Windows Analysis Report
https://www.wemod.com/fr/download?title_id=16170

Overview

General Information

Sample URL: https://www.wemod.com/fr/download?title_id=16170
Analysis ID: 1432184
Infos:

Detection

Score: 26
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Signatures

Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Source: https://td.doubleclick.net/td/rul/946705537?random=1714142406178&cv=11&fst=1714142406178&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be44o0v9168888440za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.wemod.com%2Ffr%2Fdownload%3Ftitle_id%3D16170&label=BY2LCI-E55ABEIGptsMD&hn=www.googleadservices.com&frm=0&tiba=Merci%20pour%20le%20t%C3%A9l%C3%A9chargement!%20%7C%20WeMod&ga_uid=G-K7ZLZSR0WX.85a87e78-cc50-40fb-adbb-4d28b806910f&gtm_ee=1&npa=0&pscdl=noapi&auid=1483828468.1714142406&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&ct_cookie_present=0 HTTP Parser: No favicon
Source: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.wemod.com HTTP Parser: No favicon
Source: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.fr.html#dnt=false&id=twitter-widget-0&lang=fr&original_referer=https%3A%2F%2Fwww.wemod.com%2Ffr%2Fdownload%3Ftitle_id%3D16170&size=l&text=Je%20viens%20de%20t%C3%A9l%C3%A9charger%20l%27application%20%40WeMod.%20C%27est%20l%27application%20pour%20les%20joueurs%20qui%20aiment%20le%20modding%20et%20les%20codes%20de%20triche!&time=1714142407953&type=mention&url=https%3A%2F%2Fwww.wemod.com%2Ffr HTTP Parser: No favicon
Source: https://www.facebook.com/v3.0/plugins/share_button.php?app_id=416727938524079&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfc6c667e2ad193fb3%26domain%3Dwww.wemod.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.wemod.com%252Ff4fd7a2d4959f1ffa%26relation%3Dparent.parent&container_width=44&href=https%3A%2F%2Fwww.wemod.com%2Ffr&layout=button_count&locale=en_US&mobile_iframe=true&sdk=joey&size=large HTTP Parser: No favicon
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 104.22.42.75:443 -> 192.168.2.16:49860 version: TLS 1.0
Source: unknown HTTPS traffic detected: 104.22.43.75:443 -> 192.168.2.16:49861 version: TLS 1.0
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log
Source: unknown HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49833 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49836 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49837 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.22.42.75:443 -> 192.168.2.16:49843 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.35.176.124:443 -> 192.168.2.16:49848 version: TLS 1.2

Networking
barindex
Yara detected Generic Downloader
Source: Yara match File source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, type: DROPPED
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 104.22.42.75:443 -> 192.168.2.16:49860 version: TLS 1.0
Source: unknown HTTPS traffic detected: 104.22.43.75:443 -> 192.168.2.16:49861 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 23.50.115.134
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: unknown TCP traffic detected without corresponding DNS query: 23.204.76.112
Source: global traffic DNS traffic detected: DNS query: www.wemod.com
Source: global traffic DNS traffic detected: DNS query: www.googleoptimize.com
Source: global traffic DNS traffic detected: DNS query: cdn-4.convertexperiments.com
Source: global traffic DNS traffic detected: DNS query: api-cdn.wemod.com
Source: global traffic DNS traffic detected: DNS query: connect.facebook.net
Source: global traffic DNS traffic detected: DNS query: platform.twitter.com
Source: global traffic DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: syndication.twitter.com
Source: global traffic DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: www.facebook.com
Source: global traffic DNS traffic detected: DNS query: twitter.com
Source: global traffic DNS traffic detected: DNS query: static.xx.fbcdn.net
Source: global traffic DNS traffic detected: DNS query: api.wemod.com
Source: global traffic DNS traffic detected: DNS query: api2.amplitude.com
Source: global traffic DNS traffic detected: DNS query: storage-cdn.wemod.com
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49833 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49836 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49837 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.22.42.75:443 -> 192.168.2.16:49843 version: TLS 1.2
Source: unknown HTTPS traffic detected: 52.35.176.124:443 -> 192.168.2.16:49848 version: TLS 1.2
Source: classification engine Classification label: sus26.troj.win@31/183@51/139
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Mutant created: NULL
Source: C:\Windows\System32\OpenWith.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6788:120:WilError_03
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe File created: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe File read: C:\Users\desktop.ini
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.wemod.com/fr/download?title_id=16170
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1976,i,2299417469959108728,14694640905771996478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 --field-trial-handle=1976,i,2299417469959108728,14694640905771996478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1976,i,2299417469959108728,14694640905771996478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 --field-trial-handle=1976,i,2299417469959108728,14694640905771996478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe "C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe "C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe"
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process created: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe "C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe" --silent
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe "C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe" --silent --rerunningWithoutUAC
Source: unknown Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Process created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --silent --rerunningWithoutUAC
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process created: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe "C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe" --silent
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe "C:\Users\user\AppData\Local\WeMod\app-8.19.0\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\WeMod.exe "C:\Users\user\AppData\Local\WeMod\app-8.19.0\WeMod.exe" --squirrel-install 8.19.0
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Process created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --silent --rerunningWithoutUAC
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe "C:\Users\user\AppData\Local\WeMod\app-8.19.0\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: mscoree.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: version.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: uxtheme.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: ieframe.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: iertutil.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: netapi32.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: userenv.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: winhttp.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: wkscli.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: netutils.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: sxs.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: dwrite.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: dataexchange.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: d3d11.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: dcomp.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: dxgi.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: twinapi.appcore.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: msiso.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: windowscodecs.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: textshaping.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: dwmapi.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: propsys.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: urlmon.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: srvcli.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: mswsock.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: winnsi.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: mshtml.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: powrprof.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: umpdc.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: dnsapi.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: schannel.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: mskeyprotect.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: ntasn1.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: msasn1.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: gpapi.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: ncrypt.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: ncryptsslp.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: srpapi.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: secur32.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: mlang.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: jscript9.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: d2d1.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: d3d10warp.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: dxcore.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: msimtf.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: xmllite.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: textinputframework.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: coremessaging.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: wintypes.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: uianimation.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: rasapi32.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: rasman.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: rtutils.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: apphelp.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: edputil.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Section loaded: actxprxy.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: logoncli.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: logoncli.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: uxtheme.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.storage.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: wldp.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: twinui.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: wintypes.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: powrprof.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: dwmapi.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: pdh.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: umpdc.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: actxprxy.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: ieframe.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: iertutil.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: netapi32.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: version.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: userenv.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: winhttp.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: wkscli.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: netutils.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: secur32.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: mlang.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: propsys.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: wininet.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: profapi.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: urlmon.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.ui.appdefaults.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.ui.immersive.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: ntmarta.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: uiautomationcore.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: dui70.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: duser.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: dwrite.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: bcp47mrm.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: uianimation.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: d3d11.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: dxgi.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: dxcore.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: dcomp.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: oleacc.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: edputil.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.ui.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windowmanagementapi.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: textinputframework.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: inputhost.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: apphelp.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: appresolver.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: bcp47langs.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: slc.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: sppc.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: tiledatarepository.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: staterepository.core.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.staterepository.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: wtsapi32.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: windows.staterepositorycore.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: mrmcorer.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: thumbcache.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: sxs.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: directmanipulation.dll
Source: C:\Windows\System32\OpenWith.exe Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Drops PE files
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x86.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\GameLauncher.exe Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\521db30f-775a-46dd-ae3f-68b4228ff956.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\ffmpeg.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\libEGL.dll Jump to dropped file
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe File created: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerHost_x64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\WeMod.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe File created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerLib_x64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\Microsoft.Management.Infrastructure.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerHost_x86.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\stub\TrainerLib_x86.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\stub\TrainerLib_x64.dll Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\Downloads\Unconfirmed 468499.crdownload Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerLib_x86.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\WeMod.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\System.Management.Automation.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe File created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Process information set: NOOPENFILEERRORBOX
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 20F88990000 memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 20FA2330000 memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A62D0000 memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 20FA4860000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 20FA48A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 20FA48C0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 20FA48E0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 20FA4960000 memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A9190000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A91B0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A91D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A91F0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A9210000 memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A9750000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A97A0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A9840000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A9890000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A9920000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A98B0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A9860000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 20FA2C10000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A98B0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A98D0000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A9860000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: 217A9750000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Memory allocated: 2690000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Memory allocated: 1A910000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Memory allocated: 13F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Memory allocated: 1B340000 memory reserve | memory write watch
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 599201
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 599089
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Thread delayed: delay time: 922337203685477
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Window / User API: threadDelayed 9618
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Window / User API: threadDelayed 791
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Window / User API: threadDelayed 9045
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x86.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\GameLauncher.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerLib_x64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerHost_x86.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\Microsoft.Management.Infrastructure.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\stub\TrainerLib_x86.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\ffmpeg.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\stub\TrainerLib_x64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerHost_x64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerLib_x86.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\WeMod.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x64.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\System.Management.Automation.dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 1228 Thread sleep count: 9618 > 30
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 1228 Thread sleep count: 152 > 30
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -99873s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -99761s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -99649s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -99537s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -99409s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -99282s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -99170s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -99058s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -98947s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -98835s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -98723s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -98595s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -599201s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604 Thread sleep time: -599089s >= -30000s
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 7704 Thread sleep count: 791 > 30
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 7704 Thread sleep count: 9045 > 30
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 3044 Thread sleep time: -12912720851596678s >= -30000s
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 100000
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 99873
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 99761
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 99649
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 99537
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 99409
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 99282
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 99170
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 99058
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 98947
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 98835
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 98723
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 98595
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 599201
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Thread delayed: delay time: 599089
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Thread delayed: delay time: 922337203685477
Enables debug privileges
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process token adjusted: Debug
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Memory allocated: page read and write | page guard
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Process created: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe "C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe" --silent
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Process created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe "C:\Users\user\AppData\Local\WeMod\app-8.19.0\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\userbril.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Queries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe Queries volume information: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe VolumeInformation
Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe Queries volume information: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe VolumeInformation
Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.189.142
 unknown United States
15169 GOOGLEUS false
192.178.50.78
 unknown United States
15169 GOOGLEUS false
146.75.124.157
 platform.twitter.map.fastly.net Sweden
30051 SCCGOVUS false
172.67.25.118
 unknown United States
13335 CLOUDFLARENETUS false
104.22.42.75
 api-cdn.wemod.com United States
13335 CLOUDFLARENETUS false
157.240.14.19
 scontent.xx.fbcdn.net United States
32934 FACEBOOKUS false
142.250.64.238
 unknown United States
15169 GOOGLEUS false
157.240.14.35
 star-mini.c10r.facebook.com United States
32934 FACEBOOKUS false
104.244.42.72
 unknown United States
13414 TWITTERUS false
142.250.64.162
 googleads.g.doubleclick.net United States
15169 GOOGLEUS false
74.125.196.84
 unknown United States
15169 GOOGLEUS false
72.21.91.66
 cs41.wac.edgecastcdn.net United States
15133 EDGECASTUS false
172.217.15.202
 unknown United States
15169 GOOGLEUS false
142.250.64.164
 unknown United States
15169 GOOGLEUS false
142.251.35.238
 unknown United States
15169 GOOGLEUS false
142.250.217.168
 unknown United States
15169 GOOGLEUS false
52.35.176.124
 api2.amplitude.com United States
16509 AMAZON-02US false
142.250.189.130
 unknown United States
15169 GOOGLEUS false
1.1.1.1
 unknown Australia
13335 CLOUDFLARENETUS false
192.178.50.46
 www.googleoptimize.com United States
15169 GOOGLEUS false
23.39.130.103
 unknown United States
16625 AKAMAI-ASUS false
104.244.42.136
 syndication.twitter.com United States
13414 TWITTERUS false
104.22.43.75
 storage-cdn.wemod.com United States
13335 CLOUDFLARENETUS false
142.250.217.228
 www.google.com United States
15169 GOOGLEUS false
172.217.193.155
 stats.g.doubleclick.net United States
15169 GOOGLEUS false
142.250.64.195
 unknown United States
15169 GOOGLEUS false
142.250.217.196
 unknown United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
31.13.67.20
 unknown Ireland
32934 FACEBOOKUS false
142.250.217.195
 unknown United States
15169 GOOGLEUS false
142.250.217.194
 td.doubleclick.net United States
15169 GOOGLEUS false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
star-mini.c10r.facebook.com 157.240.14.35 true
twitter.com 104.244.42.193 true
storage-cdn.wemod.com 104.22.43.75 true
api-cdn.wemod.com 104.22.42.75 true
cs41.wac.edgecastcdn.net 72.21.91.66 true
platform.twitter.map.fastly.net 146.75.124.157 true
syndication.twitter.com 104.244.42.136 true
www.googleoptimize.com 192.178.50.46 true
stats.g.doubleclick.net 172.217.193.155 true
api2.amplitude.com 52.35.176.124 true
scontent.xx.fbcdn.net 157.240.14.19 true
googleads.g.doubleclick.net 142.250.64.162 true
td.doubleclick.net 142.250.217.194 true
www.google.com 142.250.217.228 true
www.wemod.com 104.22.42.75 true
api.wemod.com 104.22.42.75 true
www.facebook.com unknown unknown
connect.facebook.net unknown unknown
static.xx.fbcdn.net unknown unknown
platform.twitter.com unknown unknown
cdn-4.convertexperiments.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.wemod.com/fr/download?title_id=16170 false
    		high
    https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.fr.html#dnt=false&id=twitter-widget-0&lang=fr&original_referer=https%3A%2F%2Fwww.wemod.com%2Ffr%2Fdownload%3Ftitle_id%3D16170&size=l&text=Je%20viens%20de%20t%C3%A9l%C3%A9charger%20l%27application%20%40WeMod.%20C%27est%20l%27application%20pour%20les%20joueurs%20qui%20aiment%20le%20modding%20et%20les%20codes%20de%20triche!&time=1714142407953&type=mention&url=https%3A%2F%2Fwww.wemod.com%2Ffr false
      		high
      https://www.facebook.com/v3.0/plugins/share_button.php?app_id=416727938524079&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfc6c667e2ad193fb3%26domain%3Dwww.wemod.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.wemod.com%252Ff4fd7a2d4959f1ffa%26relation%3Dparent.parent&container_width=44&href=https%3A%2F%2Fwww.wemod.com%2Ffr&layout=button_count&locale=en_US&mobile_iframe=true&sdk=joey&size=large false
        		high
        about:blank false
        • Avira URL Cloud: safe
        		 low
        https://td.doubleclick.net/td/ga/rul?tid=G-K7ZLZSR0WX&gacid=1302397294.1714142404&gtm=45je44o0v873416052za200&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&z=1222630508 false
          		high
          https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.wemod.com false
            		high