8abd67ae171b3adb5b902a9ca792d31c5e0
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\ru.pak
pgc
MD5: 4e422893fb08d2e180e46bc059bea640
SHA256: b2f042508b8cb880ea4115044450160c14f37cc8f727576d71b36c82e701aa04
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\pt-BR.pak
mmw
MD5: 4a3e81d3e39b36fb1211fc1752d7b95b
SHA256: c75da683669018478081e47733cb22d629d2c236775b8466d8c27eef5b64e393
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\ro.pak
mmw
MD5: 600397c62f8fbc0cd3640f50cd81b3b3
SHA256: 87c6add030f6cc3bc84a29260a23b2c4d1f3e08bcbc7b9faaaba3da0c94dc080
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\pl.pak
pgc
MD5: 7254f3141a5a071a733e9b53fae44be3
SHA256: a3ad9132a1df2dfd42d2c470f427894843d1188b604e3f0d60a24b67d6d2e34a
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\pt-PT.pak
pgc
MD5: e88c02c46cbe28ca596cd2d0af3b8055
SHA256: 925638f7f5c916c307c8253a2aae3b5e970e79bad2e58e97ef00e9f6394935e2
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\nl.pak
mmw
MD5: b41b28cd589ef69f745d718729abd5c8
SHA256: d86217ad4b2e4280e9582be339d9d119ab377057f5660d660a0fa376c253b254
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\mr.pak
pgc
MD5: d54ac6000ce012fd5a3075be7c6d70f2
SHA256: d7ef6d539d677c2b8d4da0ec14f99b000e45154636bfe835318e28f043121e46
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\lv.pak
pgc
MD5: b338329a8422d0ef45c263ff5ef4cc6d
SHA256: 744226520384c563e30fd3782e13dc11f4a5bed0fd34e56fb892a2ebebc97aea
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\ml.pak
pgc
MD5: dedf30380accd2541cd3096f237c9215
SHA256: 045cce3d8c55fbc5915e3bf2d7d2b0bad3fe5c00a9b2862d919219c9315f8ee4
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\nb.pak
pgc
MD5: f46f073d290aa995d57cb28f08d5a0ee
SHA256: 59d80c3c39e8fc6b119a2328399415ffb4f98672ea25ddf4e35f082e07b8dff4
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\ms.pak
pgc
MD5: e5523c2a228b0de32b4754f408c7a1a5
SHA256: d87b26b321eb5c71f43f614bb614aeda23fec04ac776ff0789a5c49caf6e2c36
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\it.pak
mmw
MD5: f0f779a553d7580d9d676c78c2226f98
SHA256: a689d421713522e324e8ec21dde26e0320fa917a6cdeee80851df718d408ee07
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\ko.pak
pgc
MD5: 333e02e59052aa504ac7e6d1ea514fb4
SHA256: 4c7e3f8b4413aec0bfdc63c51dbbb13e921bb5317812593a0384952e950531a0
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\kn.pak
pgc
MD5: ad74b49e9f71e9e0bdbe508a333c4983
SHA256: 92979cd8a3ff19caa809fa98b86ad9e20003765f74037c121de7c7da0dbda7bc
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\lt.pak
pgc
MD5: 470f90fd450268c2a15bc06fbceab12c
SHA256: ddd5759958195f9dbc0dcf9a87249ac6e4903765259cee05fb38bb0f5fe2219f
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\id.pak
pgc
MD5: 50e2d1b9f8d432320cbe66eafad70df8
SHA256: 8a87e9fc53fe0b50d42d7c01df3f6fceea62a236ae7a966bdfe7dfb8a014f180
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\ja.pak
pgc
MD5: 7eba1dcb193cde051426472521cb3606
SHA256: 51323052be0d9ee800e2b9c01447d8d8f729d19cb753d05ba0b8df4c67e30904
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\hi.pak
pgc
MD5: decec483557e4ee4e871a075fb50f0c0
SHA256: 7c3d715b9845a497ebb54de25e612eba616a867c3ac1d50b432223cd3b034e6d
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\hu.pak
pgc
MD5: 4bc176e0f485bef9e52dcf61f827cec5
SHA256: 7788dc3c356d557d6f8cd56f037baf4329bb5869db0e6a4f5499181fa9e7e0dc
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\he.pak
pgc
MD5: 1b100f48ef249aa2222514366639e8fc
SHA256: d79edb71d629bd637fbd8a928a820a0e5c103398c6c947d53a991f98da1ad928
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\hr.pak
pgc
MD5: e739425a85417d87fbabc3cbc173f642
SHA256: 564f8a0575e7565f53483f33b8bddd3da45b5a781a9387b50071740c700f2c1d
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\fr.pak
pgc
MD5: 6acbb5c396d8343c1d39c180abdeda87
SHA256: de68634d3cc23ea9437e7247e92f07dcba48b172040c9a67c3a8fe0a0a0832ea
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\fil.pak
mmw
MD5: 64b5e8c877093f7ebe533f91c17bfeea
SHA256: 0d75d674bb9ffa9cb4241763dc2e2bd9d7d591cd11751ee08d1d4386a1e9bc6e
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\gu.pak
pgc
MD5: 7b90200d7416bd34c6bc1d87f0b47bb7
SHA256: 128ea73a35f3d5e291df90c3725773e51239fcfadb266fad54b62cb6b222ced1
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\es.pak
pgc
MD5: 92de3007bbfb457d64c9be1997c55303
SHA256: 0329753e45d1b2fa403556049421073dbc74833ce9694069bad0dcde80ef3be7
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\es-419.pak
pgc
MD5: dd713ae82b5741349dea314551764741
SHA256: 0e16a5036d0829b5821c57716929935ebdc9b8847a51387dea4dea33a76a49ef
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\et.pak
pgc
MD5: d8fda5b1d04b489234b66ace098427ab
SHA256: 3d55a9c7200642a2379f832c653a9da68ed591e8da30abd49228381705883a38
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\fi.pak
pgc
MD5: 0585f289b218f3b3c3c860d65f886ae5
SHA256: 1ad36d9cb50284d3af66564bfd9975a159630c4977480b09ad67ef4da3af1a72
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\fa.pak
pgc
MD5: b1e2a130dd68f336b9fea685812687c8
SHA256: ec8ebe00a70a227349186d111c6f0f7b46ded3bc5ba91c5cb34506435df78e03
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\ca.pak
pgc
MD5: 3102fd61444837ab5893c9ea60643155
SHA256: 4e1f3caed46577032a11834497c38274888a1aecebfc85a86b534ce3923d0ccc
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\en-US.pak
pgc
MD5: 15e8556f737d17bd4d645513ee190990
SHA256: 12e4fd083a49e038578ea2993e6c88239083c8d098231527eee861299a4e1c99
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\da.pak
pgc
MD5: 8dcd64bb0a0da02e8b6a5c839f3e991e
SHA256: 75db39f6785dac10550579f5a05d1415fa4a7b0a034263e0131ac18e70ef320a
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\en-GB.pak
pgc
MD5: 1f4d5048d57cb612a6d1a8b58cd6a590
SHA256: cdd240440f1e23114f00afde70ace2ad6e497319941b61067f9712abdb2a3814
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\de.pak
pgc
MD5: 4883e792e4097f9021806b60959c32ac
SHA256: e4630d8059e25a0119874eca6a9759915ece6b241d1f01fde8f8f686f770bd72
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\el.pak
pgc
MD5: 74676c037cd3655a29926c9a9f488d5d
SHA256: 00e6e0c6830da458a42cc80d7124db6b3983def408e7f13ea9ba126daa5c4375
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\cs.pak
pgc
MD5: 695b25666425d89e3a23d21b7514e5aa
SHA256: 69fba694c5ce9d10ec0dda38edc2689e0d12b3b73b257b3ba6ed5ec986e9d748
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\Cache\data_2
––
MD5:  ––
SHA256:  ––
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\ar.pak
pgc
MD5: 9304c7491e32af17fe2dc362fe0bd068
SHA256: f3e1520f2a799b8a2916ed50370a3d7608546504acba832528a6589c40bcb96d
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\am.pak
pgc
MD5: 5243586ab8ba46819f25ba4d101c37e2
SHA256: 4db1017a857cee4c332e72a1591aca5e74a4e37c747bbfb9a9ef0c70c04a5b21
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\LICENSE
text
MD5: f8436f54558748146ec7ebd61ca6ac38
SHA256: 34f6f27c26d1bb8682ebb42ae401f558228fd608455bd7c6561d5fd500b7d05b
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\bg.pak
pgc
MD5: 14d4009f946c4a7b78489b07df5aa82e
SHA256: e420764af35aa734c221240061940eaefa41d397341fec7dd733a1423d76e272
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\locales\bn.pak
pgc
MD5: ff3cd4b973750a923d7abfbbeeebc8eb
SHA256: 19a95c12d011776ad2d128c71018de6bf4b9aa8346284bee28d42778e2289e3e
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\Cache\data_1
––
MD5:  ––
SHA256:  ––
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\Cache\data_0
––
MD5:  ––
SHA256:  ––
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\Cache\index
––
MD5:  ––
SHA256:  ––
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\icudtl.dat
––
MD5:  ––
SHA256:  ––
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\chrome_200_percent.pak
pgc
MD5: 879f88cafa5714994744bde20e7bd2c2
SHA256: 76126341d0dc2b4b6ddccf30559709e6a856cd47148107808bd18ceb16ed1df3
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\app-6.2.7\chrome_100_percent.pak
pgc
MD5: 8d56d44c318d122f7931d03ba435f00b
SHA256: fcb4faaa82d13d90c42dfa0669f67391b3124d30310d0f4c510f31412974cab2
1944
Update.exe
C:\Users\admin\AppData\Local\WeMod\packages\WeMod-6.2.7-full.nupkg
––
MD5:  ––
SHA256:  ––
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
3856
WeMod-6.2.7[1].exe
C:\Users\admin\AppData\Local\SquirrelTemp\WeMod-6.2.7-full.nupkg
––
MD5:  ––
SHA256:  ––
3964
WeMod.exe
C:\Users\admin\AppData\Roaming\WeMod\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
3856
WeMod-6.2.7[1].exe
C:\Users\admin\AppData\Local\SquirrelTemp\background.gif
image
MD5: 0bc30810d91ef71a9c774a08a9536652
SHA256: 2fcbd6033c3258d4363c727680c786a320e7bf9d463e0f44b1b0e123aca8ef12
3856
WeMod-6.2.7[1].exe
C:\Users\admin\AppData\Local\SquirrelTemp\setupIcon.ico
image
MD5: dbd9c3fcec439b53931226fe479c9714
SHA256: 8fcc0d24bb0bb445a46a512ba7c6ea08bd9ca33251fd14c4b4d5b2520296958e
3856
WeMod-6.2.7[1].exe
C:\Users\admin\AppData\Local\SquirrelTemp\RELEASES
text
MD5: fc7b6c2afe6fbacd4f65bb44b0bd5c4f
SHA256: 5a4235ccf54c9b0530a19cf394413552244bfcadfd616dd47bb705b6ab046c76
1896
WeMod-Setup.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\WeMod-6.2.7[1].exe
––
MD5:  ––
SHA256:  ––
2844
Update.exe
C:\Users\admin\AppData\Local\Temp\.squirrel-lock-9DFC3435C4B5D64D0AF82A784017AD8332B2D922
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
0
TCP/UDP connections
10
DNS requests
9
Threats
0

HTTP requests

No HTTP requests.

Connections

PID Process IP ASN CN Reputation
1896 WeMod-Setup.exe 104.24.27.12:443 Cloudflare Inc US shared
1896 WeMod-Setup.exe 104.24.26.12:443 Cloudflare Inc US shared
1944 Update.exe 104.24.26.12:443 Cloudflare Inc US shared
3964 WeMod.exe 216.58.207.40:443 Google Inc. US whitelisted
3964 WeMod.exe 104.24.26.12:443 Cloudflare Inc US shared
2844 Update.exe 104.24.27.12:443 Cloudflare Inc US shared
–– –– 3.232.151.45:443 US unknown
–– –– 216.58.207.78:443 Google Inc. US whitelisted
–– –– 185.172.148.132:443 proinity GmbH DE malicious

DNS requests

Domain IP Reputation
api.wemod.com 104.24.27.12
104.24.26.12
unknown
storage-cdn.wemod.com 104.24.26.12
104.24.27.12
unknown
www.googletagmanager.com 216.58.207.40
whitelisted
ws.pusherapp.com 3.232.151.45
18.205.132.29
174.129.78.50
3.220.236.99
54.85.229.255
3.234.84.213
54.88.34.75
18.214.199.84
unknown
www.google-analytics.com 216.58.207.78
whitelisted
api-cdn.wemod.com 185.172.148.132
suspicious
community.wemod.com 104.24.27.12
104.24.26.12
unknown

Threats

No threats detected.

Debug output strings

No debug info.