Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.wemod.com/fr/download?title_id=16170

Overview

General Information

Sample URL:https://www.wemod.com/fr/download?title_id=16170
Analysis ID:1432184
Infos:

Detection

Score:26
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook
Sample may be VM or Sandbox-aware, try analysis on a native machine
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 7152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.wemod.com/fr/download?title_id=16170 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6404 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1976,i,2299417469959108728,14694640905771996478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7368 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 --field-trial-handle=1976,i,2299417469959108728,14694640905771996478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • Kingdom Come Deliverance Trainer Setup.exe (PID: 8000 cmdline: "C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe" MD5: 5A901473EED357A469CD3714CDB34497)
      • WeMod-Setup-638497392249616615.exe (PID: 6728 cmdline: "C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe" --silent MD5: 9B9C15FECCBE912524D4F80E40CD1E9D)
  • WeMod-Setup-638497392249616615.exe (PID: 8160 cmdline: "C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe" --silent --rerunningWithoutUAC MD5: 9B9C15FECCBE912524D4F80E40CD1E9D)
    • Update.exe (PID: 8128 cmdline: "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --silent --rerunningWithoutUAC MD5: 29E758ECE3084E87314D6D2847F21102)
      • squirrel.exe (PID: 2332 cmdline: "C:\Users\user\AppData\Local\WeMod\app-8.19.0\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe MD5: 7331D1B5732B0CF12C8B58B56E6BF220)
      • WeMod.exe (PID: 2476 cmdline: "C:\Users\user\AppData\Local\WeMod\app-8.19.0\WeMod.exe" --squirrel-install 8.19.0 MD5: 4A9CD564AF1282FEB428F373080089F9)
  • OpenWith.exe (PID: 6788 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\SquirrelTemp\Update.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results
    Source: https://td.doubleclick.net/td/rul/946705537?random=1714142406178&cv=11&fst=1714142406178&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be44o0v9168888440za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.wemod.com%2Ffr%2Fdownload%3Ftitle_id%3D16170&label=BY2LCI-E55ABEIGptsMD&hn=www.googleadservices.com&frm=0&tiba=Merci%20pour%20le%20t%C3%A9l%C3%A9chargement!%20%7C%20WeMod&ga_uid=G-K7ZLZSR0WX.85a87e78-cc50-40fb-adbb-4d28b806910f&gtm_ee=1&npa=0&pscdl=noapi&auid=1483828468.1714142406&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&ct_cookie_present=0HTTP Parser: No favicon
    Source: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.wemod.comHTTP Parser: No favicon
    Source: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.fr.html#dnt=false&id=twitter-widget-0&lang=fr&original_referer=https%3A%2F%2Fwww.wemod.com%2Ffr%2Fdownload%3Ftitle_id%3D16170&size=l&text=Je%20viens%20de%20t%C3%A9l%C3%A9charger%20l%27application%20%40WeMod.%20C%27est%20l%27application%20pour%20les%20joueurs%20qui%20aiment%20le%20modding%20et%20les%20codes%20de%20triche!&time=1714142407953&type=mention&url=https%3A%2F%2Fwww.wemod.com%2FfrHTTP Parser: No favicon
    Source: https://www.facebook.com/v3.0/plugins/share_button.php?app_id=416727938524079&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfc6c667e2ad193fb3%26domain%3Dwww.wemod.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.wemod.com%252Ff4fd7a2d4959f1ffa%26relation%3Dparent.parent&container_width=44&href=https%3A%2F%2Fwww.wemod.com%2Ffr&layout=button_count&locale=en_US&mobile_iframe=true&sdk=joey&size=largeHTTP Parser: No favicon
    Source: unknownHTTPS traffic detected: 104.22.42.75:443 -> 192.168.2.16:49860 version: TLS 1.0
    Source: unknownHTTPS traffic detected: 104.22.43.75:443 -> 192.168.2.16:49861 version: TLS 1.0
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log
    Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49833 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49836 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49837 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.22.42.75:443 -> 192.168.2.16:49843 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 52.35.176.124:443 -> 192.168.2.16:49848 version: TLS 1.2

    Networking

    barindex
    Yara detected Generic Downloader
    Source: Yara matchFile source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, type: DROPPED
    Source: unknownHTTPS traffic detected: 104.22.42.75:443 -> 192.168.2.16:49860 version: TLS 1.0
    Source: unknownHTTPS traffic detected: 104.22.43.75:443 -> 192.168.2.16:49861 version: TLS 1.0
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownTCP traffic detected without corresponding DNS query: 23.50.115.134
    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
    Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
    Source: unknownTCP traffic detected without corresponding DNS query: 23.204.76.112
    Source: global trafficDNS traffic detected: DNS query: www.wemod.com
    Source: global trafficDNS traffic detected: DNS query: www.googleoptimize.com
    Source: global trafficDNS traffic detected: DNS query: cdn-4.convertexperiments.com
    Source: global trafficDNS traffic detected: DNS query: api-cdn.wemod.com
    Source: global trafficDNS traffic detected: DNS query: connect.facebook.net
    Source: global trafficDNS traffic detected: DNS query: platform.twitter.com
    Source: global trafficDNS traffic detected: DNS query: td.doubleclick.net
    Source: global trafficDNS traffic detected: DNS query: www.google.com
    Source: global trafficDNS traffic detected: DNS query: syndication.twitter.com
    Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
    Source: global trafficDNS traffic detected: DNS query: stats.g.doubleclick.net
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: static.xx.fbcdn.net
    Source: global trafficDNS traffic detected: DNS query: api.wemod.com
    Source: global trafficDNS traffic detected: DNS query: api2.amplitude.com
    Source: global trafficDNS traffic detected: DNS query: storage-cdn.wemod.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
    Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
    Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
    Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49833 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.204.76.112:443 -> 192.168.2.16:49836 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49837 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.22.42.75:443 -> 192.168.2.16:49843 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 52.35.176.124:443 -> 192.168.2.16:49848 version: TLS 1.2
    Source: classification engineClassification label: sus26.troj.win@31/183@51/139
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeMutant created: NULL
    Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6788:120:WilError_03
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeFile created: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeFile read: C:\Users\desktop.ini
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.wemod.com/fr/download?title_id=16170
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1976,i,2299417469959108728,14694640905771996478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 --field-trial-handle=1976,i,2299417469959108728,14694640905771996478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1976,i,2299417469959108728,14694640905771996478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 --field-trial-handle=1976,i,2299417469959108728,14694640905771996478,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe "C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe"
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe "C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe"
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe "C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe" --silent
    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe "C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe" --silent --rerunningWithoutUAC
    Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeProcess created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --silent --rerunningWithoutUAC
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe "C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe" --silent
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe "C:\Users\user\AppData\Local\WeMod\app-8.19.0\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\WeMod.exe "C:\Users\user\AppData\Local\WeMod\app-8.19.0\WeMod.exe" --squirrel-install 8.19.0
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeProcess created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --silent --rerunningWithoutUAC
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe "C:\Users\user\AppData\Local\WeMod\app-8.19.0\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: mscoree.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: version.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: wldp.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: profapi.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: cryptsp.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: rsaenh.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: cryptbase.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: ieframe.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: iertutil.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: netapi32.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: userenv.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: winhttp.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: wkscli.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: netutils.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: sxs.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: dwrite.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: dataexchange.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: d3d11.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: dcomp.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: dxgi.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: twinapi.appcore.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: msiso.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: windowscodecs.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: textshaping.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: dwmapi.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: propsys.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: urlmon.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: srvcli.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: sspicli.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: wininet.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: iphlpapi.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: mswsock.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: winnsi.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: mshtml.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: powrprof.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: umpdc.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: dnsapi.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: rasadhlp.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: fwpuclnt.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: schannel.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: mskeyprotect.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: ntasn1.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: msasn1.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: dpapi.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: gpapi.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: ncrypt.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: ncryptsslp.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: srpapi.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: secur32.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: mlang.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: jscript9.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: d2d1.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: resourcepolicyclient.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: d3d10warp.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: dxcore.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: msimtf.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: xmllite.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: textinputframework.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: coreuicomponents.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: coremessaging.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: ntmarta.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: wintypes.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: wintypes.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: wintypes.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: uianimation.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: dhcpcsvc6.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: dhcpcsvc.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: rasapi32.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: rasman.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: rtutils.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: apphelp.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: windows.staterepositoryps.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: edputil.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeSection loaded: actxprxy.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: apphelp.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: logoncli.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: sxs.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: logoncli.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: wldp.dll
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeSection loaded: apphelp.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: ieframe.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: netapi32.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: version.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: winhttp.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: wkscli.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: secur32.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: mlang.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: wininet.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dll
    Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: mscoree.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: cryptsp.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: rsaenh.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: cryptbase.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: dwrite.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: msvcp140_clr0400.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: wldp.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: ntmarta.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: profapi.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: propsys.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: edputil.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: urlmon.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: iertutil.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: srvcli.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: netutils.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: windows.staterepositoryps.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: wintypes.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: appresolver.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: bcp47langs.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: slc.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: userenv.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: sppc.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeSection loaded: apphelp.dll
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeSection loaded: mscoree.dll
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeSection loaded: cryptsp.dll
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeSection loaded: rsaenh.dll
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeSection loaded: cryptbase.dll
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeSection loaded: dwrite.dll
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeSection loaded: msvcp140_clr0400.dll
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeSection loaded: wldp.dll
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x86.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\GameLauncher.exeJump to dropped file
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\521db30f-775a-46dd-ae3f-68b4228ff956.tmpJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\libGLESv2.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\ffmpeg.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\libEGL.dllJump to dropped file
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeFile created: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\vk_swiftshader.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerHost_x64.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\vulkan-1.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\WeMod.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerLib_x64.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\Microsoft.Management.Infrastructure.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerHost_x86.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\stub\TrainerLib_x86.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\d3dcompiler_47.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\stub\TrainerLib_x64.dllJump to dropped file
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 468499.crdownloadJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerLib_x86.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\WeMod.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\System.Management.Automation.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x64.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeFile created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 20F88990000 memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 20FA2330000 memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A62D0000 memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 20FA4860000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 20FA48A0000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 20FA48C0000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 20FA48E0000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 20FA4960000 memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A9190000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A91B0000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A91D0000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A91F0000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A9210000 memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A9750000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A97A0000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A9840000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A9890000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A9920000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A98B0000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A9860000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 20FA2C10000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A98B0000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A98D0000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A9860000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: 217A9750000 memory commit | memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMemory allocated: 2690000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeMemory allocated: 1A910000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeMemory allocated: 13F0000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeMemory allocated: 1B340000 memory reserve | memory write watch
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 599201
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 599089
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeWindow / User API: threadDelayed 9618
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeWindow / User API: threadDelayed 791
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeWindow / User API: threadDelayed 9045
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x86.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\GameLauncher.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerLib_x64.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\libGLESv2.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerHost_x86.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\Microsoft.Management.Infrastructure.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\stub\TrainerLib_x86.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\libEGL.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\ffmpeg.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\d3dcompiler_47.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\stub\TrainerLib_x64.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\vk_swiftshader.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerHost_x64.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerLib_x86.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\vulkan-1.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\WeMod.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x64.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\System.Management.Automation.dllJump to dropped file
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -4611686018427385s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 1228Thread sleep count: 9618 > 30
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 1228Thread sleep count: 152 > 30
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -100000s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -99873s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -99761s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -99649s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -99537s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -99409s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -99282s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -99170s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -99058s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -98947s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -98835s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -98723s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -98595s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -599201s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe TID: 7604Thread sleep time: -599089s >= -30000s
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 7704Thread sleep count: 791 > 30
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 7704Thread sleep count: 9045 > 30
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 3044Thread sleep time: -12912720851596678s >= -30000s
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 100000
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 99873
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 99761
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 99649
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 99537
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 99409
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 99282
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 99170
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 99058
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 98947
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 98835
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 98723
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 98595
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 599201
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeThread delayed: delay time: 599089
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess token adjusted: Debug
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeMemory allocated: page read and write | page guard
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe "C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe" --silent
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeProcess created: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe "C:\Users\user\AppData\Local\WeMod\app-8.19.0\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\userbril.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\userbrii.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\userbrib.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\userbriz.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformation
    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
    Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exeQueries volume information: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exeQueries volume information: C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe VolumeInformation
    Source: C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
    DLL Side-Loading    		11
    Process Injection    		1
    Masquerading    		OS Credential Dumping1
    Query Registry    		Remote ServicesData from Local System2
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/Job1
    Registry Run Keys / Startup Folder    		1
    DLL Side-Loading    		1
    Disable or Modify Tools    		LSASS Memory32
    Virtualization/Sandbox Evasion    		Remote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Registry Run Keys / Startup Folder    		32
    Virtualization/Sandbox Evasion    		Security Account Manager1
    Application Window Discovery    		SMB/Windows Admin SharesData from Network Shared Drive2
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
    Process Injection    		NTDS1
    File and Directory Discovery    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    DLL Side-Loading    		LSA Secrets12
    System Information Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    https://www.wemod.com/fr/download?title_id=161700%Avira URL Cloudsafe

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\SquirrelTemp\Update.exe0%ReversingLabs
    C:\Users\user\AppData\Local\SquirrelTemp\Update.exe0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe0%VirustotalBrowse
    C:\Users\user\AppData\Local\WeMod\WeMod.exe0%ReversingLabs
    C:\Users\user\AppData\Local\WeMod\WeMod.exe0%VirustotalBrowse
    C:\Users\user\AppData\Local\WeMod\app-8.19.0\WeMod.exe0%ReversingLabs
    C:\Users\user\AppData\Local\WeMod\app-8.19.0\WeMod.exe0%VirustotalBrowse
    C:\Users\user\AppData\Local\WeMod\app-8.19.0\d3dcompiler_47.dll0%ReversingLabs
    C:\Users\user\AppData\Local\WeMod\app-8.19.0\d3dcompiler_47.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\WeMod\app-8.19.0\ffmpeg.dll0%ReversingLabs
    C:\Users\user\AppData\Local\WeMod\app-8.19.0\ffmpeg.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\WeMod\app-8.19.0\libEGL.dll0%ReversingLabs
    C:\Users\user\AppData\Local\WeMod\app-8.19.0\libEGL.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\WeMod\app-8.19.0\libGLESv2.dll0%ReversingLabs
    C:\Users\user\AppData\Local\WeMod\app-8.19.0\libGLESv2.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\GameLauncher.exe0%ReversingLabs
    C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\GameLauncher.exe0%VirustotalBrowse

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    about:blank0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    star-mini.c10r.facebook.com
    		157.240.14.35
    		truefalse
      		high
      twitter.com
      		104.244.42.193
      		truefalse
        		high
        storage-cdn.wemod.com
        		104.22.43.75
        		truefalse
          		high
          api-cdn.wemod.com
          		104.22.42.75
          		truefalse
            		high
            cs41.wac.edgecastcdn.net
            		72.21.91.66
            		truefalse
              		high
              platform.twitter.map.fastly.net
              		146.75.124.157
              		truefalse
                		unknown
                syndication.twitter.com
                		104.244.42.136
                		truefalse
                  		high
                  www.googleoptimize.com
                  		192.178.50.46
                  		truefalse
                    		unknown
                    stats.g.doubleclick.net
                    		172.217.193.155
                    		truefalse
                      		high
                      api2.amplitude.com
                      		52.35.176.124
                      		truefalse
                        		high
                        scontent.xx.fbcdn.net
                        		157.240.14.19
                        		truefalse
                          		high
                          googleads.g.doubleclick.net
                          		142.250.64.162
                          		truefalse
                            		high
                            td.doubleclick.net
                            		142.250.217.194
                            		truefalse
                              		high
                              www.google.com
                              		142.250.217.228
                              		truefalse
                                		high
                                www.wemod.com
                                		104.22.42.75
                                		truefalse
                                  		high
                                  api.wemod.com
                                  		104.22.42.75
                                  		truefalse
                                    		high
                                    www.facebook.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      connect.facebook.net
                                      		unknown
                                      		unknownfalse
                                        		high
                                        static.xx.fbcdn.net
                                        		unknown
                                        		unknownfalse
                                          		high
                                          platform.twitter.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            cdn-4.convertexperiments.com
                                            		unknown
                                            		unknownfalse
                                              		high

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              https://www.wemod.com/fr/download?title_id=16170false
                                                		high
                                                https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.fr.html#dnt=false&id=twitter-widget-0&lang=fr&original_referer=https%3A%2F%2Fwww.wemod.com%2Ffr%2Fdownload%3Ftitle_id%3D16170&size=l&text=Je%20viens%20de%20t%C3%A9l%C3%A9charger%20l%27application%20%40WeMod.%20C%27est%20l%27application%20pour%20les%20joueurs%20qui%20aiment%20le%20modding%20et%20les%20codes%20de%20triche!&time=1714142407953&type=mention&url=https%3A%2F%2Fwww.wemod.com%2Ffrfalse
                                                  		high
                                                  https://www.facebook.com/v3.0/plugins/share_button.php?app_id=416727938524079&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfc6c667e2ad193fb3%26domain%3Dwww.wemod.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.wemod.com%252Ff4fd7a2d4959f1ffa%26relation%3Dparent.parent&container_width=44&href=https%3A%2F%2Fwww.wemod.com%2Ffr&layout=button_count&locale=en_US&mobile_iframe=true&sdk=joey&size=largefalse
                                                    		high
                                                    about:blankfalse
                                                    • Avira URL Cloud: safe
                                                    		low
                                                    https://td.doubleclick.net/td/ga/rul?tid=G-K7ZLZSR0WX&gacid=1302397294.1714142404&gtm=45je44o0v873416052za200&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&z=1222630508false
                                                      		high
                                                      https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.wemod.comfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        142.250.189.142
                                                        		unknownUnited States
                                                        		15169GOOGLEUSfalse
                                                        192.178.50.78
                                                        		unknownUnited States
                                                        		15169GOOGLEUSfalse
                                                        146.75.124.157
                                                        		platform.twitter.map.fastly.netSweden
                                                        		30051SCCGOVUSfalse
                                                        172.67.25.118
                                                        		unknownUnited States
                                                        		13335CLOUDFLARENETUSfalse
                                                        104.22.42.75
                                                        		api-cdn.wemod.comUnited States
                                                        		13335CLOUDFLARENETUSfalse
                                                        157.240.14.19
                                                        		scontent.xx.fbcdn.netUnited States
                                                        		32934FACEBOOKUSfalse
                                                        142.250.64.238
                                                        		unknownUnited States
                                                        		15169GOOGLEUSfalse
                                                        157.240.14.35
                                                        		star-mini.c10r.facebook.comUnited States
                                                        		32934FACEBOOKUSfalse
                                                        104.244.42.72
                                                        		unknownUnited States
                                                        		13414TWITTERUSfalse
                                                        142.250.64.162
                                                        		googleads.g.doubleclick.netUnited States
                                                        		15169GOOGLEUSfalse
                                                        74.125.196.84
                                                        		unknownUnited States
                                                        		15169GOOGLEUSfalse
                                                        72.21.91.66
                                                        		cs41.wac.edgecastcdn.netUnited States
                                                        		15133EDGECASTUSfalse
                                                        172.217.15.202
                                                        		unknownUnited States
                                                        		15169GOOGLEUSfalse
                                                        142.250.64.164
                                                        		unknownUnited States
                                                        		15169GOOGLEUSfalse
                                                        142.251.35.238
                                                        		unknownUnited States
                                                        		15169GOOGLEUSfalse
                                                        142.250.217.168
                                                        		unknownUnited States
                                                        		15169GOOGLEUSfalse
                                                        52.35.176.124
                                                        		api2.amplitude.comUnited States
                                                        		16509AMAZON-02USfalse
                                                        142.250.189.130
                                                        		unknownUnited States
                                                        		15169GOOGLEUSfalse
                                                        1.1.1.1
                                                        		unknownAustralia
                                                        		13335CLOUDFLARENETUSfalse
                                                        192.178.50.46
                                                        		www.googleoptimize.comUnited States
                                                        		15169GOOGLEUSfalse
                                                        23.39.130.103
                                                        		unknownUnited States
                                                        		16625AKAMAI-ASUSfalse
                                                        104.244.42.136
                                                        		syndication.twitter.comUnited States
                                                        		13414TWITTERUSfalse
                                                        104.22.43.75
                                                        		storage-cdn.wemod.comUnited States
                                                        		13335CLOUDFLARENETUSfalse
                                                        142.250.217.228
                                                        		www.google.comUnited States
                                                        		15169GOOGLEUSfalse
                                                        172.217.193.155
                                                        		stats.g.doubleclick.netUnited States
                                                        		15169GOOGLEUSfalse
                                                        142.250.64.195
                                                        		unknownUnited States
                                                        		15169GOOGLEUSfalse
                                                        142.250.217.196
                                                        		unknownUnited States
                                                        		15169GOOGLEUSfalse
                                                        239.255.255.250
                                                        		unknownReserved
                                                        		unknownunknownfalse
                                                        31.13.67.20
                                                        		unknownIreland
                                                        		32934FACEBOOKUSfalse
                                                        142.250.217.195
                                                        		unknownUnited States
                                                        		15169GOOGLEUSfalse
                                                        142.250.217.194
                                                        		td.doubleclick.netUnited States
                                                        		15169GOOGLEUSfalse

                                                        Private

                                                        IP
                                                        192.168.2.16

                                                        General Information

                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                        Analysis ID:1432184
                                                        Start date and time:2024-04-26 16:39:30 +02:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                        Sample URL:https://www.wemod.com/fr/download?title_id=16170
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:23
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • EGA enabled
                                                        Analysis Mode:stream
                                                        Detection:SUS
                                                        Classification:sus26.troj.win@31/183@51/139

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): svchost.exe
                                                        • Excluded IPs from analysis (whitelisted): 142.250.64.195, 142.250.189.142, 74.125.196.84, 34.104.35.123, 23.39.130.103, 142.250.217.168, 172.217.15.202, 142.250.217.170, 192.178.50.42, 142.250.189.138, 142.250.64.138, 142.251.35.234, 142.250.217.202, 142.250.64.234, 142.250.64.170, 142.250.217.234, 172.217.165.202, 192.178.50.74, 172.217.3.74, 172.217.2.202, 142.250.64.202, 142.250.189.130, 142.250.64.238, 192.178.50.78
                                                        • Excluded domains from analysis (whitelisted): clients2.google.com, www.googleadservices.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, www.googletagmanager.com, cdn-4.convertexperiments.com.edgekey.net, clientservices.googleapis.com, wac.apr-8315.edgecastdns.net, clients.l.google.com, e5289.dscb.akamaiedge.net, www.google-analytics.com
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                        • Skipping network analysis since amount of network traffic is too extensive
                                                        • Timeout during stream target processing, analysis might miss dynamic analysis data

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\PPOQC799\api.wemod[1].xml

                                                        Download File
                                                        Process:C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):109
                                                        Entropy (8bit):4.770368963031979
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:EEDBF7DF786BBBCF6C7C4C1FDEF544E2
                                                        SHA1:DD3A0C260BD702722A1A804F0B81E9BA5394F8DF
                                                        SHA-256:4D26D7BF50B355F836016567295168FE73B3A1C0F25928525A5C4C03ECD9156D
                                                        SHA-512:A012B534090D87595B45118626819C39B910F3A1D9CB51A33B79BAC1411D0DBBA338B347EC17C87FD7B5356EB7D8AA95A599EEAC77F225BD605DBB3D91C9C41F
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:<root><item name="ga_client_id" value="17141424196333065788126" ltime="2842239504" htime="31102951" /></root>

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\Inter-Black-14a450a3d2[1].woff

                                                        Download File
                                                        Process:C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe
                                                        File Type:Web Open Font Format, TrueType, length 138628, version 0.0
                                                        Category:dropped
                                                        Size (bytes):138628
                                                        Entropy (8bit):7.993476661301961
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:14A450A3D2FD191FCEFA23B273BAAF14
                                                        SHA1:9F60E93FB739C97691DF507653A9536ADEC1A6C0
                                                        SHA-256:95201F343A7EC66DBF5F9316A1E1A16AE65BEC02B4243F5B645CC6D484E42267
                                                        SHA-512:1BDC89B56809D8E9CD05F67306626BDC6B0A6F7DF7641E277281A2A82E11D635CB8139A6EF6168F8E042A993AE883419B20B54DB7E35B24A270B889238177D13
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:wOFF..............u.........................GDEF............-..!GPOS...x..Mj....W.1.GSUB......)...VL....OS/2.......Y...`1..Ccmap...t...Q..e<.3>.glyf..S...'.....T&..head...0...3...6(...hhea...d... ...$....hmtx.......u..'.i.SVloca..?...........Mmaxp........... ....name..{`...........post..}...%...d.2..Ux.c`d```f......x~...... p;%U.Jk}... ..#..10.D......x.c`d`.Z.7..A..[....,...........x.c`d`..... ......!.V.6.3...x.%..AA....]N;..0...2.N..1.S.D..Pv).h.M.....h."......rz....3.L....1..E...`p.e..R......x...h+.y..c.[s......v.+@....0 @4..VP.....hL#.ME. ";t.PY.+@..L.vUb...Y..0El..R.^.....iMcRS.bZ......I^.s.......|.9.|g4.(z.d........S..^...!m.4?.....1.h..#e./.kp........C...E.g...;h....".....EQk..f...C..mW.....{...h.._..N.._..M..`uE.M:.r.{.q.V..Q..B#.......l.L3..8hG..b.I..M..]C...MV..1..++e"i!X'.O\.I.S.LSQ.........I?}..X.3.#@.R.h...{h..^......N.....HO..MVgc.Z(.C........d..k.sy..-.....qo....fi....b...,.82f..R.......7.&..v-...'Z{..8.h...{o.6.E.C.>..X......r...Crd.Q........N.

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\Inter-ExtraLight-7d759358c1[1].woff

                                                        Download File
                                                        Process:C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe
                                                        File Type:Web Open Font Format, TrueType, length 140736, version 0.0
                                                        Category:dropped
                                                        Size (bytes):140736
                                                        Entropy (8bit):7.991877524966687
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:7D759358C1372FA6ACAE4CB22F93DEFA
                                                        SHA1:DE4313DFA90B143522A234DC2FB0374F82B5B836
                                                        SHA-256:07F5B5F734793F48613D8DA246F4DB2B564BFA7149F62526326BE9CB8BB94841
                                                        SHA-512:C8D3A8283CAEB94ABEE32FF3BF07825C11751EC21381E40AC16AB281DC3608B3F6650CF5B6FC1F0329B9E1186EFA4C90404D2EFB7C43F03CFF2625A05243A737
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:wOFF......%.......s.........................GDEF...P........-..!GPOS......QD....TVA.GSUB... ..)...VL....OS/2.......W...`)..cmap.......Q..e<.3>.glyf..U...*.....e...head...0...3...6*...hhea...d... ...$.0..hmtx..........'...w.loca..A.........]>..maxp........... ....name...............-post...T..%...d.1..x.c`d```f....l<..W.in..........H.....>..10.D.nv...x.c`d`.Z.7..A...WM.,........+.Zx.c`d`...P. .P....!.V.6.1...x.%...A.....YfG.'..6..$F.e..2..4`>F...f.jWN....c|.D.1>.].[....2k...}.,.P.a....:...x...PV..s..{..a4U..q4.V....d..:!k..Fk2..NubW.&..h..6.....Ec..H...0.....)+.q4..:.U..iCW.E.....w.H-.;Ifw:3.y.....r.=.s>B.8..........:.[RH:H.>..N..*......GAw.....P..6.-*.............9..[..Q..yN=.....e..Tu..$.{+P.N...G..{..'3.3T...;..Q......~.}.J .D..l.Du....BU*!.X.g...*5..RFx.j....p.N...9.......9..$...+1.a.c.....RF...3V"...N.L.,....R....X.~......n=...,e............h.g.Y.6..h.R...r..z.M..(.H.].^..=}.y..=[.D4:.X.d......*..t........06.F....."./R..|.=..e..1%6..|.-g.l

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\Inter-Thin-0f080c40c6[1].woff

                                                        Download File
                                                        Process:C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe
                                                        File Type:Web Open Font Format, TrueType, length 135872, version 0.0
                                                        Category:dropped
                                                        Size (bytes):135872
                                                        Entropy (8bit):7.994781896222537
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:0F080C40C639962E1CAD093AA58192DC
                                                        SHA1:100CAD47B4B0EC58DE2B2C27E21B19D8AD74CB85
                                                        SHA-256:E9DA5A64A6A8EB87A2C6D475327F072B5CA25731DF07119F576C10C50AA9554D
                                                        SHA-512:95ECAE3DD09EC76FC0A90F6888592315B42D7A2775C4C6C56BC8DF8B901F990C01111612908F4807225E61C68BDB1A1BE90EA0DB5CEF7F2A822569E084A0330B
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:wOFF..............r.........................GDEF............-..!GPOS......O....(....GSUB... ..)...VL....OS/2.......X...`....cmap.......Q..e<.3>.glyf..TL...*....~`..head...0...3...6*..Xhhea...d... ...$.?..hmtx..........'...Dloca..@`........YF.zmaxp........... ....name..nx.........l.Bpost..q...%...d.1..Ux.c`d```f..x..`<..W.in.....*...~h.......10.D.N....x.c`d`.Z.7..A...W..,...........x.c`d`...P. .P....!.V.6.1...x.%...@....=.!.a..........n.F ..X.|D.......x.v..n.....EN..#L.e.4fF.].V..;T;...\[..x...l.WZ..of.....Y9.L.NV0...ULeU..g.(.".Zw&...SLe......IV..LkE&........Z..Y.^YzVn.....,.UY..../,..>.d...c.I.\S...$.....}...7o.q..9..Yt........H.i.........\ywp..n..[.*r.......uAy!...../..U...?)p..A,.u.G.1.uzp1.S.V.l....Z..k>..uO....C......wD.4....V..../..(j=....+o....J...:Zn...AL...zY......!.X....j1.\.12."%.%2B{7..i/.y...b......)....+1.s.....gT.U.....F..v....`.....q#h.....m.....F..!........x...=.+....,c....N......&.H.....N+o...^...U..pv..... .Pd.Q.n.......8....B...~X

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\Inter-Light-0f0118feb7[1].woff

                                                        Download File
                                                        Process:C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe
                                                        File Type:Web Open Font Format, TrueType, length 140612, version 0.0
                                                        Category:dropped
                                                        Size (bytes):140612
                                                        Entropy (8bit):7.991920292594527
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:0F0118FEB71664927EA7FB8015778795
                                                        SHA1:B6E20D630466C928CEF017EE265CD373F53A3382
                                                        SHA-256:CB671D0DBC9A61EC80BFC91D5879E8635A09B7F309F5EE57810D4C6B7A26EE0C
                                                        SHA-512:7F02A5B07D0315BC6975D222B53B61AA9E0B50C3D1E8BB7CABE089AA4DA3C8BE5AC475875E33C2AE07668F526ED13E28E0AE9EF4384AAD36C3FAC47B81905143
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:wOFF......%D......rX........................GDEF............-..!GPOS...x..Q,...F...pGSUB......)...VL....OS/2.......V...`*S..cmap.......Q..e<.3>.glyf..U...*^...`....head...0...4...6*o.vhhea...d... ...$. ..hmtx..........'...loca..A..........Ul.maxp........... ....name...d............post......%...d.1..x.c`d```f...S..x~...... p;%U.J....S#..}..ec`........x.c`d`.Z.7..A....W~.,..........0x.c`d`...P. ......!.V.6.1...x.%....A...;.nFt...]%.....$`.....]$?.<..N6,...7.\Sc4%?.r....J=W.kD........-.v_.S.4..x..wXV.....9..@I.=.p3iCz...L.&..]....5<.-. A"N...r.....U.J.D.`{0W.....g..q...2........}6{.......O.....L"..r.....'b_.E.@..:.#...|...S..9!.E..#]..xe..A%.Z ..|.P$j.W..l. .5. 0.....|`&R........;...m...r.j.xH.;..yX.;.T. .EOI?...E.].pK...;.c...).....8.fbwp2....&8...m..tFe..mP(?...W...U.w.."ed....9...z.X.d.....>......8].2_.v...U...E..5.z..z...z.'m.5.4.h.Z..k.....o.-........8H.wa.s.&.O#...U.^....l. .d..qJ*p.}'......-.W..;.W.\....~7N...I.....M.n..g...]D.#....

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\90SNK17T\Inter-Regular-14d1275c67[1].woff

                                                        Download File
                                                        Process:C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe
                                                        File Type:Web Open Font Format, TrueType, length 133856, version 0.0
                                                        Category:dropped
                                                        Size (bytes):133856
                                                        Entropy (8bit):7.991211041314446
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:14D1275C67676CC5D911232D0C890D97
                                                        SHA1:B5541B2654EEEFFB8E709CFE141A75644E53E9BA
                                                        SHA-256:3710E2CE073EC0EB39274DECC63768B52091A27E35F5C28D6ABB7A5FCEF0B7FC
                                                        SHA-512:F29574B0D8173A667ED53DD2BEC01A0D0B126637D61A011220C82957C303053B066308681ED05AB7AAE999625A750E44D8FC09F9B6665815D86D08F9944EBB7B
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:wOFF..............k.........................GDEF...D........-..!GPOS......Mo...z.}4(GSUB...@..)...VL....OS/2.......W...`-._cmap...x...Q..e<.3>.glyf..Q...........head...0...3...6*D..hhea...d... ...$....hmtx..........'...M.loca..=...........\cmaxp........... ....name..h..........post..kH..%...d.1...x.c`d```f......x~...... p;%e;........,......D.....'.x.c`d`.Z.7..A..../_d.."(..3..W..x.c`d`...P. ......!.V.6.1|..x.%...0....m.... .....B.p....p(..>...k.00].......F:.)C.Ub...aYo.f.(.w..T.0:....R....x...dk...Iv..Is..s\E..Q.E..#FP.......*b.A.......#LQ.u.'....7APOg.F...~...=...z..Lo.w.W>...[..g....Z...E._..gb...y7.......p...|..C...>`l...:...l..=KO..X..S.}.....E.?.d...N<.~@.N.A.v...m7.l..3...{....W.=._H.4\.yEK..%GK...,z...H..t,.O-*....Mr3....d..:pf....A..T5T|.v..UL.F.C.9L..+k....o.O..C/.'.4S.....6.vl..`...b..>....wK.Q......|.....q..A.q.A.^..........S...ld{...Z...-.]..$.=E|,ul.>...^&...?..x.)q.s.f..hK.&.OPs..y...\.v...y..O.h...y.9...c..S..E....Si...B.>.6,.r.....

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\Inter-Bold-45e58f4054[1].woff

                                                        Download File
                                                        Process:C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe
                                                        File Type:Web Open Font Format, TrueType, length 143100, version 0.0
                                                        Category:dropped
                                                        Size (bytes):143100
                                                        Entropy (8bit):7.993416784776898
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:45E58F4054A3AD886E4582E1D43056FE
                                                        SHA1:75F812100146F22F6B1F10C9B1FB0C3DB5AB3A90
                                                        SHA-256:57027B1C72507C75CF9FC21DCBBBD4366F01901B598764CB8703DFA4988A60CA
                                                        SHA-512:3374290BB8C61969FCC6288C5F1B960E2DEF237452D08DD623E6E8E162EF7F4F80BFF946EE623F1176C227480D72AF004C3A7E3C979E89AECEE808C7D3064EC2
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:wOFF........................................GDEF...x........-..!GPOS......UV..*.L.&DGSUB...\..)...VL....OS/2.......U...`+.cmap.......Q..e<.3>.glyf..U(../....h.>.head...0...4...6)...hhea...d... ...$.[.[hmtx..........'.@<"Eloca..A<.........|S`maxp........... ....name............e..post...|..%...d.2.."x.c`d```f..P...x~...... p;%..J{|w.S#....T.......x(.gx.c`d`.Z.7..A...~.,........8..x.c`d`..... ......!.V.6.2~..x.%...@....}H2?.C0t.I...../..p(.a..Z.x....i...[..l.. ..5.........3k.^.-.......?;}.j...x..wx.G..OO..I8.3....%..!Z...."#..E..(r..E.a.8.GN......5#....H....K...s......[.S.._.....-:......[.T..).I..:.r!...]..hg.Azq.. .n.\..1.S ..B...q...@H0..^......&.Z...T$Zi...d.6.r.0...T.QL..`..;..p..%..@..vC..`..+qb..-..A>D..=..E...B1iEuN+lw.......cc..?....6.>../...k.........0.b%F-/.s.*...%.D....h.F...6d..Iwr....ZG..v..k.b...&c0.....X...!....Zi.l..l....>.]....Z.l..0.r..cn..........I.`|q....b.@.b.hd].............F}....x./).c....?..{ j.(...;.......R.wcb.s........m......#

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\Inter-ExtraBold-45ce9384f5[1].woff

                                                        Download File
                                                        Process:C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe
                                                        File Type:Web Open Font Format, TrueType, length 142760, version 0.0
                                                        Category:dropped
                                                        Size (bytes):142760
                                                        Entropy (8bit):7.993943941087468
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:45CE9384F5D829596586A3B2FA1224A4
                                                        SHA1:39D80F6413ABE301BE10F34A1AB0CD34DA499192
                                                        SHA-256:91F9BF5099A041220C21B5A089D54449ED4F04D7792A532BA17A8A5BFB9E5A61
                                                        SHA-512:3A1AF5DBAC11F2BB485C1C03097E18CF8A475C22BFF08F67AC7E3B40623C25336263F3903C31183A7C7ECDF1FD26E3C530126BFAB0ED6822FAB76723F5F471A8
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:wOFF......-.................................GDEF............-..!GPOS...d..S...*.#.>.GSUB......)...VL....OS/2.......U...`,G..cmap.......Q..e<.3>.glyf..U...0#...d....head...0...3...6)W..hhea...d... ...$...:hmtx..........'.U..Ploca..A0........@}."maxp........... ....name...@.........i..post......%...d.2..;x.c`d```f...s..x~...... p;%..J{....@&....ec.....#.@.x.c`d`.Z.7..A..../y2Y@.........tx.c`d`..... ......!.V.6.3x..x.%...@.@..9. .F.XF..1.S.D.zh.TU...]....*..$(....5...j..qw.....c......`..U.....&...x..w\UG....~..n{cO..X`.L....+b.k.*v...."$b....X.b...)..fL..'v...{....|.%...m.|?.gf.)g.3s....H...HB..9..0..p..........g_.....:"..0.<=...t.S.b.....<..zu..a...h.~/...w....~,6.CW#..."<h.dk...e.4N.A.(../u'....B.Pc...f..*H&i...*...*L.q.n"q.o.7d$.2k:..p,1....X......0.. ....V<.z.!../._...o.....d>YG....*.1...,`^.Y%.B2.....<.Y.......y.vx..X.=....S.D.ZF_.E......cP..W..U.W..["N...L.s."9%l..-.h...r.x.....Z<"*.o..j...i.:..Ik...._ng.......Z...]....D:..U.{qZ..&...W...wc|.*S^.....?4.1.

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\setup[1].htm

                                                        Download File
                                                        Process:C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe
                                                        File Type:HTML document, ASCII text, with very long lines (11732)
                                                        Category:dropped
                                                        Size (bytes):26408
                                                        Entropy (8bit):5.969256328078964
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:86AE1644274F662AE148CF1329164673
                                                        SHA1:091AE60B25CEA1D90CE377FCD470476EB13A9B37
                                                        SHA-256:CE9E091AF825ED68B94114874BF461048AFF2C3CC1930A536FF2C33D0FDC0DEE
                                                        SHA-512:4A0927C34E114A4276E1E12C27C11B89F03B43076C0CE63A9757069DE5DE1DAEB2F969F0F6C7E088584A5C7A26F97B890706FA3CE896BD0C1CFCAD19095459F2
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta charset="utf-8">. <base href="/">.. <title>WeMod Setup</title>.. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="referrer" content="no-referrer">. <meta name="robots" content="noindex">.. <style>. @font-face{font-family:"Inter";font-style:normal;font-weight:100;font-display:swap;src:url("/static/fonts/inter/Inter-Thin-c51873c62e.woff2") format("woff2"),url("/static/fonts/inter/Inter-Thin-0f080c40c6.woff") format("woff")}@font-face{font-family:"Inter";font-style:normal;font-weight:200;font-display:swap;src:url("/static/fonts/inter/Inter-ExtraLigvvvht.woff2") format("woff2"),url("/static/fonts/inter/Inter-ExtraLight-7d759358c1.woff") format("woff")}@font-face{font-family:"Inter";font-style:normal;font-weight:300;font-display:swap;src:url("/static/fonts/inter/Inter-Light-4e2e86733e.woff2") format("woff2"),url("/static/fonts/

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\C7S8M5VS\Inter-Medium-5ce3e4db96[1].woff

                                                        Download File
                                                        Process:C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe
                                                        File Type:Web Open Font Format, TrueType, length 142340, version 0.0
                                                        Category:dropped
                                                        Size (bytes):142340
                                                        Entropy (8bit):7.993511863725989
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:5CE3E4DB9634913232403F166B2447DE
                                                        SHA1:E1ED0FEB06835626A35E96BB71FFA06A6802A09B
                                                        SHA-256:68D52E74E8171DDB2C94CA60A2596DC8A46407320449881FD09369DBC317624C
                                                        SHA-512:9F156D12C885C0662A58576B48209EAC0F82ABF0CD22DBEB9E9F83FD967909F5824E411211C5B3F77A869E28B3AF32020AE3ED55A2FB3A218D0F2AD2E50EEA0D
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:wOFF......,.................................GDEF............-..!GPOS...0..U3..*..D.oGSUB...d..)...VL....OS/2.......V...`+..icmap.......Q..e<.3>.glyf..U...-.....d}..head...0...2...6*...hhea...d... ...$....hmtx..........'..E.loca..A.............maxp........... ....name................post......%...d.1...x.c`d```f.....x~...... p;%..J.}_..F&...ec`.Q....z..x.c`d`.Z.7..A..../.d.."(..3.....x.c`d`...P. ......!.V.6.1...x.%...0.....\..0...5.V..2.;....}D.3N....t-....y#)...Qc..\`Yo..9....Rcx@q....s..O..x..u|T.....g7A..R......R.$5$...V.m.R.j.. ..P$8..R..nK....4...{....\....|?.;.#gf...l|.{t.0rp.?.....F.s..KL.!y..*.Kc\.@)..h.Gz4mVA..K..`......,K=9.X.......y.....)j..>.g..Co.f..>.c.;.c..mNA/3...P....)Jf.. .%W..$.."qI..r.N......lB.....].<+.[...k.b._.f.|l.ea.o7..............O.+1.#.3.,!+H.....Q....l..}....'....8l.U. F.R.!W.-z.6.Q..[.G.E..\m.r......6./{...A.".......d.is..?...3........3j3..../W.].b$"p2..p...vF8..t2.9...Q..../..OKc.N...Dg.).....v.d.b..?...h.,...f...J.#.

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\C7S8M5VS\Inter-SemiBold-1d5bb5c64d[1].woff

                                                        Download File
                                                        Process:C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe
                                                        File Type:Web Open Font Format, TrueType, length 142760, version 0.0
                                                        Category:dropped
                                                        Size (bytes):142760
                                                        Entropy (8bit):7.994059551585618
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:1D5BB5C64DC15405BDB04145DAB7B436
                                                        SHA1:B1998FF442A405F783F2969A30C73EAE62809D9A
                                                        SHA-256:807D56B95FCC04CD1C26FCA043DDF19E300C8AE156747458BD025A2B21CF54B4
                                                        SHA-512:1854E0ED3D16E4304ABE68A6FBEEB4BC852B678F60FA12CCD48B507B0EE6AD4711C36625D9EA3A6DECA84A5CA909B3F28B12E6943AAE5D386982B57D2AAA77D9
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:wOFF......-........H........................GDEF............-..!GPOS......U{..+..y.GSUB......)...VL....OS/2.......V...`+...cmap.......Q..e<.3>.glyf..U....R...|c...head...0...2...6)...hhea...d... ...$...}hmtx..........'.+..cloca..A,.........~k.maxp........... ....name...l...........ppost......%...d.1...x.c`d```f.n..7...+.47...NI...N....d.l.L ..;k.#..x.c`d`.Z.7..A..{..2Y@.........?x.c`d`...P. ......!.V.6.1...x.%... ..._@.8.....a..l.....`3...{.>..T..7..8~..?.NS1.^"...@Lsb'...d.E.hV.KW../N.....x..wxT...=..I8.......n.&..z..{;1J...8.`.j..M.!`.Z....*.cW.Ob.}....rby<....~k.o....k.x.)....=...h...j~.V%...P...?*........i4.......9.O.Z.3D...w.e^..q.*D./.k.^..E.c..D.V.`.A.....nH.K..8.pj.>k...(..y.&.\Q./V;...h9.#..O.r......*jW..%.....N.%.'..(Xm....&.k...C..]...X..k...w....../.W|TCp.\.G..P.D.s...?..$_.I.Y-~.i.o.HYZ.Vk.c=.!..5F/.....b...k.,..."_;./.m.oA..d.a.]....>..O..H5.z...w..k..N.b...1...m~C.PY.H..n...'.3.g_.....8......%...!.....%..K.).s..E.n....9..........Q^...y

                                                        C:\Users\user\AppData\Local\SquirrelTemp\RELEASES

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe
                                                        File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):77
                                                        Entropy (8bit):4.813365722536006
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:74C4F1D26872606B6FC217E2D36FCA43
                                                        SHA1:21E89798C12B5D8F90FD87A430D6ACA4E0E512E6
                                                        SHA-256:A16398AA6F7E18195785BD294F1E27C0D3210E058BE78928A12A01FF62063DE4
                                                        SHA-512:8A1EA04B1A37BB92B379C89F50FC7BD954BA0B72F7AC4102D4131DDC600B00CD54B7C364F3CDCEF0B4EF83E257A0B83E2DF16432C0D66FE3C18E8C62FA32E2EF
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:.0CFFC7B33C9C520FB8DCB624670D6C2AD5E3EF72 WeMod-8.19.0-full.nupkg 105110295

                                                        C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1910528
                                                        Entropy (8bit):5.915993129490555
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:29E758ECE3084E87314D6D2847F21102
                                                        SHA1:CC82F8C1F680794A9AF2896FC5C5AA7E7594D57F
                                                        SHA-256:1449815C9BEFB3D679C2F143897E255D0347F73D78B19A7E78F7FE8404ED279E
                                                        SHA-512:48911802DE8967AFE889384606F8F7A78E5351657F657232822C12B240D7E3025D14F35CAF4CCBAFDD3703C3F7DC67DA444AC19BC3F16F6318E045E9F2A4CB7D
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ia............................>.... ........@.. .......................`............@.....................................O.... ...................'...@....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................ .......H........U................................................................{....*..{....*..{....*r.(......}......}......}....*....0..Y........u........L.,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*.*....0..K....... .A. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*....{....*

                                                        C:\Users\user\AppData\Local\SquirrelTemp\WeMod-8.19.0-full.nupkg

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe
                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                        Category:dropped
                                                        Size (bytes):105110295
                                                        Entropy (8bit):7.998980212889791
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:64E2C73394D04F88F570E088FAF81A21
                                                        SHA1:0CFFC7B33C9C520FB8DCB624670D6C2AD5E3EF72
                                                        SHA-256:04BB9CD0C999A0AF5AABE6039581ED856ECEEBAB0C5A80AC2858E1EAA546B960
                                                        SHA-512:BEE9B3184B5BEF0CC5D4ADC266A974547E6E5A86D39B3B2B3A6BEEB7223A810D69C253EDD7F55B746A0E346D165ABDA159DFAAE033DDFA876429B15EBACEBBC6
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:PK........t..X................lib/PK........u..X................lib/net45/PK........t..XD.`...u... ...lib/net45/chrome_100_percent.pak..eTUQ.....[..AR....RB...A....GK...t....4(.4H..Yk~.....o.{.Z.......:..BJ...e....Vh..(.)a...m....7?6....x..x... .]A....3b..........@.....1o%:.......fd.@....y.H....E..P.v...7.,.....|.=.....s....c....}...G.QZ......c......3...........S..............0.......kX.5.6.%..lafv.........s...&....l.IWXi'.n..!.,.M#.X.[..x.?....~0..+8.2....#{.[.#...."{.k_ {..!-...@.....8.p...C...B...81..\.{..p...C........H.....Q...=.!......`./-....u ...0.@.......f...3X@.....@$..5......o.B .....8x.#...^N.H./.@ .....$........H....;../...a..H.S.B .....L..p....`..k.A....d!....6.i&....Y...!..'.@.<..n.k..z..y..S..@.......|.....!0..-.. .a.....U.......0....#p.N...'. 0......p.a.L.9G ..~....e....1.....!0.w......$.....B`..d.9S.."r..o$.1$...K.."z.D ....F.. g..X.@....lD9.9..H."d..@.nA.=Bz.i.D#....].M.-H.!.. P..@..a...R.6......T ...D..B.."..*.o$..!G..AP.C.#...ZD?.u.....G. ..

                                                        C:\Users\user\AppData\Local\SquirrelTemp\background.gif

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe
                                                        File Type:GIF image data, version 89a, 400 x 400
                                                        Category:dropped
                                                        Size (bytes):22150
                                                        Entropy (8bit):7.973238023017488
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:1D0394CF33C9BDF438C3B05FE4B8C617
                                                        SHA1:8B04090DC8AE8982247575680988A6FC037F61FC
                                                        SHA-256:4762C5C406920B9B28F567859D3EEF8623B6484166E43B33C7A04CD0F0684DFE
                                                        SHA-512:7C3E92906159A6CB5ED1DDE26D5EAD5E4BB6F24219BF070C45C787851F17ED329E8074A634DD964026B691C8B0F568C66AA736AD0E04DF0FA32306F565BCB95B
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:GIF89a................+++((($$$..................................w.............j.......................u..Z...........J.~*.8.........}".t!.n..f!.2 J|$.{&.y).u(.w,.u0.s2.q5.p7.h7.7&cn:.l=.j<.W2.# ,k?.iB.hD.fF.aB.eI.dK.cK.bN.`R.^T.ZO.TJ.]V.\X.[Z.!!"334Y\.V[.Xa.X_.8<.Va.S`.,/OTd.Xg.=H.Sf.K\.ET.Qj.Mc.On.Lr.$(7Ju.Ho.Hx.Gu.@h.F|.B..C..@..>..=..=..:..9..7..4..5..2..3..0..-.....'j.,..+..+..*..-..)..'..%}.%..'..$.."..$..(*+ .. ................................................................................._m.;A.04.(*'13..............................................MU...............................{................................................................................................................................................wwwggg^^^VVVIII<<<...***)))&&&%%% !..NETSCAPE2.0.....!.......,...............H.......$0..B...>.(.!.....h..F..5r|.....F....d..]....%..0;2.)....y&......i....bJ.B.b.....K.2...#..T.n......9Cn$[...b...+5.A.Y.N..7)\.SO..[7.F.9..KX.O.{...lR..{=.e;.+.

                                                        C:\Users\user\AppData\Local\SquirrelTemp\setupIcon.ico

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe
                                                        File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                        Category:dropped
                                                        Size (bytes):25105
                                                        Entropy (8bit):6.618451752525526
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:E2FC5F7C4E479982F270A6D9DAEAA7B9
                                                        SHA1:E6B2F2C381D64B588D80FC2D7754515972CA48EC
                                                        SHA-256:9BE0F7268DB367235D785653B7DA1CEC8374BEE92C42732299F7193F430EDB1C
                                                        SHA-512:42D657AC14903ECCAA037E1B8E554B2F3A2CA1066DC23CA7F32F3FCC0DA8714AD1C0F2CD295B1F65A9A9F4F7BDA2BAB2D1991CF07BF72C5B829668D2B92CFD5E
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............ .h...F... .... .........00.... ..%..V......... ..'...:..(....... ..... ........................................... ...$...)...-...1...5...:...>...B...F...K................... ...$...)...-...1...5...:...>...B...F...K..yO..sR........... ...$...)...-...1...5...:...>...B...F...K..yO..rR..jW....... ...$...)...-...1...5...:...>...B...F...K..yO..rR..jW..c[... ...$...)...-..........x...>...B..............rR..jW..c[..[_...$...)...-...J...............r...r..............}l..c[..[_..Tc...)...-...1.........................................[_..Tc..Lh...-...1...A..........................................^m..Lh..Dl...1...5.................................................Dl..=p...5...:...............x..................................=p..1v...:...>.............yO..rR..jW..c[..[_..Tc..............1v..1v...>...B..........Z..rR..jW..c[..[_..Tc..Lh..Pu......s...1v..&}...B...F...K..yO..rR..jW..c[..[_..Tc..Lh..Dl..=p..1v..1v..&}.......F...K..yO..rR..jW..c[..[_..Tc..Lh..Dl..=p..1v..1v..&}...

                                                        C:\Users\user\AppData\Local\Temp\WeMod-Setup-638497392249616615.exe

                                                        Download File
                                                        Process:C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Category:modified
                                                        Size (bytes):105985280
                                                        Entropy (8bit):7.999230926288278
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:9B9C15FECCBE912524D4F80E40CD1E9D
                                                        SHA1:B0B67D6A0FC7F595FDDE9CC1C812B6E3A77B0342
                                                        SHA-256:68504AB28D2CE0E20B7820E267FF5BC1CC520D56FB6336E795FE5A07858324AB
                                                        SHA-512:19F0040BD2DD854356C7CB51E3F646970B1516127916CF47C57DB75724D52B77552EB551177A127FA14E54A04CAC260310ECFF269F2C83C83CEE0BD6D33FAC14
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............c..c..c.....c....Qc.....c.....c.....c.....c......c.....c..c.Jc.j...c.j.9..c..cQ..c.j...c.Rich.c.........PE..L.....ha.....................>O...................@..........................@Q.......Q...@.....................................P.......H\N...........Q..'... Q......o..8...............................@...........................................text............................... ..`.rdata..............................@..@.data...p...........................@....rsrc...H\N......^N.................@..@.reloc....... Q.......P.............@..B................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\WeMod.exe

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):549120
                                                        Entropy (8bit):6.137683099410243
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:703A9323BADFA5FDA8238791EF6BD212
                                                        SHA1:E4AF7B331927AC178AE8F54BADAE6B282662D6B1
                                                        SHA-256:A2F30C3F5ABBF6E1EA637523779BB02725E29E2D79291D7F49A4600DAC573018
                                                        SHA-512:2540803E5AEB01B452737FD9EBB4933074B8539AC614FE0F6E3C09E4BD8F0A7BEC5E54A8BF55FE90C38E994ADD827D4E8D2918A9D98EEBCD1CDC02D77D1C6E09
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Xg..............................+....Nn....Nn. ..Nn.>....'.......A..o....o.......{....o....Rich...........................PE..L.....\\............................+.............@.......................................@.....................................<........P...........:...'...`...!..P...p...............................@...............,............................text............................... ..`.rdata..............................@..@.data...."..........................@....rsrc....P.......R..................@..@.reloc...!...`..."..................@..B................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\LICENSE

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):1096
                                                        Entropy (8bit):5.13006727705212
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:4D42118D35941E0F664DDDBD83F633C5
                                                        SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                        SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                        SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\WeMod.exe

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):136509696
                                                        Entropy (8bit):6.980503308197178
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:4A9CD564AF1282FEB428F373080089F9
                                                        SHA1:28A5F78602EBD53984BE295795CF8FA347FDA0F3
                                                        SHA-256:65E56CC2E7189210251B3E88FD3B8DCFA307003D59F2647E73091F01B5F25109
                                                        SHA-512:C3B47A17A89965B0247040A498BFD46AF4A39388A3F0D363E57624760E0F9C032F5641ABC726E1B5BACC47A259413CAE83BADC3D5046ABB7EF9F10250A20CFFE
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                        Reputation:unknown
                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....8$e.........."..........>......P.............@..........................p[.....$.#...@..............................=..dF..h........P............"..'...0..h7=..C.......................@......................R..8...x........................text............................... ..`.rdata...:A......<A.................@..@.data.....?......r..................@....00cfg.......p.......4..............@..@.rodata.`............6.............. ..`.tls.................@..............@....voltbl..............B..................CPADinfo(............D..............@...malloc_h.............F.............. ..`.rsrc....P.......R...H..............@..@.reloc..h7=..0...8=.................@..B................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\chrome_100_percent.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):129653
                                                        Entropy (8bit):7.918627543706947
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:D31F3439E2A3F7BEE4DDD26F46A2B83F
                                                        SHA1:C5A26F86EB119AE364C5BF707BEBED7E871FC214
                                                        SHA-256:9F79F46CA911543EAD096A5EE28A34BF1FBE56EC9BA956032A6A2892B254857E
                                                        SHA-512:AA27C97BF5581EB3F5E88F112DF8BFB6A5283CE44EB13FBC41855008F84FB5B111DFE0616C310C3642B7F8AC99623D7C217AECC353F54F4D8F7042840099ABC5
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..............l...#.....:.A...,yh...-y.....y..../y....0y....1yX...2ye...3y....4y....5yA...6y....7y."..8y.,..>y.7..?y39..Byn:..Cy <..Jy.<..Ky.B..Ly^H..My.J..Ny.K..Oy.L..".xM..#..N..$.YP..%.AS..&.:V..'.mY..(.~]..).Ha..*..d..h..h..i..i..j.`k..k..l..l..m..m.9n..r..n..s.....t.....b.....c.....d.....e.....f.+...g.X...h.h...j.....l.M...m.$...n.....o.....p.....q.....r.....s.....u.{%..v..(..x..0..y..4..{.w>..|..H.....L....}N....HW....._.....`.....b.....c....%g.....g.....j.....m.....n....xp.....r....|s.....t.....v.....y....W{.....~..........x..........x.....M...........................................s....G..................l........K..................................s....(...................9....p....f....[....S.....-.....y...........&.............................Y.................<.....P.....:...........:...........G...........`...........{...........4.............................c...........-.....z...........R.............................8.................U.......

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\chrome_200_percent.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):179934
                                                        Entropy (8bit):7.94113797691923
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:5604B67E3F03AB2741F910A250C91137
                                                        SHA1:A4BB15AC7914C22575F1051A29C448F215FE027F
                                                        SHA-256:1408387E87CB5308530DEF6CE57BDC4E0ABBBAA9E70F687FD6C3A02A56A0536C
                                                        SHA-512:5E6F875068792E862B1FC8BB7B340AC0F1F4C51E53E50BE81A5AF8575CA3591F4E7EB9239890178B17C5A8FF4EBB23719190D7DB0BD8A9AA6DCB4308FFA9A34D
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..............l...#.....:.l...,y....-y.....y..../y....0y....1y....2y.%..3y.*..4y.-..5y[5..6y.9..7y.A..8yxV..>y;k..?y.m..By!o..Cyqr..Jy.s..Ky.}..Ly....My....Ny...Oy...."....#....$....%....&....'.&...(.C...).....*....h.....i....j.I...k.....l.....m."...r....s.....t.....b.....c.A...d..$..e..&..f..)..g../..h.(:..j..;..l.%D..m..K..n.wP..o..U..p..\..q..^..r.1c..s..g..u..p..v..s..x.B|..y.3...{....|.#.....j................j.....=.....].....j.........................................}.....{.....h...........z.............................r............).....*...../.....4.....5.....7..../9....9...Y;....<...L>....?....A...!D....H....M....U....]....c....i...ko.../u....v....w....x....y....z....{....}...p...................0........................................d................k.............................'...........U................"...........3..........A...........................k...........L..........4...........2.............................v......

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\d3dcompiler_47.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):4108752
                                                        Entropy (8bit):6.57335130905898
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:AB3BE0C427C6E405FAD496DB1545BD61
                                                        SHA1:76012F31DB8618624BC8B563698B2669365E49CB
                                                        SHA-256:827D12E4ED62520B663078BBF26F95DFD106526E66048CF75B5C9612B2FB7CE6
                                                        SHA-512:D1DC2EC77C770C5DA99E688D799F88B1E585F8DCF63E6876E237FE7FCE6E23B528E6A5EF94FFC68283C60AE4E465FF19D3FD6F2FAE5DE4504B5479D68CBC4DBA
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.."..."..."...... ...".......+...'...............#....q.#......c.............#..................s.#......#...Rich"...................PE..L...,u.n...........!......;..(........-.......<..............................@?......e?...@A..........................;.u....2=.P....@=.@.............>..!...P=.P.......T...................|u..........@............0=..............................text.....;.......;................. ..`.data...@"....<.......;.............@....idata.......0=.......<.............@..@.rsrc...@....@=.......<.............@..@.reloc..P....P=.......<.............@..B........................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\ffmpeg.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):2535168
                                                        Entropy (8bit):6.883318369816855
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:84C8EF3246F743A4A4F8F73906E51AC6
                                                        SHA1:524E6B0D56E1FF0D0A9A85A87A53169B01A6DBCA
                                                        SHA-256:262BFFB8EB71F5FE86723A3D771005EE90B4489AC16A706CDF9C61EC40F98101
                                                        SHA-512:D04F08B3B9A421F917F1039B5CBD4AC14B7724B22104B2533B8382DBB547D9E2BD56E79E14E01BFE183B6B9467BB120EF3F1C17E580F72234547B3D2B3EE4C90
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                        Reputation:unknown
                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....8$e.........."!.....8...J.......{........................................8.....].&...@A.........................i%.....&o%.(.....................&..'....7.....L;%......................:%......b...............p%..............................text....6.......8.................. ..`.rdata...P...P...R...<..............@..@.data.........%.......%.............@....00cfg........7.......%.............@..@.tls..........7.......%.............@....voltbl.......7.......%..................reloc........7.......%.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\icudtl.dat

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):10462432
                                                        Entropy (8bit):6.277012825475203
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:76BEF9B8BB32E1E54FE1054C97B84A10
                                                        SHA1:05DFEA2A3AFEDA799AB01BB7FBCE628CACD596F4
                                                        SHA-256:97B978A19EDD4746E9A44D9A44BB4BC519E127A203C247837EC0922F573449E3
                                                        SHA-512:7330DF8129E7A0B7B3655498B2593321595EC29445EA193C8F473C593590F5701EB7125FF6E5CDE970C54765F9565FA51C2C54AF6E2127F582AB45EFA7A3A0F6
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .L...dB......tB..0"...B..."...B.. #...B..p#...B...#...B...L...B...M...B..pM...C..`....C......'C......:C......MC..`...`C......sC..p....C......C..0....C.......C..@....C.......C..0....C.......D......D......1D......DD..P...WD......jD.....}D..P....D..0....D.......D.......D..`....D.......D.......E.......E......&E..`...:E......JE......]E..p...rE.......E.......E..`....E.......E.......E..P....E.......E......F..`..."F......9F......IF...?..\F...?..oF..@@...F...@...F...@...F..."...F..@X...F....&..F....&..G..0.&.-G.. .&.GG..p.&.^G....'.uG....'..G..P.'..G....'..G....(..G..@K)..G....)..H....*.9H...q*.YH....*.|H..@2+..H..0;+..H...<+..H..p>+..H...?+..H....+..I....+.4I..p.-.MI......dI.......I.. ....I..p....I.......I...C...I...C...I.. D...I..pD...J...p.. J..Pp..3J...p..FJ...p..YJ..@q..jJ...q..~J...q...J...t...J..@....J..`....J..P....J..../..J..../..K..../.)K..

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\libEGL.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):393984
                                                        Entropy (8bit):6.638155904836315
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:68058D6BF8A9418ACAE8C6A3C433FEE2
                                                        SHA1:DDBF62A410F5D4407DE9192DFE19A983BE5DC54A
                                                        SHA-256:1E891A489AA8D2EB0FF70E51AE56AA2670FFFEC4361FF4B58CA52853B6CD0C9B
                                                        SHA-512:3961FDAC5CDFB41CA3603709819E94160181764B2A6ACFD9BA51581F9AB554FF37365A67094BF900F2B8A92957B3FA99804AE48510707C3B0389F69D21AFC384
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                        Reputation:unknown
                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....8$e.........."!.....t...b...............................................`............@A........................dJ......QX..(.......x................'......8A..@=.......................<.......................Y..`............................text....r.......t.................. ..`.rdata..T............x..............@..@.data...d3...........r..............@....00cfg..............................@..@.tls................................@....voltbl.~................................rsrc...x...........................@..@.reloc..8A.......B..................@..B........................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\libGLESv2.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):6738688
                                                        Entropy (8bit):6.788838959016595
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:F730D72551EAF07C89EE9B113C4C5D85
                                                        SHA1:567ABBDE55DE819EE5BD57AE87A215DC8CADF03D
                                                        SHA-256:3A5913D8FA615490D89B3293DF5A9BAADE9862DE8078D856E737E331BB0DC769
                                                        SHA-512:4C4C09969C5802E22884BAB5252058C5B9D51E8AD44333C16EDC17766D1357670542786C33AAB3BC2A137AA362FB0D149EAD85F0A800DDB20F8935626DD02C4B
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                        Reputation:unknown
                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....8$e.........."!......N..........EE......................................`g......Hg...@A........................a._.....ay`.d.....c...............f..'....c.....L._......................._.....P.O..............|`.8....._.@....................text.....N.......N................. ..`.rdata..\.....O.......N.............@..@.data...X.....`..*....`.............@....00cfg.......Pc.......b.............@..@.tls.........`c.......b.............@....voltbl......pc.......b..................rsrc.........c.......b.............@..@.reloc........c.......b.............@..B........................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\af.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):348321
                                                        Entropy (8bit):5.408364753334251
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:198092A7A82EFCED4D59715BD3E41703
                                                        SHA1:AC3CDFBA133330FCE825816B2F9579AC240DC176
                                                        SHA-256:D63222C4A20FA9741F5262634CF9751F22FBB4FCD9D3138D7C8D49E0EFB57FBA
                                                        SHA-512:590DCC02BC3411FA585321A09F2033CA1839DD67B083622BE412D60683C2C086AAC81A27BC56029101F6158515CC6AE4DEF39D3F246B7499B30D02690904AF0D
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........5.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.&...v.;...w.H...y.N...z.]...|.c...}.u.....}............................................................................................... .....9.....B.....M.....v.................................................................*.....K.....].....m.....................................................$.....)...../.....>.....K.....O.....R.....Z.....p...........................................................".....'.....5.....E.....[.....g.....x.........................................6.....?.....K.....W.....f.....~.............................................................................(...../.....9.....j.......................!.....0.....=.....^.....e.....z.....~.....................................................#.....L.....g.....l.....v..................... .....".....%.....(.....*.....+.....,.7.....Q.../.`...0.m...1.....3.....4.....5.....6.....7.'...8.<...9.K...<.^...=.j...>.....?.....@.....A.....C.....D...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\am.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):564794
                                                        Entropy (8bit):4.900228705948268
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:952933D2D388683C91EE7EAA7539E625
                                                        SHA1:7A0F5A10D7D61C32577C0D027DB8C66C27E56C7D
                                                        SHA-256:55357BAF28716A73F79AC9A6AF1AE63972EB79F93C415715518027FC5C528504
                                                        SHA-512:5AA5EF0ED1DA98B36840389E694DC5DCEF496524314B61603D0C5EE03A663BB4C753623FB400792754B51331DF20AC6D9CF97C183922F19FC0072822688F988D
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........,.h.....i.....j.....k.....l.....n.....o.....p.....r.!...s.2...t.;...v.P...w.]...y.c...z.r...|.x...}.....................................................................................).....X.....j...................................+.....-.....1.....Y.....u................................... .....].....|.........................................>.....T.....................................................).....R.............................:.....l.....|..................................................... .....Y.....u.......................H.....n.........................................3.....e..................................................... .....<.....C.....Z.................N.....[.......................'.....7.....T.....].....l.....r.....{.......................S.....|.................*.....0.....8.....N.....p......... .....".....%.....(.#...*.S...+.V...,.t........./.....0.....1.....3.9...4.i...5.....6.....7.3...8.h...9.....;.....<.....=.....>.....?.....@.)...A.j...C...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\ar.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):616572
                                                        Entropy (8bit):4.916479739515626
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:98F8A48892B41E64BEF135B86F3D4A6C
                                                        SHA1:32F8D57EC505332F711B9203AED969704BD97BC9
                                                        SHA-256:E34D5CABAED4634C672591074057C12947BC9E728004228A9E75F87829F4A48A
                                                        SHA-512:6ED3FE415B2F6DE24136917DA870B47C653D15C7A561BAAE55A285946A6F75E5141ABA3BC064982F99BAEF0A893266693864C2D603C5C22C2B95627B2035F7A4
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........V.h.|...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.$...}.6.....>.....C.....K.....S.....[.....b.....i.....p.....r.....w.......................$.....4.....S.....}...............................................>.....j.....t...................................#.....6.....f.........................................5.....S.....[.....n...............................................9.....o.......................%...../.....7.....>....._.....r.............................3.....O.....}................. .....1.....L.....h...............................................1.....M.....T.....W.....a.....k.....y.......................6.............................................................................-.....b....................... .....`....................................... .....".....%.>...(.....*.....+.....,.........../.D...0.O...1.....3.....4.....5.....6.Y...7.z...8.....9.....;.....<.....=.....>.L...?.W...@.r...A.U...C.....D.....E.....F.%.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\bg.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):647156
                                                        Entropy (8bit):4.6712210710848225
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:9DC95C3B9B47CC9FE5A34B2AAB2D4D01
                                                        SHA1:BC19494D160E4AF6ABD0A10C5ADBC8114D50A714
                                                        SHA-256:FC4A59EA60D04B224765BE4916090E97ED8DDDA6B136A92A3827ED0FCC64BB0E
                                                        SHA-512:A05A506A13AC4566ECBFE7961ACE091295967EA4E72A2865E647B5FA9ADAC9F7CF5E80B53FAE0E3917DFB0B9A3F469189CD595CC4AE9239D3A849F5CEDD60E46
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........+.h.....i.....j.....k.....l.....n.....o.....p.....r. ...s.1...t.:...v.O...w.\...y.b...z.q...|.w...}...............................................................................8.....Q.....n...................................+.....P.....R.....V.....~.......................!.....H.....[.....k.......................+.....Q.....].....g.......................$.....a.....k.....{...................................%.....T.....}.................3.....e...............................................C.....Y.....s.............................O.......................&.....<.....^.............................,.....[.....................................................#.....F..........._.........................................B.....{...................................Q.....|.................J.............................+.....Z.....p... .....".....%.....(.....*.A...+.D...,.b........./.....0.....1.Q...3.q...4.....5.....6.[...7.....8.....9.....;.....<.....=./...>.n...?.}...@.....A.....C...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\bn.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):832270
                                                        Entropy (8bit):4.2889382475349915
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:D6CCC9689654B84BC095CEC4F1952CCA
                                                        SHA1:286130971826B0AF1B6D29C5283DFA71AF7CD7B0
                                                        SHA-256:E325D936CD97C3F9DDFCA2D87CAEFB8B6E7465FFA31D0386AE2456B18F7A92DA
                                                        SHA-512:DB0400820C5CD1100337C955084EAC3036B55BBF66B403337BEC2079BC47696E2E48A771214662B286F4F45F763D2AD423AECCBD0F06CF0BC11038662558F4A5
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........5.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.'...t.0...v.E...w.R...y.X...z.g...|.m...}...............................................................................Z...................................'.....K.....W...................................N.............................6.....[.......................h...................................).......................%.....Q.........................................@.......................G.....p.....|...................................[.....v.................'.....9.....~...........E.............................-.....m.....p.............................A.....t.....w.....x.........................................0.................t.............................J.....S.....}.......................-.....x...........;.................^.....m........................... .....".V...%.....(.....*."...,.%.....\.../.....0.....1.&...3.F...4.....5.....6.{...7.....8.....9.*...;.s...<.....=.....>.....?.....@.0...A.....C.....D...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\ca.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):394131
                                                        Entropy (8bit):5.4105218127043155
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:2F8D050C228583559CDA181291B76E5A
                                                        SHA1:B047F1CFB30B1162B1DD79F7E424A83FD807EEC7
                                                        SHA-256:E1D6B5FD0BC411F2895EAAA1409916F5FFE39A5C6BD1BAFE8AF7CE33DA5BE17D
                                                        SHA-512:E4F150CD9942EF5105E72376835DA6EDC31EF91783E41CD2FC04600C04F342BBC96E08E23C8AF1C0C1E563BB8A7D3840A2289767525C30D08C2F23D0E837801F
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........).h.....i.....j.....k.....l.....n.....o.....p.....r.$...s.5...t.>...v.S...w.`...y.f...z.u...|.{...}.....................................................................................'.....G.....T.....].....x...............................................".....B.....I.....Y.....g.....t.....................................................%.....5.....|.......................................................................A.....[.....v.......................................................................M.....a.....................................................:.....=.....U.....k.............................................................................@.............................(.....K...........................................................(.....T.....v................................................... .)...".?...%.d...(.....*.....+.....,.........../.....0.....1.@...3.P...4.o...5.....6.....7.....8.....9.....;.....<.....=.*...>.D...?.N...@.a...A.....C.....D.....E...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\cs.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):403106
                                                        Entropy (8bit):5.843099952718266
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:26765C7BE201444F0238962BB16A506B
                                                        SHA1:F9D4A33795E45127C14BCF35CC770845627E15E8
                                                        SHA-256:936466784A55B965D23B016BC49377655BC5D281D012C8369C0809C961E05C74
                                                        SHA-512:577D52D2D5048CD952AFF1E76121A495328C1978CDEA2EAA4F85812CC513917F69510E135E96F7967F4ED43CF88E180CB1D9059E17C855C8D4F94CA036730214
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........J.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.$...z.3...|.9...}.K.....S.....X.....`.....h.....p.....w.....~.................................................................*.....8.....W............................................... .....,.....8.....C.....Z.................................................................O.....j.....o.....w...........................................................#.....8.....O.....g.....o.....w.....~.....................................................<.....[.....f...........................................................,.....<.....K.....\.....q.....x.....{.....|.........................................D...................................G.....U.....q...............................................".....B.....s............................................. ....."."...%.I...(.e...*.....+.....,.........../.....0.....1.....3.*...4.G...5.h...6.....7.....8.....9.....<.....=.....>.....?.....@./...A.t...C.....D...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\da.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):364767
                                                        Entropy (8bit):5.460789867195706
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:FECABF71853BAB84EACDD95699C49F69
                                                        SHA1:8519AFC13E100A550CA3D756518A0BC33674E0D3
                                                        SHA-256:1B0793B1CBEB6A56FF1E64523C37BA753457320AA29F9718022CAA07B4981D8F
                                                        SHA-512:E932D382D41A79ECE172349E916221A67D97F5FD4B2DC1325D6BD2F7C6757CBC01D6FBC8D9846F6EC462EB637210F7C650F6944418EDBD3F8614EF99030D9392
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........$.h.....i.....j.....k.....l.....n.....o.$...p.1...r.7...s.H...t.Q...v.f...w.s...y.y...z.....|.....}.....................................................................................%.....9.....A.....H.....`.....h.....q.....................................................%.....5.....<.....I.....s...........................................................=.....N.....U.....Z.....h.....v.....z.....................................................5.....?.....B.....J.....Q.....U.....a.....p...............................................3.....O.....X.....d.....m.....y...............................................................................................&.....g....................... .....6.....M.....r.....|...........................................................#.....I.....}....................................... .....".....%.....(.....*.J...+.M...,.k.....{.../.....0.....1.....3.....4.....5.....6.7...7.H...8.[...9.h...;.x...<.....=.....>.....?.....@.....A.....C.....D...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\de.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):391110
                                                        Entropy (8bit):5.512753513751773
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:EC069F60C9825080B9D18FF6492E816D
                                                        SHA1:34CE5101C9646F9C2DEB9820A3B26EB91C525EBC
                                                        SHA-256:E0F632CE324951002C80E019DD0169BE9F6B0640533FA434CD6CA80F28A1D3F7
                                                        SHA-512:95A88AC98F0957E5F200AF76C1A743B976228F7DA1BB6C6B3B88A54ADCFF05E1172D7CF2E6F0A82CBC8AD0AA79974A1BC046516250A3A5889FD7B2E4D7C0B804
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:........[.~.h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....c.....t.......................................................................>.....S.....r.....................................................'.....:.....@.....I.....Z.....l.........................................!.....%.....(.....1.....J.....a.....z.............................'.....1.....9.....@.....F.....S.....^.....x.........................................:.....\.....j.....z.....................................................%.....?.....F.....I.....J.....T.....^.....r.....{.......................Y.....b...................................'.....1.....>.....C.....H.....[.....t............................./.....K.....Q.....].....m............... .....".....%.....(.....*.....+.....,.&.....7.../.M...0.U...1.z...3.....4.....5.....6.....7.+...8.?...9.M...;.]...<.g...=.u...>.....?.....@.....A.....C.....D...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\el.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):707669
                                                        Entropy (8bit):4.763074736754961
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:306A80DADADB1F9182810733269537FD
                                                        SHA1:BC01A65A9D024EC72E613AEDC60F4838BE798040
                                                        SHA-256:92403B6160E38746597D4DD7F64D64CF19E30B5E7862901263C39679187B2C91
                                                        SHA-512:491016B8FCCA59A7DC9523358C4A7B56C55360F424E8FE9330D6F01480835805E961F1E48F8777660510D9AF9A66961C639DF162190DEC595A867D54150EECFC
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........,.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.-...t.6...v.K...w.X...y.^...z.m...|.s...}.........................................................................$.....K.....p............................."...........j...................................L.....\.....w.......................<.....M.....r...................................5.....d.............................C.....p.....z.....}.......................!.....i.................^.....{.........................................3.....K.....k.......................E.....j.................5.....T.....e...................................#.....P.....}.....................................................2...........W.............................................................................[.................!.....[...........(.....g.....w........................... .....".9...%.....(.....*.....+.....,.,.....|.../.....0.....1.A...3.f...4.....5.....6.p...7.....8.....9.....;.5...<.K...=.c...>.....?.....@.....A.....C.a.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\en-GB.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):318332
                                                        Entropy (8bit):5.529143902938129
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:502260E74B65B96CD93F5E7BF0391157
                                                        SHA1:B66D72B02FF46B89EE8245C4DD9C5B319FC2ABF7
                                                        SHA-256:463AF7DA8418D7FB374EBF690E2AA79EE7CB2ACC11C28A67F3BA837CF7A0937B
                                                        SHA-512:0F0F9AAC8E6B28C1E116377AB8EE0FFADBF0802A4026E57AEDB42D21C38FBF70159BE9E0314799C1DE1F7638FBBD25D289DFF7CD2C9EB7C82E1B62B6C4E87690
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.v...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.!...}.3.....;.....@.....H.....P.....X....._.....f.....m.....n.....o.....t.................................................................0.....2.....6.....a.....q.................................................................#.....'.....-.....=.....N.....W...................................................................................$.....7.....L.....X.....].....e.....l.....q.....z.....................................................$.....R.....s.....|.................................................................".....).....,.....-.....4.....<.....D.....K.....P.....[.........................................$.....?.....E.....V.....Z.....d.....i.....m.....}...................................(.....=.....A.....H.....S.....e.....m... .q...".z...%.....(.....*.....+.....,.........../.....0.....1.G...3.U...4.i...5.....6.....7.....8.....9.....;.....<.....=.....>.....?.%...@.4...A.].

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\en-US.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):321156
                                                        Entropy (8bit):5.519320855423378
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:3F6F4B2C2F24E3893882CDAA1CCFE1A3
                                                        SHA1:B021CCA30E774E0B91EE21B5BEB030FEA646098F
                                                        SHA-256:BB165EAA51456B52FCBDF7639EE727280E335A1F6B4CFB91AFC45222895B564F
                                                        SHA-512:BD80DDAA87F41CDE20527FF34817D98605F11B30A291E129478712EBEBE47956DBD49A317D3EEB223ADF736C34750B59B68AD9D646C661474AD69866D5A53C5C
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r. ...s.1...t.:...v.O...w.\...y.b...z.q...|.w...}.................................................................................................%...........E.....M.....W.....u.......................................................................(.....:.....I.....c.....v.....z...................................................................................,.....;.....I.....b.....w.............................................................................;.....E.....Q.....h.....x...........................................................(.....8.....M.....b.....v.....}.................................................................).....0.....`.....m.....x.................................................................).....>.....U.....}....................................... .....".....%.....(.....*.....+."...,.@.....Q.../._...0.h...1.....3.....4.....5.....6.....7.....8.+...9.8...;.I...<.Q...=.\...>.q...?.y...@.....A...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\es-419.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):389323
                                                        Entropy (8bit):5.380957823459129
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:774CED79DA2FD32BD1BA52A0F16E0A19
                                                        SHA1:FF36DCF8B62046871F441F301DD7AF51CB9CE7EE
                                                        SHA-256:5AFF3762747A6E8C6DF9F2A3B470BF231B44163006B17CE87E2A03694BE27B81
                                                        SHA-512:7763C15FA97EFA9A5AF73DCDEDD4FE260139BD8FF782CA3AA0937D9355B2D14C3E482E570844AC33D22D7B016C7B9097D727C1DD585F421DCCD59CA7BBC24269
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.....k. ...l.+...n.3...o.8...p.E...r.K...s.\...t.e...v.z...w.....y.....z.....|.....}...............................................................................*.....9.....N.....\.....j...........................................................9.....A.....O.....^.....l.....z.....................................................9.....J.................................................................#.....:.....f...........................................................-.....E.....M.....[.........................................$.....7.....C.....U.....s.....v............................................................................. .....1.....w.......................Z.....u.....................................................3.....\.....t............................./.....5.....=.....K.....m.....x... .....".....%.....(.....*.....+.....,.......8.../.V...0._...1.....3.....4.....5.....6.1...7.C...8.[...9.m...;.|...<.....=.....>.....?.....@.....A.....C.....D.8.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\es.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):389410
                                                        Entropy (8bit):5.362530149208052
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:BA80F46EF6E141CEF4085273A966FD91
                                                        SHA1:878F35E15B02558F75F68EC42A5CC839368C6D61
                                                        SHA-256:267E7B6376E7E5AB806B16FDE93BBBCD961BF0C3A7B3A2CABCCAB37FAA9A1D16
                                                        SHA-512:8A8B4F7DB23D4C93756B6DC4219F00C77358A8FE992DA1F51431597B82C3AA87ABF3A98D79E13E7B4A14A1A9E94D388760FB6ABF3A744406DEE951C8E78CF361
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........".h.....i.....j.....k.....l.....n.....o.....p.,...r.2...s.C...t.L...v.a...w.n...y.t...z.....|.....}.....................................................................................+.....@.....N.....^.....y...................................................../.....7.....E.....T.....b.....o...........................................................-.....n.................................................................!.....K.....n...........................................................$.....,.....=.....s...............................................$.....6.....X.....[.....n...................................................................................f.......................O.....j.....................................................-.....S.....k.........................................#.....1.....S.....^... .j...".~...%.....(.....*.....+.....,.........../.+...0.2...1.g...3.{...4.....5.....6.....7.....8.*...9.<...;.M...<.\...=.j...>.....?.....@.....A.....C.....D...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\et.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):350873
                                                        Entropy (8bit):5.469141942682889
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:E97FE1E6D06A2275A20D158DC4E3B892
                                                        SHA1:1575B9B1FC331A70BBE4CA7D1095D4ED6777ECC1
                                                        SHA-256:D984AEE4D18CA24A88846B1B6E0294D373733430F30BB4F1B97BC7D50D512C2E
                                                        SHA-512:77879A4D1062671B616BA9B2CE0B6F69A5DBED6BD56B73DED902D1F9F44ECD96A2212690B3568C0BA273C73D91589FF2BF18C7EF9B66E0630FBAAFDE2A61B1B1
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...r.c...s.t...t.}...v.....w.....y.....z.....|.....}.........................................................................<.....L.....^.....s.....|.....................................................@.....U.....k.....w................................................................. ...........=.....F.....s.............................................................................*.....?.....X.....o.....t.....|...........................................................'.....5.....[.....}.................................................................&.....=.....D.....G.....H.....Q.....[.....a.....i.....t.................%.....+.....j.................................................................2.....H.....m.....~...............................................*... .4...".G...%.o...(.....*.....+.....,.........../.....0.....1.>...3.I...4.`...5.....6.....7.....8.....9.....;.....<.....=.$...>.7...?.?...@.N...A.....C.....D...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\fa.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):570801
                                                        Entropy (8bit):5.044038926316312
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:D55F65C6FDA6ED6F549D2C9F0A4CE874
                                                        SHA1:952792F2DA5ED9CB1CFED14E5AFB8ABF5CF29CB3
                                                        SHA-256:221BBBDE078D135F6DACA4978A31CC6A82F8F46536467EBC9A0CD322C58A7785
                                                        SHA-512:D0BB83467182D8B3A8F8371D749E682CF05F89DAEFE28764F2C263E7CFBFC3F86CB388061B48DADDA26C3DD246DD6F7A57AF58CA9344C2F6B90DE87AF1E91C69
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:........i.p.h.H...i.S...j._...k.n...l.y...n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................'...........5.....<.....>.....C.........................................+.....9.....C.........................................6.....<.....Q.....o.............................&.....V.....o.....w.............................?.....K.....\.....x...............................................Q.........................................#.....-.....>.....R...................................%.....L.....`.............................".....8....._.....b.....w...............................................+.....<.....M.....[.....b.....v...........R.................9.....Z.....r.........................................(.....T.............................=......................................... ... .3...".Q...%.....(.....*.....+.....,.......3.../._...0.m...1.....3.....4.....5.%...6.....7.....8.....9.....;.....<./...=.C...>.c...?.n...@.....A.....C.....D.C...E.m.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\fi.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):360305
                                                        Entropy (8bit):5.418705547685837
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:FA7DBD2EE35587FF31FDE3C7107E4603
                                                        SHA1:BAAA093DCB7ECCF77CE599C8FF09DF203E434B60
                                                        SHA-256:5339B8CA52500BD0082E0BA5A5F440C5F04733803DA47963280479760C7FFF2C
                                                        SHA-512:587F6D0E216D1688227345A8A75B94848EE710EC633FE6805DB66BB0E8CAD1B8D24A1E6A7E234061516770D881571166C78D8FA1C40E6335F3DCB1339FBFFC14
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:........{.^.h.l...i.}...j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.,.....4.....9.....A.....I.....Q.....X....._.....f.....g.....h.....m...........................................................K.....d.....f.....j.....................................................#.....1.....>.....R.....b.....h.....l.....w.................................................................=.....V.....l.......................................................................4.....:.....B.....o.....}...............................................*.....;.....>.....L.....^.....p.......................................................................%.....m.............................+.....T.....c.....s.....z...............................................!.....D.....n....................................... .....".....%.....(.....*.?...+.B...,.`........./.....0.....1.....3.....4.....5."...6.\...7.{...8.....9.....;.....<.....=.....>.....?.....@.....A.f...C.....D.....E...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\fil.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):404177
                                                        Entropy (8bit):5.20731822733658
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:3126F74D021E9423D71913BB45A62935
                                                        SHA1:C9A80C8585AABBFEC34AE891416794B1B3E29A11
                                                        SHA-256:4CD3FA70487E894400AD29E3BFBFBA3E1C5EDD799AAB12C62C3AFF3C2580CE5E
                                                        SHA-512:FB360723EE53B3F7038EEBD1B919A36784A0E3DC878E810BC905C4297379DADE6006C8872ED68412B06161CACB0D6E32A7157ECF97D9E103A4CA3B2B71DB8765
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.(...y.....z.=...|.C...}.U.....].....b.....j.....r.....z.............................................................................$.....,.....9.....].....y.....{...........................................................B.....Z.....o...............................................?.....Z.....a.....g.....|.....................................................$.....>.....W.....i.....n.....v.....}.........................................(.....1.....=.....Z.....l........................................./.....2.....F.....].....v.............................................................................T.......................K....._.....l...........................................................,.....^.....}.........................................@.....N... .U...".e...%.....(.....*.....+.....,.........../.....0. ...1.T...3.e...4.....5.....6.....7.....8.....9.$...;.=...<.H...=.V...>.n...?.v...@.....A...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\fr.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):420116
                                                        Entropy (8bit):5.394862217436204
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:51EE1ED54FEC49EFFD103C29677885B5
                                                        SHA1:CED6FD3354007D1EF3EA7B6689AAE5213C20CC69
                                                        SHA-256:1F6BC09499EE37456968A28B67B81BBF5B9DF4F0C6035A388242D2037A3B65A1
                                                        SHA-512:DFD50AD99B89345940AFEAD11C3A6940D4408A0E6265CDDDA1D71AD92527EA00D8057AC77CEB2FFE137A3F0D2F321C210BC7CF97ED821F01E538DC08D07149A4
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........8.h.....i.....j.....k.....l.....n.....o.....p.....r.....s. ...t.)...v.>...w.K...y.Q...z.`...|.f...}.x...........................................................................................................A.....M.....U.................................................................#.....1.....h.....................................................D.....\.....b.....o...........................................................'.....J.....n.......................................................................<.....F.....`.....t.........................................,...../.....F.....].....u.......................................................................5...................................(.....].....g.....................................................2.....]...............................................)... .5...".N...%.q...(.....*.....+.....,.........../.....0.....1.H...3.[...4.y...5.....6.....7.....8.....9.$...;.7...<.E...=.W...>.....?.....@.....A.....C.....D...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\gu.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):806228
                                                        Entropy (8bit):4.335395361645371
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:B7F4C73D56BE31042D8EDD7E8EA080F3
                                                        SHA1:C0C3595701C0A75C14931ED65958D36DF0D925C5
                                                        SHA-256:C36A20730D5F2B91CB61B5B2A5912DB2EA5A328A9B8ABE0FCA0AF300446D3C20
                                                        SHA-512:EA0D766A754604CAD4D5F3180C30F7DFDC3E1CFE79D67365B72ADC0D7574851F21BDD5B748B16E8B4A95ADE40C8ED0442BCEFD511A2934CC9C701E379C955D60
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........,.h.....i.....j.....k.....l.....n.....o.....p.*...r.0...s.A...t.J...v._...w.l...y.r...z.....|.....}.........................................................................T.....v.............................&.....>.....S............................./.....d.......................%.....;.....g.......................>.....g.....z.............................y.............................=.....F.....I.....b.......................3.....o.................-.....@.....H.....O....._.............................8.......................*.....K.........../.....E.....k...................................*.....I.....v.....................................................5.....V...........p.............................#...............................................O.................n.................A...................................-... .3...".a...%.....(.....*.9...+.<...,.Z........./.....0.....1.P...3.g...4.....5.....6.-...7.h...8.....9.....;.#...<.:...=.T...>.~...?.....@.....A.....C.b.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\he.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):499985
                                                        Entropy (8bit):4.638569623649328
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:6376D0A5F4273B76B1F4AABADE194E0C
                                                        SHA1:337BA39F09454C0779AB64872B9FA11F866D6ADC
                                                        SHA-256:875712BB852C698F677C0C74E088F62D31ADB2BCE65648FC390607AAD8705C45
                                                        SHA-512:00347F16B5ABBAF47FB08663D5EFDE26AB7DE0C7A2FA42E6B5F03C41A83CECBD8E78CC3AEF41D5F08658CF346E0ADE732774485E8A10008A43FA41FFAF73B2BE
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........V.h.|...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.$...|.*...}.<.....D.....I.....Q.....Y.....a.....h.....o.....v.....w.....x.....z.............................&.....?....._.....g.....s.....................................................A.....`.....y.............................'.....:.....B.....L.....a.....w.................................../.....K.....O.....`.....h.............................5.....f.....................................................,.....6.....I...................................E.....h.....}...............................................).....A.....W.....n.....u.....x.....y...................................'.......................c...............................................%.....-.....L.............................'.....u....................................... .....".....%.E...(.b...*.....+.....,.........../.....0.....1.....3.4...4.X...5.....6.....7.....8.....9.....;."...<.<...=.L...>.k...?.|...@.....A.....C.=.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\hi.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):841654
                                                        Entropy (8bit):4.3242027577363205
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:EDE7FA471C5EEBC1FA55B9B3B6F92D00
                                                        SHA1:1D1F529C615799BB3A3319DDD1357CB5DC71464E
                                                        SHA-256:1E9623C7407AE8B8A88DF3F69A47AE8117F74C4DCB56897BB794A9C38EE5805B
                                                        SHA-512:0F51EA54E828700080EFFA6C728230C523FF8E26FB350E6F337028D18614D5DFC4A2792CB92B5E606BD0702067F55FEA546029CDDD1EBF7FA74EF5521FF08338
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........X.h.x...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z. ...|.&...}.8.....@.....E.....M.....U.....].....d.....k.....r.....s.....t.....v...........*.....O.....z...................................i...................................%.....K.............................Z.......................,.....<.....R.....}.................j.............................@.....I.....L.....[.......................[.................A.....g.....}...................................1.....@....._.................&.....i.................Z.....p.......................@.....C.....b.............................4.....;.....>.....@.....Y.....r.......................q.....$...................................,.....L.....o...................................g...........C.....u.................d.....s........................... . ...".@...%.....(.....*.....+.....,.(.....h.../.....0.....1.E...3.h...4.....5.....6.4...7.~...8.....9.....;.3...<.G...=.^...>.....?.....@.....A.....C.W.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\hr.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):390595
                                                        Entropy (8bit):5.5201307567122635
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:7095EF4CAF6BD39174487002A4E09300
                                                        SHA1:1EFE686BD0B7F035AEE7AB4C52BE6133121CD0F3
                                                        SHA-256:3D7685163C5EB6A11E745FF934312B8681C5F85DFA8D9EA701E9DCAEE1E7A285
                                                        SHA-512:45488D46DFE7A31A007932917F7BAF4C195DA899DE5DC56D98E555336668AF3EDB77996487649B86F56BEAC688374CE77F8FEADC01E3F84D30D83BD67631F9C1
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.!...k.0...l.;...n.C...o.H...p.U...r.[...s.l...t.u...v.....w.....y.....z.....|.....}.........................................................................+.....7.....C.....Q.....W.....`.....................................................&.....B.....J.....T.....i.....u.................................................................*.....\.....o.....u.....}.................................................................5.....R.....l.....s.....{.....................................................'.....3.....I.....W.....}.....................................................%.....8.....N.....d.....w.....~.....................................................9...................................>.....M.....e.....v...............................................:.....T............................................. .....".....%.'...(.D...*.c...+.f...,.........../.....0.....1.....3.....4.....5.6...6.x...7.....8.....9.....;.....<.....=.....>.....?.....@. ...A.l...C...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\hu.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):421056
                                                        Entropy (8bit):5.64254434167535
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:D6904E7D1B6750D43A6478877C42618D
                                                        SHA1:919F090A6A3AA1112916F5BB0D5B73A62BE43C1E
                                                        SHA-256:3EC43893C6DE5EC0F9433841AFD5FA9FEAAF59DDCEF05F7E1CAB14DBA799887F
                                                        SHA-512:D600FEDB5EF1B2EB49A0122536C642B350CE67BB7A9DA205890D9D13A195AC17C14607B4489715FD34506EC0EA4C80F245E09CF048AEF52DCC8094F3138B2FAD
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........C.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.&...w.3...y.9...z.H...|.N...}.`.....h.....m.....u.....}.......................................................................+.....E.....i.....v.....}.........................................,.....8.....Q.....d.....k.....r...............................................".....2.....G.................................................................8.....N.........................................$.....+.....1.....@.....W.....p.....z...................................%.....L.....[.....k.....y...............................................4.....I.....P.....S.....T.....^.....k.....{.......................k.................6.....K....._...........................................................@.....w....................... .....(.....3.....K.....m.....v... .....".....%.....(.....*.....+.....,.-.....>.../.`...0.j...1.....3.....4.....5.....6.$...7.?...8.`...9.w...;.....<.....=.....>.....?.....@.....A.....C.)...D.6.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\id.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):344400
                                                        Entropy (8bit):5.381665473201912
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:881FF04E220AA8C6ED9D0D76BFA07CB8
                                                        SHA1:CACF3620D1BF85648329902216E6CDC6F588A5BA
                                                        SHA-256:9210C4C4C33E7CEB5F70005A92A4FD36CA4FACDD41701FDC1D2CE638DB8ADF22
                                                        SHA-512:9134102928AA80C49BBF2B862E8079B2EE23636CE63412A4C3813F234D623FF563F5CA1AC407DDB77CECF1224896ED59AE979DCF63435D35A4F13DE9C22755D5
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........2.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.,...t.5...v.J...w.W...y.]...z.l...|.r...}.............................................................................................................6.....=.....G.....b.....t.....v.....z.....................................................,.....=.....J.....e.....r.....y.....~...........................................................!.....$.....).....=.....L.....`.....y.................................................................(...........C.....v.........................................*.....3.....>.....T.....m.....p.....{.........................................................................................C.....{...................................%...../.....;.....B.....J.....Q.....X.....m................................... .....3.....8.....>.....K.....f.....q... .y...".....%.....(.....*.....+.....,.........../.$...0.(...1.\...3.n...4.....5.....6.....7.....8.....9.....;.....<. ...=.-...>.B...?.J...@.[...A...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\it.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):382436
                                                        Entropy (8bit):5.298578827010128
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:91391F388B4B6C12A72710C35F4C355D
                                                        SHA1:F89E6EA977A10A9F050395489285CE8C041C2C05
                                                        SHA-256:C0DC0A4A87F7BB054A30EB1174C3228EA2014BD94668A7D22995B99C4937D817
                                                        SHA-512:8796D69D1A8BDBC7690DED45404174B7FA0B5BEC8453D79A3C85BF4707C3F32CAF634C792C72CE7BDA3522ECEB5FC6761B696471586397064D9F1F1988CEEE88
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........*.h.....i.....j.....k.....l.....n.....o.....p.%...r.+...s.<...t.E...v.Z...w.g...y.m...z.|...|.....}...........................................................................................8.....C.....L.....c.....k.....s.....................................................".....0.....<.....I.....i.....y...............................................7.....Q.....Y.....d.....x...........................................................@.....d.....t.....z.................................................................%.....B.....P.....z...........................................................'.....?.....U.....m.....t.....w.....x.........................................A.........................................&.....:.....C.....M.....Y.....^.....s...................................K.....].....b.....j..................... .....".....%.....(.....*.....+.....,.1.....B.../.Z...0._...1.....3.....4.....5.....6.I...7.Y...8.l...9.z...;.....<.....=.....>.....?.....@.....A.)...C.L...D.U.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\ja.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):467624
                                                        Entropy (8bit):5.717194018338214
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:8209DD8CF4E416416E015FF239B7C483
                                                        SHA1:7AFFD1707B9EEC52C26A4C17708C8471C369E2F6
                                                        SHA-256:3ACCFD9A1833DDEEDB2082FB94101BEB59B555C60F42E3070E9E04A372EBA84A
                                                        SHA-512:6A58A1EA8A46C325CAC0629F2E3B571532A9A2A342ED61CA47BD1DCEE20CE0B0350E4F6D3E8E4C6903C7BA4A4592A6382BF0FCB5437FEBD1673B3C2CE8CD7499
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.~...i.....j.....k.....l.....m.....o....p....v....w....y....z.....|.....}.............#.....+.....6.....>.....M.....R.....Z.....a.....h.....o.....q.....v...................................".....J....._.....q...................................9.....Z.....f.....u...............................................I.....O.....^.....m.............................!.....3.....Q.....o.....u.....x.....~.......................+.....[...........................................................8.....D.............................7.....d.....y.....................................................J.....s.....................................................<...........................................................$.....0.....6.....?.....Z.....~.............................v....................................... .....".....%./...(.k...*.....+.....,.........../.....0.....1.N...3.e...4.....5.....6.....7.....8.8...9.V...;.t...<.....=.....>.....?.....@.....A.+...C.R...D.h...E.....F.....G...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\kn.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):932385
                                                        Entropy (8bit):4.237599748173454
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:D3D6BC60BEAD608E68E776E07D21AD30
                                                        SHA1:E40E38CA99026056C127E9E1A1FF821A50310887
                                                        SHA-256:90B2DF3338468E84E2CF2F2F67597CBA5C3CEB5DBA9C59EBD072EC15A70CE741
                                                        SHA-512:05421DB2F1202573A34DE1E722C6BDB55A35821C4AEBD54C80E6594FC92075CD9B97E5BFDFE93B4228C3A2646B92A27DA4722EF3826E2807238DCC56BA273706
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...r._...s.p...t.y...v.....w.....y.....z.....|.....}...........................................................................................I.....a...........................................................b.......................0.....L.......................o.......................3.....P.....x...........W.....f...................................-.....c.................k...........................................................8.......................H.....y.........................................?.....{.............................b.......................N.....U.....X.....Z.....r...................................(.................o.......................2.....W.....c.............................R...........5.....|...........7.............................=.....a... .v...".....%.1...(.i...*.....+.....,.........../.>...0.\...1.....3.....4.Z...5.....6.'...7.W...8.....9.....;.!...<.>...=.X...>.....?.....@.....A.X...C.....D...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\ko.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):392823
                                                        Entropy (8bit):6.0906426657235135
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:B31780FFF9541290C1D9F5B76141430D
                                                        SHA1:8B0FBDCCD0A7F8141846763A0D27E4E0DA0552DC
                                                        SHA-256:B04C1B91CAB31054BE70CB851DC6716065545445801045DACEB96EEEE4D2334A
                                                        SHA-512:A573DD09520059832E7F53386A64DCDDE47452B02CE1E5D7E11385ABBC8B734DCEE0065B4CA351591BF9CC2F66FAE204B9300702246D20265E8DDFF4F7C1E6D8
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.h...i.y...j.....k.....l.....m.....o.....p.....r.....s....t....y....z....|.....}.........................*.....2.....A.....F.....M.....T.....V.....[...........................................................S.....c.....e.....i.....................................................4.....A.....T.....h.....x.....~...............................................!.....4.....G.....M.....P.....V.....w...................................&.....=.....C.....K.....R.....[.....h...............................................E.....b.....................................................*.....:.....G.....`.....v.....}.................................................................a.....t...........................................................+.....B.....n.........................................+.....=.....J... .M...".W...%.~...(.....*.....+.....,......./.../.L...0.X...1.....3.....4.....5.....6.+...7.A...8.X...9.h...;.....<.....=.....>.....?.....@.....A.....C.$...D.4...E.U...F.l...G...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\lt.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):422255
                                                        Entropy (8bit):5.633215797024677
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:7B6BF901352885C0699DB71239B7CF24
                                                        SHA1:9E3EC5F327C0D0E54A449332061E60A8C79243CF
                                                        SHA-256:9200A9509BD77834D9912F4BA8F4219D2B9BD2CDAD49A11873DB30E99B9D1350
                                                        SHA-512:79EBEF723FB4C17581EB869B4B4E1A364A3D28DF0E168E7E1A3583E0C1EC5B9716DD270925C0545B8247421A64B03705F10910FE3416900DE9258840C470D580
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........+.h.....i.....j.....k.....l.....n.....o.....p.#...r.)...s.:...t.C...v.X...w.e...y.k...z.z...|.....}...........................................................................................-.....8.....P.....|.....................................................3.....<.....J.....X.....h.....|.....................................................'.....;.....l........................................................... .....=.....j.....................................................0.....J.....b.....u...............................................3.....A.....S.....^.....o.......................................................................#...........5.....?.....Q.................>.....H...................................<.....Y.....c.....g.....n.............................*.....P............................................. .....".....%.3...(.V...*.....+.....,.........../.....0.....1.....3.,...4.L...5.t...6.....7.....8.....9.....;.(...<.9...=.G...>._...?.h...@.{...A.....C...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\lv.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):420273
                                                        Entropy (8bit):5.634694836403351
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:E664EB35F1284E9FC615E1BB4FAB892B
                                                        SHA1:E777653ABEC377A394170B04F79E78ACBE4B6A3B
                                                        SHA-256:B5A31CBFCB40AD8D911DE1618C4EB7E8CC67B97EB8878220F15D40EB014D8AC8
                                                        SHA-512:C3232997E8D306E91DED72E9D81FFAE2018AF3E6C32FE620532E03BCCD2883FCE59B2A2290A1580D7080C468C02BCD24C1BC90051F06BFA9A4E17857D4AA583F
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.....k.....l.#...n.+...o.0...p.=...r.C...s.T...t.]...v.r...w.....y.....z.....|.....}...............................................................................".....5.....K.....W.....`...........................................................3.....:.....G.....W.....b.....t.....................................................%.....;.....r.......................................................................'.....=.....T.....i.................................................................@.....P.....h.........................................$.....6.....W.....Z.....k.....~.............................................................................X.......................N.....o...........................................................D.....[.............................).....0.....9.....I.....j.....w... .....".....%.....(.....*.....+.....,.......2.../.L...0.\...1.....3.....4.....5.....6.....7.<...8.P...9.b...<.m...=.w...>.....?.....@.....A.....C.....D.%.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\ml.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):971210
                                                        Entropy (8bit):4.276958305566997
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:00292B0801E0DD0A74091BF53F1574C9
                                                        SHA1:63A002E7A8796BC4B4459A19C95CE426FBD1EC7F
                                                        SHA-256:61A372F170DE0A22712BE980C3C78B22035EBF40CE79332FAB75CDCC4208C9E6
                                                        SHA-512:E2E15F66851AA435E3BF4DE6672F4AA8B01204D8EFE11EC6EE9A51D9877EC4F2E71D7E9547D6EAB9BFA04AF1BEA71FA72AA4963FA08B48717BF1C3FD21C00CD5
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.....k.,...l.7...n.?...o.D...p.Q...r.W...s.h...t.q...v.....w.....y.....z.....|.....}.........................................................................o.................,.....G.....o...............................................+.....u.......................E.....a.................8................./.....V.....q...............................................G..................................._................._.................H.....c.....k.....r.......................@.....d.................4.....X.................d.................,....._.............................;.....{.................,.....3.....6.....8.....Y.....w.............................;.............................r...........*.....X.....a.........................................w...........#...........N.....l.......................5... .J...".....%.8...(.....*.....+.....,.......K.../.....0.....1.G...3.g...4.....5.....6.....7.....8.b...9.....;.....<.....=."...>.U...?.k...@.....A.....C.b.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\mr.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):791455
                                                        Entropy (8bit):4.3135267028909485
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:B9A2AA88C69C42EBCC41FEF00C980A38
                                                        SHA1:9E373DFA11F95C31FFDCA70BD83D2F66E1DDCEF8
                                                        SHA-256:481FAF7DD66CF10A476D8B156FB4EA452F920322D8007F7E25D41B2837BDBC09
                                                        SHA-512:5F4582723429A44DD517322BABAE4466EFB4E8723C0247754E2A9A2929133D6FEE5C3533C4CF567954E2A5AAB47940A136A178405DE36E38B50E8D4A6D5C504F
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........W.h.z...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.+...|.1...}.C.....K.....P.....X.....`.....h.....o.....v.....}.....~.......................#.....E.....d.....y.............................Q...................................$.....R.............................L.....q.......................).....?.....^.....~...........#.....V.....e.....}...................................&.....^.......................`...............................................6.......................1.....Z.....p.................M............................. .....S.....V...................................5.....<.....?.....A.....T.....c.......................T.......................C.....k...................................2.....A.....J.....v...........$.......................].............................".....F... .a...".....%.....(.....*.P...+.S...,.q........./.....0.....1.p...3.....4.....5.....6.i...7.....8.....9.....;.U...<.l...=.....>.....?.....@.....A.+...C...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\ms.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):360077
                                                        Entropy (8bit):5.260838745619664
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:D5DA199F347452C5904BFF9332A08F84
                                                        SHA1:B5FB8C22708A7E3130684F1A9923B6DAB10C3AE5
                                                        SHA-256:FE58CC4F62FC31E32C1FB9A0893A5483391AB6A91B1C92ED4A5E3103A962DA7A
                                                        SHA-512:9FDDEB376BECECC51DEC997B3ED1E22821340FA172636F641AF774DAE8BC9B5C0780757380BF3FA8DF0F9682A555EDE81C449AE9468F63215C17123D13EE9F35
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.....k.-...l.8...n.@...o.E...p.R...r.X...s.i...t.r...v.....w.....y.....z.....|.....}.........................................................................,.....?.....S.....m.....r.....{.....................................................4.....T.....].....k.....|.......................................................................,.....[.....r.....y.......................................................................5.....Y.....g.....l.....t.....{...........................................................5.....A.....l.................................................................+.....B.....U.....\....._.....`.....j.....t........................................./.....6.....x.................................................................0.....H.....o......................................................... .....".+...%.W...(.p...*.....+.....,.........../.....0.....1.....3.....4.<...5.O...6.....7.....8.....9.....;.....<.....=.....>.....?.$...@.9...A.a.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\nb.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):353073
                                                        Entropy (8bit):5.434649203159394
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:BBAE0915EDEC081B04BB903B689BC40B
                                                        SHA1:6A0FC635CE1C431E512B8B3B8448176AA4025556
                                                        SHA-256:D565C6C95DAD89D3F2B7210DE4EC3FC437633DE4DCFC994FDE0704B92BB53FF8
                                                        SHA-512:573A9FE43213829A6A4B39E67BE25BC330B417750EA6D66E26163DE7A80C29F6F5DEEB841D9FF8303595943A81FC01AB668AAB02A5CAC4EDA078ED06120138B4
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........,.h.....i.....j.....k.....l.....n.....o.....p.'...r.-...s.>...t.G...v.\...w.i...y.o...z.~...|.....}...........................................................................................(.....0.....:.....X.....g.....p...........................................................).....0.....<.....h.....y.....................................................$.....7.....>.....C.....S.....`.....d.....o.....t.........................................".....-.....1.....9.....@.....F.....T....._.....t.....|......................................... .....6.....?.....M.....W.....c.....w.....z.........................................................................................>............................. .....8.....c.....t.................................................................G.....p....................................... .....".....%.....(.....*.+...+.....,.L.....].../.n...0.s...1.....3.....4.....5.....6.....7.+...8.G...9.Z...;.j...<.r...=.}...>.....?.....@.....A.....C...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\nl.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):364917
                                                        Entropy (8bit):5.374610988850793
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:9F547A24E2840D77339CA20625125B4C
                                                        SHA1:23366411B334F990A0328A032B80B2667FDA2FCD
                                                        SHA-256:55413D5EDDB3300E0AE0FA5D79D26FDF1E5A12922D7018C8054B1FAA9D660301
                                                        SHA-512:34DA7A0B58EE3904D00CF02D16D5A3EF508FB708D7C0A887286FC32CD6145B2BD857D317C784D1D1B17662041EADCF7E225908980EB93F2B81161D845C0BB67F
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........0.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.0...t.9...v.N...w.[...y.a...z.p...|.v...}...........................................................................................!.....*.....3.....N.....V....._...........................................................%.....2.....?.....\.....p.....................................................<.....Q.....V.....b.....w.....................................................#.....B.....d.....p.....w...........................................................!.....9.....R.....y.....................................................".....5.....P.....d.....w.....~.....................................................=.........................................%.....5.....=.....F.....J.....N.....c...................................+.....@.....I.....T.....a.....s.....{... .....".....%.....(.....*.....+.....,.........../.%...0./...1.h...3.t...4.....5.....6.....7.....8.....9.&...;.6...<.D...=.R...>.i...?.v...@.....A.....C.....D...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\pl.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):406111
                                                        Entropy (8bit):5.769713658354436
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:0DC77139D3530695CB4E85B708BC0BF6
                                                        SHA1:6915655AFD1E37361C011F5C2113D72C7A0E85BC
                                                        SHA-256:53B59486361B11512FB90F15065104B15EE2322BB7804F859CDE2F2ECF9581FB
                                                        SHA-512:EE1CA1D99AC279DF4CC0E532AEF2FC531061736B636A84310BDBD627E0F2435EAC1A386EBB19AA901B6EAE3929BDA1C5DA4F41B73A25A1B20137522E34547600
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........+.h.....i.....j.....k.....l.....n.....o.....p.!...r.'...s.8...t.A...v.V...w.c...y.i...z.x...|.~...}...........................................................................................0.....9.....I.....d.....p.....x...................................................../.....D.....N.....Z.....z...........................................................6.....J.....P.....W.....c.....p.....u.....~...............................................1.....C.....J.....R.....Y....._.....k.....y...............................................+.....Q.....|.................................................................,.....C.....J.....M.....N.....Y.....e.....o.....v.......................a.....f.......................1.....:.....S.....b.....n.....x.....}...................................:.....t....................................... .....".....%.....(.+...*.K...+.N...,.l........./.....0.....1.....3.....4.....5.1...6.h...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.C...C.`.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\pt-BR.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):383845
                                                        Entropy (8bit):5.435372588556084
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:A064CB9D7CF18936600E9CCC03297006
                                                        SHA1:EB436A0C584BA91ACB05DFCCDE139AFBE26FE9F4
                                                        SHA-256:C9EC3822044365457B8736348CF95A8E39BDFE3ED36267449BF3ED739ACCEF2E
                                                        SHA-512:95AF684ABF9D24CFC4D0668A02DA1E2E69F5E671D671D8CDFADC22EC991908C6AA5663FE1FA88CA8E85C0508F409FA6C2BBC174C53674270F2B188018D358415
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.....k.,...l.7...n.?...o.D...p.Q...r.W...s.h...t.q...v.....w.....y.....z.....|.....}.........................................................................).....;.....K.....m.....t.....}.....................................................-.....F.....N.....].....l.....u...............................................".....2.....C.....U.......................................................................#.....<.....\.....}.......................................................................H.....R.....n.....{............................................... .....1.....C.....T.....j.......................................................................N...................................(.....2.....I.....P.....Z....._.....d.....y...................................F....._.....e.....m.....{............... .....".....%.....(.....*.....+.....,.).....:.../.N...0.W...1.....3.....4.....5.....6.....7.!...8.9...9.L...;.\...<.f...=.r...>.....?.....@.....A.....C.....D...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\pt-PT.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):385779
                                                        Entropy (8bit):5.412080368254187
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:3F367760B57A5E4360DABCD4A650BC5F
                                                        SHA1:8D7CD6B0EB42361EE862455ECFA475D28F5AA934
                                                        SHA-256:C89170385B3AFB2EC89FBD61B8470AC718713C7296441C8430F173DAC218E74B
                                                        SHA-512:3DC30780D57DEE91215A716DC6B4CB432838AA0161AF4371F49F70DB2076BD155B170FD2C1617F59E1B572144A2E150A34143EDA82D9F2227D24D2281D5ABA60
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.+...j.7...k.F...l.Q...n.Y...o.^...p.k...r.q...s.....t.....v.....w.....y.....z.....|.....}.........................................................................D.....W.....h.....}...........................................................).....8.....R.....X.....f.....u.................................................................@.....R.............................................................................4.....U.....w.......................................................................F.....P.....Z.....t...............................................&.....).....:.....N.....b.....y................................................................. .....Z...................................*.....4.....N.....].....g.....p.....u...................................0.....c.....|................................. .....".....%.....(.....*."...+.%...,.C.....Z.../.u...0.....1.....3.....4.....5.....6.Q...7.e...8.{...9.....;.....<.....=.....>.....?.....@.....A.3...C.Y.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\ro.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):396852
                                                        Entropy (8bit):5.466959000975525
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:745A9B8C6422682F2CFA5561CC1F4022
                                                        SHA1:31E3616EF09F9B1FD1C41CF8F43E504A6F90276F
                                                        SHA-256:7247470057A936D03BFA2A8776508AB66AA1040C41A4EB8F79C1E93551C74BB8
                                                        SHA-512:8E0B7F98CB842A862CECA65E0166462275FEED26C32C9C299ABA9986D36B716A90D4A8DB5CCEF355AC266B7E969071014CC7AB6439778E77C52754BC23B4C575
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........2.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.*...t.3...v.H...w.U...y.[...z.j...|.p...}...........................................................................................$...../.....:.....T.....\.....g.....................................................(.....8.....C.....T.....~.....................................................^.....~...........................................................8.....c...........................................................#.....8.....?.....O...............................................,.....>.....N.....b.......................................................................!.....-.....:.....C.....S.................<.....D...............................................6.....<.....B.....d............................. .....U.....r.....y........................... .....".....%.....(.....*.5...+.8...,.V.....p.../.....0.....1.....3.....4.....5.....6.R...7.g...8.~...9.....;.....<.....=.....>.....?.....@.....A.)...C.O...D.\.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\ru.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):649385
                                                        Entropy (8bit):4.848469177681883
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:5CC0F54E022A9996773DBD64906D5580
                                                        SHA1:87C103BD69724579B478F904235E03CAF61D5D79
                                                        SHA-256:B4223B56EC88235819A427D60BB937EB3984076523F02A018F57819E0429BEA9
                                                        SHA-512:B3365FEDCBA50643CECF1A70297E1E67990D63AE05CAA87DE01A70EF6F28E0F73A9A0EDB0FF80B4138C624E51AA2DAC065A2D40877FC92137714AE07734C2F4A
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.....k.....l....n....o....p....r....s.....t.....v.....w.'...y.-...z.<...|.B...}.T.....\.....a.....i.....q.....y.....................................................$.....<.....S.....y.........................................".....J.....a.........................................4.....`...................................6.....H...................................6.....F.....I.....W.............................&.....V...............................................%.....I.....Y.....v.......................).....p.............................4.....7.....X.....w.....................................................1.....I.....^.....v...........}...................................%.....?.....r...................................4.....g.................H...................................7.....H... .V...".u...%.....(.....*.?...+.B...,.`.....}.../.....0.....1.....3.4...4.g...5.....6.....7.2...8.`...9.}...;.....<.....=.....>.....?.....@.&...A.....C.....D.....E.*...F.g.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\sk.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):409304
                                                        Entropy (8bit):5.822419891601661
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:72946B939F7BCAA98AB314CFBA634E0B
                                                        SHA1:71C79A61712C8C5D3DAC07A65D4C727E3B80AB17
                                                        SHA-256:75F179897CAD221CA6E36B47F53CEAD7F3FB4159EE196F1D10A5181B84E1B5B7
                                                        SHA-512:2A8FA7108C58F4CB263900A555714D5638D961D14D9F4DDF8A9AB5B880AFDBC5D2325FED1E158DBAF42A9CD20E8E372E6A8F52FCE842A6940EA52E43E4A1F1E5
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........+.h.....i.....j.....k.....l.....n.....o.....p.&...r.,...s.=...t.F...v.[...w.h...y.n...z.}...|.....}.....................................................................................#.....5.....@.....I.....i.....x...............................................7.....=.....M.....[.....f.....{.....................................................%.....9.....l.......................................................................F.....].....w.................................................................B.....N.....n...............................................'.....*.....<.....J.....[.....k.....~...........................................................*.......................:.....N.....n.....................................................>.....Y.............................8.....@.....L.....Z.....t.....~... .....".....%.....(.....*.....+.....,.........../.G...0.Q...1.....3.....4.....5.....6.....7.....8.6...9.N...;._...<.k...=.v...>.....?.....@.....A.....C.....D.....E.:.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\sl.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):394536
                                                        Entropy (8bit):5.488838976336518
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:4AD22C6C64DBE0FC432AFAA28090C4D9
                                                        SHA1:19EB65AE52A585DBD9C25C32F22B099020C43091
                                                        SHA-256:6002C129A56558832E9BD260C427C0BD2E1566E0AEA3AD999F89C8E479534F9B
                                                        SHA-512:94F9D34E76560059EF80FC04BE4D54E52A7D934DD28747DB7F0F6684243B841087245699A471A55D667623D2CE5E597A3D2C6BC37CFD7EBD2F5B8FB40E6207E7
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........;.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}......................................................................................... .....G.....[.....m.....................................................&.....0.....;.....I.....j.....z...........................................................1.....6.....=.....Q.....d.....g.....j.....r.........................................2.....V.....[.....c.....j.....r.....................................................1.....D.....q.................................................................3.....J.....^.....e.....h.....i.....t.....|.............................'.....i.....o.......................;.....H.....[.....`.....k.....w.....}...................................=.....p....................................... .....".....%.....(.....*.B...+.E...,.c........./.....0.....1.....3.....4.....5.....6.Y...7.q...8.....9.....;.....<.....=.....>.....?.....@.....A.U...C.q.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\sr.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):610139
                                                        Entropy (8bit):4.770245925932103
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:FCA817ED4B839B976EBCBF59CAC66D68
                                                        SHA1:413EFA65470319999032B6A25B3B2EE33B8CD047
                                                        SHA-256:524ACC64E70918A77CDA43FD9B27A727645B28AD2D4CCE16B327105101C8BBEB
                                                        SHA-512:CB246D5C5CEA30D6E7514841AB93803984CDA37461A09B6C340CA64F7CBCE4E1212951A4DE421D928D433A619DAC18454FB403B42581757B76C7EB124CE70CF2
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.....k."...l.-...n.5...o.:...p.G...r.M...s.^...t.g...v.|...w.....y.....z.....|.....}.........................................................................C.....m.............................,.....S.....i...................................-.....a.....o................................... .....9.....o.........................................u.....................................................6.....Z.....z.......................I.....i.....w...............................................-...................................6.....p.........................................8.....Y.....|...........................................................#.....9...........i...................................8.....Q.....}...................................1.....\.......................f....................................... .#...".J...%.....(.....*.....+.....,.......2.../.^...0.g...1.....3.....4.....5.M...6.....7.....8.....9.@...;.S...<.k...=.....>.....?.....@.....A.M...C...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\sv.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):355553
                                                        Entropy (8bit):5.541525975721155
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:5130A033016B45AE2C3363EDB3DF7324
                                                        SHA1:9F696D78B1B9EFEC180DC89EE0DEFC3BA23E6677
                                                        SHA-256:3420A1FBCCA5BF8C2D65D6DCB0DB78B03F95F7F2FC56479A0DE6E3312333CE6F
                                                        SHA-512:401B71360DCACF3B1FDC411C92195051370DB110863CBED37143263E7804CB24B75FF1908EE39EE848C28776DF00D6EDD8CC748ACF3725668AF7815929E8066B
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........F.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v."...w./...y.5...z.D...|.J...}.\.....d.....i.....q.....y...................................................................................'...../.....:.....f.....z.....|...........................................................=.....N....._.....{................................................................./.....?.....C.....M.....T.....m...................................".....-.....3.....;.....B.....H.....U.....g.....~...............................................,.....K.....S.....`.....k.....v...................................................................................$.....,.....7.....r.......................O.....`.....p.................................................................E.....d................................................... .....".....%.5...(.R...*.r...+.u...,.........../.....0.....1.....3.....4.*...5.?...6.w...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.+...C.J.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\sw.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):373906
                                                        Entropy (8bit):5.347857294366775
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:9632DD7D883FA4DEB3963EA663E0FFD4
                                                        SHA1:0DB135BE4B3A7C54C39E9DF5034D5576B68EA92E
                                                        SHA-256:690027C4A31C4AEA00B7D1B32EC6CD3FA50B1EAC412AE273AB15E72EB485DD6E
                                                        SHA-512:3AAC1857784DFECD2AE5F7C4056F58E27A966A6CB949E02EABA56FC1FC283243ED6213F17628D62D435E33FA4771EB43623F25DA6510AA4CE6F2149F72AB0D37
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........!.h.....i.....j.....k.....l.....n.....o.$...p.1...r.7...s.H...t.Q...v.f...w.s...y.y...z.....|.....}.....................................................................................'.....;.....G.....U.....j.....q.....}............................................... .....,.....?.....L.....a.................................................................B.....W.....a.....n...........................................................).....M.....m.....{...........................................................-.....?.....M.....l...............................................J.....M.....\.....r.........................................................................................g...................................".....,.....D.....J.....T.....Z.....b.....|...................................S.....`.....d.....m..................... .....".....%.....(.....*.%...+.(...,.F.....f.../.{...0.~...1.....3.....4.....5.....6.;...7.R...8.n...9.x...;.....<.....=.....>.....?.....@.....A...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\ta.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):959344
                                                        Entropy (8bit):4.055885266108582
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:F100566697A96CE1F0A0C7E0BBFBE36D
                                                        SHA1:4C80A4930BA7D174C4203C199492463242BDDF62
                                                        SHA-256:7E818DEEDD50A533851BBF08E056BF2AD8D45F442A1A61D9B48E66804EA848DB
                                                        SHA-512:DFA6132A5B7E819E8D326BF5EE539D9ECB2DCD7FEA429C75AFEC2291DF9EEEAD6FA347B01F9FEAF2235BCE627FD39116176195F7A3D7D74DE28951F939DB1645
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........Q.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.4...}.F.....N.....S.....[.....c.....k.....r.....y.............................!.....O.....}.......................J....._.....n...........B.....D.....H.....p.................7.....e.......................s.......................A.....\.....x.......................{.................4.....h...................................M.....d.................l.........................................B.....^.......................c.........................................4.....w.............................B.............................i.....p.....s.....t...............................................i...........%.....c...........7....._...................................G...........................................................8............... .....".....%.Q...(.....*.#...+.&...,.D.....{.../.....0.....1.I...3.x...4.....5.W...6.....7.1...8.....9.....;.....<.....=.>...>.}...?.....@.....A.....C.s.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\te.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):890208
                                                        Entropy (8bit):4.3020895110199895
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:B1B6A9E3A04BE79080EBBFACC1A0EB2D
                                                        SHA1:A5C8EB6A930062F6021D073D5F74AE146DC7FBC8
                                                        SHA-256:D839531C4FF4A2885C993E0D358F78667215B0950C77A06EF01A6ACFF9221C5B
                                                        SHA-512:BF0B163C8FC3988BFEB3CBB4B981596CE5AFDF7E40149622FC3B60994E7D8EFA5BB24C830036D168A6638FECA48B8755AEFA8640FAAE37055CAE8FFFB6A85568
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i. ...j.,...k.;...l.F...n.N...o.S...p.`...r.f...s.w...t.....v.....w.....y.....z.....|.....}...........................................................................................8.....P.....o.......................v.............................D.....s.......................<.....y.................>.......................).....T.................9.............................M.....Y.....\.....z................._...........<.................9.....Q.....Y.....`.....x.......................C.....~.................-.....o...........4.....y.......................).....p.....s.............................Q...............................................9.....F.....r.....1.......................j.................p...................................+.....u...........8.................k...........`.....l.......................B... .T...".y...%.....(.7...*.....+.....,.........../.4...0.R...1.....3.....4.Q...5.....6.....7.W...8.....9.....;.....<.4...=.T...>.....?.....@.....A. .

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\th.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):748585
                                                        Entropy (8bit):4.347311632078181
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:A970B7E9D3AEC2CD1B8AB798B3179F07
                                                        SHA1:BF17A7E80E01AC1704A1EFDF27BAF271B4C21E36
                                                        SHA-256:CD80BF232F2F128A3D411F52C8039987559DBC1055F746EED6E0E8478B116DC1
                                                        SHA-512:880555A2AC2F278AECB8794D8CC51F0833052E9F4CA187ED91FA35BB475E68AE3255CFE1DC074EAC960C73C203E62C6B38077B266F5FAB66CCC3CA73E94D4D60
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.....k.....l.....o.....p....r....s....t....v.....w.....y.....z.....|. ...}.2.....:.....?.....G.....R.....Z....._.....g.....n.....u.....|.....~.............................p.............................%.....n...................................G.....Y.............................+.....J.....h.............................L.................R.....................................................8.....e.......................4.....g.....z...............................................8.....b.......................g.................3.....Q.....r...................................5.....R.....o...............................................)...........>.................\.................X.....p...................................'.......................1.....i...........#.....,.....A.....t............... .....".....%.-...(.{...*.....+.....,.........../.C...0.V...1.....3.....4.D...5.....6.....7.8...8.q...9.....;.....<.....=.....>.F...?.w...@.....A.....C.....D.*...E.].

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\tr.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):380144
                                                        Entropy (8bit):5.625908876462877
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:46F9B2A35EFDF1120A8A946E4F1D0115
                                                        SHA1:AF7BEC1FBA32D912B50288A7D988440627E4EE85
                                                        SHA-256:B22FC7B75C52CC142F201D5CF107D17C1B173A494A6ADD022127F559FB46BCB0
                                                        SHA-512:CD67F9C328408A8295F224AEC190C7C411A868755FC5C9E90B4985B3C41A05D6D34DD30D4A3866F6C24E1D640F4C324BFBA8C7AB806A6B216151CF0A504A03D7
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.2...i.C...j.M...k.\...l.g...n.o...o.t...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................#.....*.....+.....,...........i.....................................................".....<.....>.....B.....j.....................................................%.....1.....T.....e.....j.....p.....................................................$.....&.....).....0.....G.....[.....k.......................................................................Q.....].....k...................................,.....;.....G.....R.....b.....u.....x...................................................................................".....1.....r.......................E.....Z.....l.................................................................b.....................................................#... .....".C...%.m...(.....*.....+.....,.........../.....0.....1.0...3.=...4.S...5.v...6.....7.....8.....9.....;.....<.#...=.0...>.C...?.L...@.Z...A.....C...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\uk.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):649248
                                                        Entropy (8bit):4.881146467003646
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:3B2A976A25DCA963E91DF3695C502D8C
                                                        SHA1:CE7AE51211F512C3723BB43EA0DE9E6DEBB70597
                                                        SHA-256:28EA88F19B2C34699D535CA0C691449B7E4001C12E8AED8D04B2078916E88A37
                                                        SHA-512:BA41EE074239AFDF8F194B4CCB33060FA9655E3CCDAC6A16090959D3214F8DB15396B3E038D7DE26C478FDD003472F680D2B6AC9A92ACAF6EBF8AA258747ECC6
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:........o.j.h.T...i.e...j.q...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.............!.....).....1.....9.....@.....G.....N.....O.....P.....U.............................4.....=.....f.....t................. .....".....&.....N.....i.........................................U.....d...................................#.....I.....]...................................!.....+.....;.....K.....w.............................>.....m...............................................<.....H.....a.............................P...............................................9.....\.....................................................$.....6.....I....._...........u...................................N.....l...................................".....^.......................G...................................E.....V... .d...".....%.....(.....*.K...+.N...,.l........./.....0.....1.Q...3.j...4.....5.....6.*...7.M...8.}...9.....;.....<.....=.....>.....?.(...@.I...A.....C.....D...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\ur.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):565721
                                                        Entropy (8bit):5.152477095766346
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:BA86F1F13FDC37A2C48C1DA34C84F4C4
                                                        SHA1:2F1578D0EEE76E60EFFB63967712B15C0D56829E
                                                        SHA-256:4C7AFFDCC324CD791D10E235DA809CE7501E8005BE64340B6E8BF5595647A707
                                                        SHA-512:FB2FE1548574DA860BF27408A4F29D781FCEFC300F744F4214843F343E343AD8BAE29CB7047F87F5C3277641F561C6A30E5BC9D6490AFBEFC7AF36974305A688
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..........,.h.....i.....j.....k.....l.....n.....o.....p.....r.....s./...t.8...v.M...w.Z...y.`...z.o...|.u...}.........................................................................>.....V.....p.........................................+.....P.....S.....W..................................."...../.....Y.............................).....3.....F.....`.......................$...........A.....`...............................................@.....v.........................................1.....I.....Y.............................+.....E.....w................. ...../.....M.....Z.....u.........................................%.....F.....M.....P.....Q.....d.....s...............................................|...............................................-.....3.....W.................&.....O...................................-.....[.....l... .z...".....%.....(.....*.....+.....,.4.....V.../.....0.....1.....3.....4.&...5.X...6.....7.....8.....9.4...;.I...<.W...=.g...>.....?.....@.....A.....C...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\vi.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):449888
                                                        Entropy (8bit):5.8097688235728375
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:065179C466C5B7457E249F11D152B99F
                                                        SHA1:CFC05E9DFB91B2AF2944AED4718FA05B43844914
                                                        SHA-256:B75694E390BD2E20780B3BC72F6E1473BA45D7537C27642A7D888DFD3BB6C3BB
                                                        SHA-512:FB598391A028B7D3C7E25CAE21CCFDE655E6F871E498767A54F7CF0D5D4E48207213CD2598CA88E4F46C303CD2D8175238A5A5B720AB37BEEC1873D681165A8D
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:........e.t.h.@...i.Z...j.f...k.u...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................&...........5.....<.....C.....D.....E.....G.....j.....{.............................................../.....N.....P.....T.....|...............................................J.....\.....l.....................................................".....,.....7.....H.....a.....e.....h.....l...................................*.....G.....W.....].....e.....l.....q...................................E.....V.....c.............................&.....1.....?.....R.......................................................................$.....-.....9.....C.....U.............................b.....}.....................................................5.....o.............................?.....V.....[.....f.....|............... .....".....%.....(.....*.@...+.C...,.a.....}.../.....0.....1.....3.....4.....5.....6.O...7.l...8.....9.....;.....<.....=.....>.....?.....@.....A.K...C.x.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\zh-CN.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):327259
                                                        Entropy (8bit):6.68138343427315
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:2FEBE4EF32E1A3884089908F402AD62F
                                                        SHA1:E65C54ADC127B78494DD6189CCA71F1C7BD2A5B0
                                                        SHA-256:A7AC9FDA6F4CD189B75FDADC4B70CD0D369A09B66EAEB5D032678CB97FFC98F6
                                                        SHA-512:8E8B030AF4C952C32EC277850D5573414630FF5196EAED52820F44E9C5BD03AB6F71A8ADD19215B0456EED859BE0D5A6F28D48E12F1677D39842F35FEFFD5E57
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:........3...h....i....j....k.....l.....m.....o.....p.....r.....s.'...t.0...v.E...w.R...|.X...}.j.....r.....z.........................................................................................,.....C.....I.....S.....}...........................................................#...../.....^.....k.....w.......................................................................+.....=.....C.....I.....O.....j.................................................................!.....-.....9.....T.....Z.....f.........................................2.....A.....G.....V.....e.....z.....}...................................................................................'.....1.....^.............................-.....?.....`.....l.....x.....~.....................................................7.....d.....y................................. .....".....%.....(.....*.....+.....,.>.....S.../.h...0.}...1.....3.....4.....5.....6.....7.3...8.H...9.T...;.p...<.....=.....>.....?.....@.....A. ...C.G...D.W.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\locales\zh-TW.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):324394
                                                        Entropy (8bit):6.696029954696818
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:02E9E0BC5C30CA60A869EA761FB662EB
                                                        SHA1:C5200F692544B681AF8757627DA430AEEA4283EE
                                                        SHA-256:C5061EC00BD969F76F3C0C6FF15DDACAFED7491260BD8CED78118691BA57BDFF
                                                        SHA-512:07B5F401F89DFC36499A3E74318B471D9B2E795DC363DFD5A9394089D4783A4B51FD78E2092701B6974F1C51020F3B5F81171CE21690F8547FF3C8F3D54CE781
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............h.....i.....j.....k....l....n....o....p....r.....s.....t.....v.%...w.2...y.8...z.G...|.M...}._.....g.....l.....t.....|.......................................................................(.....4.....G.....q.......................................................................-.....:.....F.....X.....d.....j.....p.....|.......................................................................'.....6.....E.....W.....i.....{.............................................................................:.....F.....a.....|...........................................................'.....9.....M.....a.....s.....z.....}.....................................................#.....P.....V.......................................................................C.....[............................................................... .'...".9...%.T...(.l...*.....+.....,.........../.....0.....1.....3.+...4.C...5.d...6.....7.....8.....9.....;.....<.....=.....>. ...?.*...@.?...A.s...C.....D...

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources.pak

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):5374622
                                                        Entropy (8bit):7.995217547278778
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:F5AB76D2B17459B5288B6269B0925890
                                                        SHA1:75BE4046F33919340014A88815F415BEB454A641
                                                        SHA-256:4F29587BCD952DE1DBC0B98DF0AA506BD9FCF447E6A7258C5EB7E9EB780E6D6C
                                                        SHA-512:6EC6A08418743ADB5E20218B73169BE4F45F5458592219497C3718E620E37871876788937418F1341E0023C1137F9CAC715E6BB941F4690FEBDDA993B072FEAB
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............f.......>'.....*....|-.....@...4.F...4.O...4.Q...4.b...4Yf...4.l...4@m...4kv...4o}...4.....47....4.....4;....4x....4v....4.....4....4+....4W....43....4.....4.....4.....4.....4.....4.....4?....4>....4F....4.....4.....4.....4x....4x....4.....4.....5Q....5.....5x....5"....5.-...5`M...5.P...5.W...5'X...5.X...5.Z...5y[...5.\...5%`...5.a...5|g...5.....5.....5K....5.....5_....5*....5M'...5.(...5.,...;M/...;.:...;.=...;.>...;.?...;.C...;RE...;.O...;_[...;Vg...<.r...<G{...<.~...<....<.....<W....<F....<.....<o....<.....<A....<.....<.....<.....<.....<L....<.....<.....<\....<.....<\ ...<."...<.#...<.%...<`'...<S....<w0...<.4...<.5...<.8...<.;...@.B...@)K...@.N...@.O...@.P...@.:...@.F...@.H...@TV...@._...@c`...@%j...@8s...@.}...A.....A.....A....A.....At....A)....A.....A7....AB....Aj....A.....A.....AU....A.....AI....A.....A.....A.....A.....A.....A.....A.....NW\...N.b...N.g...N.h...N.l...N.....Nw....N.....N0....N8....N.....N.....Nw....N....N[....N.....N.....NN....N.....Nc....N.....N..

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):7788868
                                                        Entropy (8bit):7.06263435745766
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:134E6EAAF2EBB923967B7DA2F7757A4F
                                                        SHA1:FC94FD5C8036A42FE6847FFA0AE3C043EF490055
                                                        SHA-256:856FB2F81DAD9E6E694DFC02A39EE489B56C8DBCB847EE85B9102E71F857EDF3
                                                        SHA-512:705BA659109BD1292D0FDF9EA489A0C795C5D3781BB43FB9CC3135CFF33DC7C7B2DCB22930215A939B73DF04E15CCE54A406A2D88E95B9DE4730C9B37AF10F6C
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:................{"files":{"03bc54259d3fb8fea2d4.webp":{"size":32932,"offset":"0","integrity":{"algorithm":"SHA256","hash":"e7884d7f2ed96c7cb7d1977ce2bc6b3b5d090d17d601496c6b4ddbba1663259a","blockSize":4194304,"blocks":["e7884d7f2ed96c7cb7d1977ce2bc6b3b5d090d17d601496c6b4ddbba1663259a"]}},"0a26b1ef9c09d048f75a.woff2":{"size":104128,"offset":"32932","integrity":{"algorithm":"SHA256","hash":"9a029514ed3f05b666311db4cbfe8d439e23e607b775d23d855d93c9216ec1e5","blockSize":4194304,"blocks":["9a029514ed3f05b666311db4cbfe8d439e23e607b775d23d855d93c9216ec1e5"]}},"11ade9867091ae2c5dea.webp":{"size":22550,"offset":"137060","integrity":{"algorithm":"SHA256","hash":"3159bad42e18399ff7370a9727825a9329cc032ea8f35e135d3098162c9ebba8","blockSize":4194304,"blocks":["3159bad42e18399ff7370a9727825a9329cc032ea8f35e135d3098162c9ebba8"]}},"1780ddc2c406534b65b6.webp":{"size":34500,"offset":"159610","integrity":{"algorithm":"SHA256","hash":"027952038c7fac691ef08f8e6c6963f192c2f2512dab51bff7def1aeae755672","block

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\GameLauncher.exe

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):24064
                                                        Entropy (8bit):6.583038812851247
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:7702354371B26E0BE266914003B091B5
                                                        SHA1:4C71F25C984D7194E0B6FF9C2DBE328D8FAB46A7
                                                        SHA-256:734559D17569B0D11280E345737A58070377852325A4FD6C2A5C27A551FB5A71
                                                        SHA-512:345C1FC1E3C544980E2CAF9664B23E1FE60E776C03D66536864C6208E2D59701E4897FAEC092211351D858AEC94203D96D0ECB330A131CDC46F0DC4B65E25CA9
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...vs..................,...........J... ........@.. ...............................Y....`..................................I..W....`...............6...(...........I............................................... ............... ..H............text...4*... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B.................J......H......../................................................................{....*2.{....{....*r.{....{...............(....*r.{....{...............(....*v.{....{................(....*..(......}......}......}......(....}....*J.{.....(....(....*....0..........s....%.{....{...............(....o....%.{....{....,%.{....{....o....,...{....{....(....+.(....o....%..{....{....(....o....%.(....o....*..0..v........{....{...............(....,..(....*.{....{....,?.{....{....r...po....,..{..

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\Microsoft.Management.Infrastructure.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):46848
                                                        Entropy (8bit):5.4814147435556695
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:85AEA3126E72E22A16188CA707483F1F
                                                        SHA1:30499CF888871ED8AA98387E466B49D92F9959F6
                                                        SHA-256:D9316E41DA05656B38A4DEAA3DE4E55A7D08FC0E28C95EEA40FC2C6C1C61BB99
                                                        SHA-512:4C95B26469DA2436883AF2541EB8FC9F2375BDFD275E16176948152A75AF6FDECD4B43FCF9582D13A0081A9C334426F38C5C9F09F422A1ABDA316AC1C652793F
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...dI.U...........!.....p.............. ........@.. ....................................@.....................................W........................'........................................................... ............... ..H............text....d... ...p.................. ..`.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\System.Management.Automation.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):370432
                                                        Entropy (8bit):5.752232965351255
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:F99F66AEADB42BDF3E204D87CF204390
                                                        SHA1:9D269889EBB3DE23A11E06E25FAEF98E40213209
                                                        SHA-256:ABD78A8646A1BA99D450FD6CD0197C58CCA1F4E7A6A9295D777540E196BB6D46
                                                        SHA-512:BE8BC9A33BB549709465A3A8A0F5DD2D6FF1EAC581B310D5EC3E046504DED5BC469E168A580921495F74DA4918F65E30AE31893B3FA23AF07CDBD4E3655DE841
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...kI.U...........!.....`...........|... ........@.. ..............................+.....@..................................|..S........................'........................................................... ............... ..H............text....]... ...`.................. ..`.reloc...............p..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\auxiliary\WeModAuxiliaryService.exe

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):968592
                                                        Entropy (8bit):6.23901624455466
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:74BDEC2A1B6EE5CC7276F47D13EDC48A
                                                        SHA1:71A8A2B69CB0E4F333812BD72FD06CF6E1A3B61E
                                                        SHA-256:7FB226A4B4C6F72314F74BD5F667D678BB3B2C2D5D76C0C9B1B4A8FA0799FB19
                                                        SHA-512:A0798582456212C55A74C1DFA059148726601440F7D64C5957EE5FC8FC14368017FF4AF6D99295B8CE651A38BF3D086EEF46F78A1FFF7008552CF6A2E6984E30
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....F.a.................@...l.......^... ........@.. ....................................`..................................^..W....`...h........................................................................... ............... ..H............text....>... ...@.................. ..`.rsrc....h...`...j...B..............@..@.reloc..............................@..B.................^......H........7...'............................................................{....*:.(......}....*.(....o....*vs....%.}..........s....(....*....0..$........(.....(.....s....%r...po....(....&*.0..v........9.....o....:....r...p*s......o.....8#....o......r...p.r...pr!..po....o....&.o....-.......9.....o........o....&.o....*........$.5Y........(....*2.{....(....*....0..........s.....(.....(.....9......:.....d*........s?...}....(....o....~....%:....&~..........s....%.....(...+o.....85

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\icon.ico

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:MS Windows icon resource - 18 icons, 16x16, 32 bits/pixel, 20x20, 32 bits/pixel
                                                        Category:dropped
                                                        Size (bytes):285969
                                                        Entropy (8bit):6.078234387136982
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:34EE19CCD44F31CD831DC50920F19890
                                                        SHA1:24545D2F4741FB5A4649840486FFD3597B7ADE5B
                                                        SHA-256:136CF9B3A30268D1D439DF7B9FD9104CB1D83BE7FD2B562C3E9A47450AE0DF3D
                                                        SHA-512:DED8ADE93C143DC8ABC7A76B03B4015A8637B2EE13B85DD70655D5857289F19EBEF76562EACE56A3AD3C2418FAB5305BB0B6CADD0A412DDB781B8F496E82C74A
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............ .h...&......... ............... .....F......... ......... .... .....~$..$$.... .....&5..((.... .h....J..00.... ..%...e..<<.... .H:......@@.... .(B......HH.... ..T......PP.... ..g...[..``.... ............... .(...FX........ ..'..n`........ .-2............ ..@............ ..b..T...(....... ..... ........................................... ...$...)...-...1...5...:...>...B...F...K................... ...$...)...-...1...5...:...>...B...F...K..yO..sR........... ...$...)...-...1...5...:...>...B...F...K..yO..rR..jW....... ...$...)...-...1...5...:...>...B...F...K..yO..rR..jW..c[... ...$...)...-..........x...>...B..............rR..jW..c[..[_...$...)...-...J...............r...r..............}l..c[..[_..Tc...)...-...1.........................................[_..Tc..Lh...-...1...A..........................................^m..Lh..Dl...1...5.................................................Dl..=p...5...:...............x..................................=p..1v...:...>.............yO..r

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\lock.ico

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:MS Windows icon resource - 13 icons, 32x32, 16 colors, 4 bits/pixel, 16x16, 16 colors, 4 bits/pixel
                                                        Category:dropped
                                                        Size (bytes):119118
                                                        Entropy (8bit):3.0257464071704376
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:72C021946D5FE27CFFDFBEE9F967FB86
                                                        SHA1:CC857C464DFBA1A768AC3E5A15C7A69F1F43F560
                                                        SHA-256:AB5E433FEAE115AC9515DB22C8F6C0738CB6150EE10BB119E744EC66305200F6
                                                        SHA-512:61B22F8F42491A735AEE28FFEA324D73FD75361BCD2F06C06DB836DF1E0EF3C513484E71F376D1107EC3D50AAF36ADC2E325FA10DC54BCD77B29892DCFB212DE
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:...... ......................(.......00.............. ......................h...6......... .(....!..@@.... .(B...)..00.... ..%...k..((.... .h....... .... ............... ............... ............... .h.......(... ...@..................................................................................................vvvvvvvvvv.....v&&&&&&&&&&(....&&&&&&&&&&&&....bbbbbbbbbbbg....&&&&&&&&&&&&....f&&&&&&&&&&&....&&&&&&&&&&&&....bbbbbbbbbbbg....&&&&&&&&&&&&....f&&&&&&&&&&&....&&&&&&&&&&&&....bbbbbbbbbbbg....&&&&&&&&&&&&....f&&&&&&&&&&&....&&&&&&&&&&&&....bbbbbbbbbbbg....&&&&&&&&&&&&....f&&&&&&&&&&&....&&&&&&&&&&&&....bbbbbbbbbbbg.....bbbbbbbbf&p......bh....v'........v ....v ........r`....r`........v ....v ........v(....v .........&....b`.........&p...&p.........&g..v&..........v"bbb`...........f&&&.............vw....................................................................................................................................?.(....... .................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\time-limit-toast-icon-1-hour.png

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):16164
                                                        Entropy (8bit):7.981879008141911
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:AB305AC37025C80398782737F33E7604
                                                        SHA1:E709DC55D7FB17B454EDE8DE3612D182D82664B8
                                                        SHA-256:D8D156B0500B8BB67A16879796B2278686B4FE8E9E9FFF535CC13BF0E0E6F576
                                                        SHA-512:76F25FEF3B55D8688F98E64A9CF8A7CC11146130AA673132F8536FC3EDE2FE51391956781C63DE3465965DF0DD96F46DF995DF0B71E86405636D3EB0E3767448
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:.PNG........IHDR...d...d.....p.T....pHYs...%...%.IR$.....sRGB.........gAMA......a...>.IDATx..}..dWu........4.n...!.!$....d.O(....6^..........a.,...........#F!@B.....D.5......9{.s.....A....M.^.s.9...-....K....4.-.akZ([\.[].[s......(..?v.-O/....{...m...w...........5..q..q..........|............m.>.o..s..R.~.,..C.k....{Y,q...)......[J%..o,._*.}...'|.)/......Qp....c...}.'..7'...!e.. #...oc.{.c.3.;|.?e........sa....>.....!...+..yw...s..>v..!.?4.......c..R:>.p(F'..k........t.;A.%.B......^....t~.>?...h.j.......>!.w....._....~...<d.......&y....a......%.$...G..'H.LQL!q)a.s/~.t...W.!FqK..V.[.+..$.y.......`.=m..` =...w.q.*...........m?`......ny.-../k.K..L.s`d..w.2<%..2l2.9N..~'..Ag5&...x.P.FL.J}..'...:.H5.7....{W...4...x...2...{>....&...3.x......A....c.~.z.O.a.2^..D#...GSD.......,..1x.t.o.!.j^.#J....C........u.m..2{.....]}.......>....>.}/;.o.....t.{......x....l=+..D.g..Cd.1n...Y0N.["......Rp...>..k.../.#'y=^...fy.`..R.xU.....E.'.........[..dZ.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\time-limit-toast-icon-2-hours.png

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PNG image data, 101 x 100, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):16609
                                                        Entropy (8bit):7.981919799763926
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:3744E990E4F8C21AFAC7300D59B3848F
                                                        SHA1:FD4FEDC9640E3EA267EAAD3EF858C242161E0A01
                                                        SHA-256:9A9A3A7A23D8662915D204D828C6C63886DC87FDB55765366629F441C441624A
                                                        SHA-512:2CB2E5BE4AA6631BF6D4F2BFAF4DD640B8D37B488585E6B21B96ACA680AA70E13C2BFBFB013C065AA5A1A5FA13AA772712EAF7CBB4E0D2CD97A33EFCE5CACB90
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:.PNG........IHDR...e...d...... .j....pHYs...%...%.IR$.....sRGB.........gAMA......a...@vIDATx..}..lUu....{.}.....*. .*QD.!.$.M...L:....|.'..$..[..6...&&&.h4h.A"..$.."2. ..T.w.._k....A....[U..N..Z...P...p...?...9.,....m..nJ!o.>...s......{.>...v:Wn..v....p.[.\._s.N..>...<~|....{.Q......+_).s...7E..;/..Z'_Bp......C.C.."...C.z...\..P[.B...U^..9...9...x.......r....w..G..?*..O...M....m/+.. r.-.9.M.Jrz......V......?!.m...P........v......_...wT(.|...OJmsD...\O.X:.{'+.E ..X.!.N@....Sc....W..olH+.z?^.k.U......1..gx.Yf...o..At..s?|.W.w....._.._..c.!.[...<.Yy.......E.I..._.B..._...hM.\^,.....-.KE.w...R){..Z?..LHj.x....H./....}'.{p.?........*.....6......VO.#.>..Oh.. k..#..->V+xhC...W.7.*...WbI~m...(BUm.k....xjX.[@.Dj..*.I*....W...j.......7.{.ns..."._>.....-.Y.../4O..=....dw7.$q..L.r...K.............W...-.g.x..}37...\yh ...2Tof........c..?......\..=....q>~.......}~T>.qQ.....&-...._|...a;.~.N ...$..e..q..P......tW...3..&}6d..o.o.Wr...#...D..

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\time-limit-toast-icon-3-hours.png

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PNG image data, 101 x 100, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):15533
                                                        Entropy (8bit):7.977844587009699
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:A2C062FF859593308403959488E512B0
                                                        SHA1:54A5F56B306F4FFC6386285F4B104254BCD05BEF
                                                        SHA-256:B7F14324DD9570C3E19907B20561266407B0A1C2238A60432B4C4C22DDD0B3E1
                                                        SHA-512:FEA762D94C6C017A5629E037C70CD8E4185BBE865A4F2C45FBE1EFBCDA6AE79406E16075AA632253C8BC5EFB0C9C6A05BFB1F66CEAC52469B5CF81FCCC67B150
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:.PNG........IHDR...e...d...... .j....pHYs...%...%.IR$.....sRGB.........gAMA......a...<BIDATx..}..lgU.?.Su.{...CB...&@...B...(,e..BA....N8-W......E..n..O.i...!...a..DB..2>.t.s.....o..T...KHB<.rk8u.j.....o...w.....?..yB..{....].B..}\/.'..|..7.....B.>..>......)...!|..|...w.%...{...{...>.......S].O(...9d....|.....K...R.<-...s...w....i>...Q......C....e.o*.^..._q...K......c.........=[V.9..!F.Dr...'...=D...X..A.R.Rx..>....P..%..ZM..$....,.E.A4.K*....~.O?pt...|...:.e>..J.....t.qQj..S.....D....b.)..!.!.M@.r[..i1.....S?........I9U...p8U....s...&..(....=.L..J......uM.....;.........?N..!.W...<..<.&b.;..5.KX..3Y.. +<.PL)...2mD..1....PG../....b..j.E....2.F.".E.N...L|...9..OC)W....Yn....GY9..R~.?..f/..tgz.G.s..JLh.. ....x..yJ....(B.'a.eQ.V}..........2...S.....f.........@.d...Ba........[.}...K.....GE)?..>.g..a...I<..[C.....}#...._#V.d.;...ED..VD`.. D.U...*+^.......m/....D}./........<.T..&W..I,'.z.69.[.....g...GX9.=.....Ok..._.7=.+...@>...%.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\time-limit-toast-icon-4-hours.png

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PNG image data, 101 x 100, 8-bit/color RGBA, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):15767
                                                        Entropy (8bit):7.979650192262611
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:4846DD4ADBB6F8BC820B3BF0DF4A8C0B
                                                        SHA1:A9518AA9E4DF14C58B4737381EE1F970F0C7F59E
                                                        SHA-256:C235B332B557BA8954010D6E493CA3EAA892A1CDAF054156A7E25773B70642D2
                                                        SHA-512:BC00CF2DA8359EA0812BF2D7149B3952C15771A63C09635F76B5036C9045388CDE35AA54D364ED1B5AA0635058DCBC446253BA91521E9DD7121D1E8C67498B34
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:.PNG........IHDR...e...d...... .j....pHYs...%...%.IR$.....sRGB.........gAMA......a...=,IDATx..}..mUq...>....}..... .2(..%.(.56iM....C.I.Nk.uLb>.Mh.K......N.....EQ......A..1.....Z]._..9 .......i..jU._.U......K...wTG........]H...s9.........}.s.;........%.B..w.N..k........~.$>.{..?......i]......>oL!.....>.u......k~.e....{. .*_Q^E.....]r.Zy..[6<..W<.=7.'..Q.O_..G.]}...i...C.....E8....o!yS..R........gXF6Mx^.z....;....DU..V.....6...^......]U..]...x.............6N$...).6.....bT..b>.w..k.Yx..w..=^*97c6..7.U1......N....I........pT.p....9.YnO......V.....9.... .H.....*..\.....a5!f.>.-.....O..T.tZ.S#"q..L...K.....0...s..W....6..V....w\.w.+n.....^.'^(RV.\...c..........)..LE.I..E...2.N...O%PO\.......5....R.%W..E. ..._.........'..S.......{...M.Zn.Of.v.H.o.}.b.U.].UtT..Y......,gq?.aE.+b!.....'...'r.|..=`T9..h:....>..QKS[2.._....SNp....W}...Q._'...QD\QLX.-.p.R.Z.~J.C;AB.nw...q..Ax6<.J..Bj...ow..0......%J5k.L|.......g.kV.F.3kc..$^.<...r.+_....q..g_

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x64.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                        Category:dropped
                                                        Size (bytes):2420224
                                                        Entropy (8bit):7.95394992241358
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:C3022F755CEB32B51FECF5620DDB9F87
                                                        SHA1:553806605650004D1C1D0E3008EA44C06053E946
                                                        SHA-256:F457972222720554D7FB6EB928751964C492A6EDAC739D2B2A106E35E66243C7
                                                        SHA-512:B1450E0BB0E67CC04D0484B7C6E14A47B64F38D8130C385EE4E955ED96E5F4F617FEDB137C47046A8DFBB2BAC5E185DF94A5C32589B1D56DB933880CB01F4E9B
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....8...\...1..X.?......................................Pa.....v.%..............................................`.......p..............\}=..B....$..(.......................................................................................... .8.......................... ..` .\...P...H..."..............@... .........t...j..............@..@ .B...P...(..................@..@.bss.....1.............................. ............................@... O...........................@... ............................@..@ |.... ......................@... .,...0......................@..B.edata.......`....... ..............@..@.idata.......p......."..............@....rsrc................$..............@..@.wemod... 5..........(..............`....boot.....!...?...!..(..............`..`........

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\CELib_x86.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1910392
                                                        Entropy (8bit):7.937130389588111
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:F793ACAD87F2C1E0CFAEF0026FCB06B8
                                                        SHA1:A8A19A53DDC6EBF87C8BA67AE82FD9D7D02F9B11
                                                        SHA-256:92B4B1461D3C30CBD70227ECAC39BED472A98F9532169689EB062BC39045E374
                                                        SHA-512:00CD9310185AF0FEE609BA1663BFA83F37C774913BAA9A0B73A44F67A9045D3522D2BD4D74E92F19E846CA237095ECF9938B2C1FDDD674AE99B55493A3EB0282
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....k.......+..X.0.......................................J......[..................................................|...............x........................................................................................... .k.......................... ..` .........D..................@... .].......L...,..............@..@ .+...........x.................. .....0.......x..............@... .....@.......z..............@... .....P.......|..............@..@ |....`.......~..............@... .P...p...2..................@..B.edata..............................@..@.idata..............................@....rsrc...............................@..@.wemod....(.........................`....boot....P....0..P..................`..`................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerHost_x64.exe

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):10640
                                                        Entropy (8bit):6.534949394646193
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:3DCAA4F07D3E4487227D3F1E4F497EDC
                                                        SHA1:39D4B51D88163281A10B7492C5C244C3B438B3DA
                                                        SHA-256:2FBA84D9E526390C0C7F52AEEFC6C91EADCC7092595586DBBB32D5FE5C72A421
                                                        SHA-512:AD421C54473FF677D52263A4E4793C99B46D619A612788A4F2C447B8FED85402213C688475496A0F52E9FE956981F55037024BF247AEE0EE26019379268F508D
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...P.~..........."...0.................. .....@..... .......................`......p.....`...@......@............... ...............................@..............................L&............................................................... ..H............text...h.... ...................... ..`.rsrc........@......................@..@........................................H.......T ...............................................................s....(....*BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID.......(...#Blob...........G..........3......................................x...............Z.....!.....0.....I.................A...........&.....`.....5.................{.....T.....q.?.....?.....................[.A.....H ........).....................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y.

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerHost_x86.exe

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):11152
                                                        Entropy (8bit):6.370383920363754
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:4549F8EFED03137A117AA124D71B3A29
                                                        SHA1:68E78DCCC51CDD5F4D4F402399D7CE290BEAB7C7
                                                        SHA-256:71F190395AB04A78B867FF0AB46028DAAD509CDFC09BBDFBECBC8AF3E406C7F0
                                                        SHA-512:FE1AC20AB320C538471EA1C122CDF8661C4DEC606D162824261358C7ECA7A1F7C2048FC460BE063EF241678CEB7AE88DE33ABBF9C8C4CA9E5B271B5B417A5EDD
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....PE...............0..............&... ...@....@.. ...............................0....`.................................p&..O....@.......................`......T&............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................&......H.......\ ...............................................................s....(....*BSJB............v4.0.30319......l.......#~..8.......#Strings............#US.........#GUID.......(...#Blob...........G..........3......................................x...............Z.....!.....0.....I.................A...........&.....`.....5.................{.....T.....q.?.....?.....................[.A.....P ........).....................).....1.....9.....A.....I.....Q.....Y.....a.....i.....

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerLib_x64.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):3659776
                                                        Entropy (8bit):7.946438740296683
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:60A0CE176A0932F5D3079B8068C39604
                                                        SHA1:65CBD1A939F5CF97910958A76FA4D191968CA129
                                                        SHA-256:BF1B0B2D090CD13FAEB2BB7DEB78439D28F032D3A16F0D9EF8E2105C2A060681
                                                        SHA-512:CAC2426BA0D6AE2953CF1A947366E468967EA8A123F9478BF741796C7699114057254745CA0C9E3A7351DA2DFC44224102C404D4ADA49B2BACFCD794F9BAC5F5
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|]m..3>..3>..3>.e0?..3>.e6?8.3>.e7?..3>.b7?..3>.b0?..3>.b6?..3>.e2?..3>.O.>..3>..2>5.3>..:?..3>..3?..3>...>..3>...>..3>..1?..3>Rich..3>........PE..d...6C.d.........." ...%....."......X0_...............................................8... .......................................... ..I...h0.......@......T.].<B....7..(.......................................................................................... .........n.................. ..` ^............r..............@..@ 0...`.......(..............@... $B.......&..................@..@ \............T..............@..@ .............V..............@..@ .............Z..............@..B.edata....... .......b..............@..@.idata.......0.......d..............@....rsrc........@.......f..............@..@.wemod....G..P.......l..............`....boot....D4..0_..D4..l..

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\TrainerLib_x86.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):3564032
                                                        Entropy (8bit):7.937845544506205
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:0396168D5B63CE237459B93D3777880B
                                                        SHA1:21DB0EF233A96028E8BA246FD8D349ADFA359D1E
                                                        SHA-256:4C7D7260818A7699EF02DA6F4ACEBB19F738DFBCD7729293BBC6CBA33685377D
                                                        SHA-512:BF00B3D5ED6BEAC053943112C38CC22D7CC8CDDF6B5F0E0102C25E56BF70C5060FBE3E014D6230DB92233B7FB67B10135808D827852BA144040C835F577721D4
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6..`XB.`XB.`XB..[C.`XB..]CS`XB..\C.`XB..\C.`XB..[C.`XB..]C.`XB..YC.`XB.2.B.`XB.`YBP`XB..QC.`XB..XC.`XB..B.`XB.`.B.`XB..ZC.`XBRich.`XB........PE..L....B.d...........!...%............X.Z...... ............................... ........6.................................I...h...l....................:6..(.......................................................................................... 3........&.................. ..` .)... ...x...*..............@..@ l!...P......................@... ............................@..@ .4.......*..................@..B.edata..............................@..@.idata..............................@....rsrc...............................@..@.wemod....D.........................`....boot....Z3...Z..Z3.................`..`................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\stub\TrainerLib_x64.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):15992
                                                        Entropy (8bit):6.159143081804694
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:B5B4B140EF1491DB0268643A8CA38801
                                                        SHA1:62AA81588955EF587FD904FD5CCA307CADE22F3C
                                                        SHA-256:62482B67882023089F371A678B5ED9111D46CCDB8C4B24DB26159D5FD7CC49F7
                                                        SHA-512:4DEAB14D722C24DA319A2AB2C70F13BBD81257F15F266692ED03EA4E3400BC307671F80938988448267C412BCDDD2692F8C8275C82F60897743321F3D79C8F6F
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W..f...5...5...5..V5...5...4...5...4...5...4...5...4...5...5...5...5...5...4...5..:5...5...4...5Rich...5........PE..d...D..].........." ................ ........................................p......o.....`.................................................,&..P....P.......@..h...."..x....`......P!..8............................!............... ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....pdata..h....@......................@..@.rsrc........P......................@..@.reloc.......`....... ..............@..B................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\trainerlib\stub\TrainerLib_x86.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):15480
                                                        Entropy (8bit):6.340684936805414
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:E78825B0A9B5560382F87DC11A51479A
                                                        SHA1:407DEF99C1AB4D547994F5320643C50BFBA61EED
                                                        SHA-256:12C91F0B09C2E567AD0071D9DE94EC264723D914D76965A2C8972C0AED548CCE
                                                        SHA-512:F6D29F689027E536C7C110618303C919F4B57730DFF9C35C54CFD0758B2AA6FE31B484238DE9F1904E0D6832D2262A20B07268FA9CD906C96DF3A60B5FB86295
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._L...-...-...-...U]..-..J...-..J...-..J...-..J...-.......-...-...-...@...-...@1..-...@...-..Rich.-..........................PE..L......]...........!......................... ...............................`............@.................................,$..P....@............... ..x....P..0.... ..8............................ ..@............ ..h............................text............................... ..`.rdata..4.... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..0....P......................@..B........................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\tray_dark.ico

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                        Category:dropped
                                                        Size (bytes):5430
                                                        Entropy (8bit):1.7396903820461578
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:686CBB68B0D3BBD1568C18C63CAE5511
                                                        SHA1:1FC363E31A9B36DA2C133A4862242635F8CC3CA5
                                                        SHA-256:709B1D73373C54AFBB26F826CDD5173571CAA4EC1EB6CC46F12DE5805BE4094D
                                                        SHA-512:2AE702CEA8E0F8A69716C191F7296705AFB576A7BC5EA0CC3973DDBC8C6D8A266DA6933DD0B6148AFEF091538D70C8ED9D0C6389D85F501C3CD4C7ECBB8A93AB
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:...... .... .....&......... .h.......(... ...@..... ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................*...=...................................................=...)..........................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\resources\app.asar.unpacked\static\unpacked\tray_light.ico

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                        Category:dropped
                                                        Size (bytes):5430
                                                        Entropy (8bit):2.3693180645950993
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:72F68A61C825E80E01793802952CA163
                                                        SHA1:8E3F67B073E38E5F91B9C4290EBDAAA4C9AA200B
                                                        SHA-256:31DAE95ACA9C6BD0F9022942B98E556EC0B7041FF277F97AF637461429261960
                                                        SHA-512:D1CABEBC5CCC9357AF066D0D25D9458A93CA7E7F0D0EE71F7A41AF54888673921EBFF30152F8588081BFC4DA7194DB7BF62DFDBC350DBE31CA3DE37B4B6CFD48
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:...... .... .....&......... .h.......(... ...@..... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~.............@@@....f............................@@@.............uuu....................................................ppp

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\snapshot_blob.bin

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):300024
                                                        Entropy (8bit):3.9723165017241957
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:695CB675C0C33F09F6C6019579AB492B
                                                        SHA1:D14281484D915E0192BA4B92608D8903FDDD277F
                                                        SHA-256:3121F179E50D7825795CAA68E722E996F794E17240AD6EA0AA94BD065E05AA13
                                                        SHA-512:2B1F9C2E722C8FFC561BBFF34DC169D20A0807EC5AA8C085151ECFDB79C3A2E3E6DF40490BB11A35F411C69EBD8D77C9E37AA75D0EDABE998161AB6A1E2139E7
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............10.8.168.25-electron.0..........................................p.......D...........`....`....`....`b...`....`............D....m.`$.........D.!..].`$.......D.%..m.`$.......Y.D.)..m.`$.........D.-..a.`D.........D.1..m.`$.......%.D.5..m.`$.......D.9..m.`$.......D.=..m.`$.........D.A..e.`$.......D.E..m.`$.......D.I..m.`$......ID.M..m.`$.......D.Q..m.`$.......D.U..m.`$....(Jb....D.....@..F^.!...U`....`.....(Jb....H.....@..F^..@`.....H...IDa........D`....D`....D`.......`.....D]...D....D`.......VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa............L..............................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\squirrel.exe

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1936128
                                                        Entropy (8bit):5.952796721026319
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:7331D1B5732B0CF12C8B58B56E6BF220
                                                        SHA1:D7127E66F4AAFF0752AE6020BC4922D18119166C
                                                        SHA-256:D3E4CCD5C431AA6A35545350D9344154960E8340D20B12EA0C46134A042C1AAA
                                                        SHA-512:D86936CADE84088ED5895389DA06003A11A25B82230BB84CBBAC52481E7192F36F672BEED29CF9C1100AB54F5A2B50D51D9450665C5C4FFB307B8D7B751BC513
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ia.....................p......>.... ........@.. ...............................%....@.....................................O.... ...l...........d...'........................................................... ............... ..H............text...D.... ...................... ..`.rsrc....l... ...n..................@..@.reloc...............b..............@..B................ .......H........U................................................................{....*..{....*..{....*r.(......}......}......}....*....0..Y........u........L.,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*.*....0..K....... .A. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*....{....*

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\v8_context_snapshot.bin

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):599880
                                                        Entropy (8bit):5.077889547511462
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:B32CBC4A5FF34F441E8E0C264AA61849
                                                        SHA1:435D88A3E50FF85B6030C4C6E8918161FA340201
                                                        SHA-256:4F72C7B625B64D38F819A970CFFF5921FF4080E27DE84B00B9A7CF8BE15277C5
                                                        SHA-512:7C13EEDFAB9FBA821D5A26E5BA81444A84B48AFF13A7CD508C03F7EA113997C2EDF7126E5547E16FB3E98A942F0070A5D597C25971AFBDE92B46125085B57B4E
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:.........s=10.8.168.25-electron.0...........................................~..xx...L..4...L.......x~..`....`....`R...`b...`....`............D....m.`$.........D.!..].`$.......D.%..m.`$.......Y.D.)..m.`$.........D.-..a.`D.........D.1..m.`$.......%.D.5..m.`$.......D.9..m.`$.......D.=..m.`$.........D.A..e.`$.......D.E..m.`$.......D.I..m.`$......ID.M..m.`$.......D.Q..m.`$.......D.U..m.`$....(Jb....D.....@..F^.!...U`....`.....(Jb....H.....@..F^..@`.....H...IDa........D`....D`....D`.......`.....D]...D....D`.......VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa............L......................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\vk_swiftshader.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):4496640
                                                        Entropy (8bit):6.660639055191881
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:A2F3D86AECFE4FC20B1AA826CEC98078
                                                        SHA1:4D59AE24D494EE564DADF15C0DBA436E00F4A3BE
                                                        SHA-256:DB9A5DF7C33391FEAAEE608B1F383C0F0F56DC10DE965EF9C846FD7FC1E74FDF
                                                        SHA-512:8D72A0BB8F86AF2F628B38ECA518E897BA660FEE2683300004F6ACAFCFD52D738597B14B3D925D97A81CC1D6CE1D10289DDEA3A24A8A598F4CF035C0C30EBD6A
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....8$e.........."!......6..........&1.......................................E......hE...@A..........................@......@.P.....C..............vD..'....C......H@.....................dG@.......6.............8.@..............................text....6.......6................. ..`.rdata...4....6..6....6.............@..@.data....O....A..x....@.............@....00cfg.......PC......TB.............@..@.tls....1....`C......VB.............@....voltbl......pC......XB..................rsrc.........C......ZB.............@..@.reloc........C......`B.............@..B........................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\vk_swiftshader_icd.json

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):106
                                                        Entropy (8bit):4.724752649036734
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                        SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                        SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                        SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                        C:\Users\user\AppData\Local\WeMod\app-8.19.0\vulkan-1.dll

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):803072
                                                        Entropy (8bit):6.809622241691759
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:FBFB21B42AD212D93F3F47715534FCD0
                                                        SHA1:B740947F7430C6C501B442DDD4D74F93DD045679
                                                        SHA-256:080F0C7182DCF622FD9D6FFCE1DCFCDB590B29912B61FE9FEB7F0C760A5A4AFB
                                                        SHA-512:F9D6398E3BFDAE580546591DD8FD73C88B2C307698337AAD13A9F7A24B68AC6B287ABD41B77FF85F49CC71C676F8214408AFEF210094E503C4029EF35EFC43C5
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....8$e.........."!.....:...........8...............................................c....@A............................<!...P..P........................'...........................................P..............DR...............................text....9.......:.................. ..`.rdata...5...P...6...>..............@..@.data...H5...........t..............@....00cfg..............................@..@.tls................................@....voltbl..................................rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\WeMod\packages\WeMod-8.19.0-full.nupkg (copy)

                                                        Download File
                                                        Process:C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):0
                                                        Entropy (8bit):0.0
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:29E758ECE3084E87314D6D2847F21102
                                                        SHA1:CC82F8C1F680794A9AF2896FC5C5AA7E7594D57F
                                                        SHA-256:1449815C9BEFB3D679C2F143897E255D0347F73D78B19A7E78F7FE8404ED279E
                                                        SHA-512:48911802DE8967AFE889384606F8F7A78E5351657F657232822C12B240D7E3025D14F35CAF4CCBAFDD3703C3F7DC67DA444AC19BC3F16F6318E045E9F2A4CB7D
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....ia............................>.... ........@.. .......................`............@.....................................O.... ...................'...@....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................ .......H........U................................................................{....*..{....*..{....*r.(......}......}......}....*....0..Y........u........L.,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*.*....0..K....... .A. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o....X*..0...........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*....{....*

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 13:40:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                        Category:dropped
                                                        Size (bytes):2673
                                                        Entropy (8bit):3.980102314987869
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:2E603541CB45A8C1D04572E0BEFCAF0D
                                                        SHA1:AF598F2C42146740145735EE196257FCA372FC9B
                                                        SHA-256:47B8EE5C9007069606C1516E8071364084058C2CCF108BA19006E2C0213832D3
                                                        SHA-512:52DBDE592FEDFD0BEFCA3E9BD684961E3804C771B592745A87A550F95DBA0DEA1FAEAA5578773A3786F2BEB24C8A2DE970A669E94E7DD019BA949FF81BA263B5
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:L..................F.@.. ...$+.,......?....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.t....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.u....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.u....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.u..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.u...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............J.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 13:40:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                        Category:dropped
                                                        Size (bytes):2675
                                                        Entropy (8bit):3.9958254663000337
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:F233EC00C9E45F35CC8EE6E25703ECAD
                                                        SHA1:2DDF7382D15FFC4222F4D39B0FC3DA786C841DE1
                                                        SHA-256:51EFE50E266121B0C748B1A9F2C875DE29E4CC16D308075028632F7F6CD4456F
                                                        SHA-512:3C49C1088981320E2D5E107D2819FFB59D7861CB63DDF1EDCBC1D2A02E1870115EC03AA4E7CD14E5EF28975B50CA00F8DD08C07E6A12AB4F7695B2DA891184A9
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:L..................F.@.. ...$+.,.....;(....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.t....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.u....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.u....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.u..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.u...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............J.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                        Category:dropped
                                                        Size (bytes):2689
                                                        Entropy (8bit):4.001713853183313
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:E2353178C29658C0DF380BFE965F00AC
                                                        SHA1:2D64BC5C6E166808C5764668D9A55B80208197D6
                                                        SHA-256:70EA7BC2CDE5A48F404FE9EEC7BFE09554FEF9FF23FB9D285D9D2B0F0D8BF23E
                                                        SHA-512:01E2938C0683C7549FD3DBFBF93B04B03595C76335FA24B8E128AE4326636200D5C1D6105712A1F69160A432C1B0E42175969FD7B89F539D1CFC965B272A7543
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.t....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.u....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.u....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.u..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............J.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 13:40:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                        Category:dropped
                                                        Size (bytes):2677
                                                        Entropy (8bit):3.9923473988715066
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:8071CB2CBD6E44AF4203DD7249A5C0E6
                                                        SHA1:188958CC0B3461E90E192BC8CEB2A721F2E0CC45
                                                        SHA-256:2B75B3E04CF892E27C94EDC0F170E3EC9589317260B9B4F897A31051ACC8D0CF
                                                        SHA-512:4887694725EC2F60C5F6B78AA4BF9915CE2345BC50A332B53661E098CD45DF91B3B30B138D76D91867A9BDEFA98F7FD3CAD32622D09B714C4FD70EEF10B142A8
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:L..................F.@.. ...$+.,.....G.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.t....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.u....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.u....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.u..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.u...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............J.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 13:40:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                        Category:dropped
                                                        Size (bytes):2677
                                                        Entropy (8bit):3.9816566488977654
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:B4739D0D3F9C435B47E0F27155E22430
                                                        SHA1:33D090725DC6CD5EADED82547F52A4668DF6BBC9
                                                        SHA-256:5B609C1BEC6162D8701D7B5061446B112AD4CD17F6E5C8D783D9E28D2EE6BA75
                                                        SHA-512:84FABE73ABF1914C0FF32CF2EE09D6A9B203A653909D26568DD3641341EDC798DEBA6CFF414E15062C81E5150541C418924D3D3648CEFF0FD33F5E96A494E6DD
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:L..................F.@.. ...$+.,......9....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.t....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.u....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.u....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.u..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.u...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............J.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 13:40:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                        Category:dropped
                                                        Size (bytes):2679
                                                        Entropy (8bit):3.990839416609886
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:1383EB9939A5DCCA1BEEDEB4E3C60FE5
                                                        SHA1:9D118FE5EA60A2A96F26EEB73E516A6E8064114E
                                                        SHA-256:6177F7103768B6F7DCCD7DBC63619CDBBC2B4801BC7C9983475A485BB592EC86
                                                        SHA-512:6C160F144F6FB9D3B0493CD08DCFF1FC1AC257C2D8F1F87BE89E776FFF9DD9E5B8CF08ED502E7F34AC107614A18333B3AD0CB7215A3A1B9AE5F1F6BFBF514C0B
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:L..................F.@.. ...$+.,....*......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.t....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.u....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.u....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.u..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.u...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............J.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                        C:\Users\user\Downloads\521db30f-775a-46dd-ae3f-68b4228ff956.tmp

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):59447
                                                        Entropy (8bit):7.302793459360435
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:47FDD46C37280664B1B2E4B5D3E5CED3
                                                        SHA1:DD56A838A8A0FFD686E23DCDA6C60D99AE7F3011
                                                        SHA-256:AC52475D5E84486F446A15536E7892BCB86AC74F9C1FDA7CA2BA0214BC506B8B
                                                        SHA-512:40B6FCC8F07F0C40BFEBA71A779A361B018CE7FD535D8A434ACE7D96415B78E37C0AC107C2BA7AEEB33846020E1F6D248E3E714AAEC7035EB62E4C475CD7C4A4
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L............................n........... ........@.. .......................`......b.....`.....................................O........k.............. (...@....................................................... ............... ..H............text........ ...................... ..`.rsrc....k.......l..................@..@.reloc.......@......................@..B.......................H........o...I......6...PA..............................................r.(......}......}......}....*.....u....}.....{....o....r...p.o....&*........%.r'..p.%........%........(....*V.......%.r?..p.(....*........%.rU..p.%...%..{.....(....*....0..3.........(....}.......}.......}.......}......|......(...+*2.{....o....*6.{.....o....*...0..1.........j1+.k.k["...BZl(....i...{....1...}.......(....*....0..G.........(....}.......}.......}.......}.......}......|......(...+..|....(....*.

                                                        C:\Users\user\Downloads\Kingdom Come Deliverance Trainer Setup.exe (copy)

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):0
                                                        Entropy (8bit):0.0
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:5A901473EED357A469CD3714CDB34497
                                                        SHA1:8DAF7DF632C7A1AD0CB73DAFA7EB998A8800B8FA
                                                        SHA-256:62BC5A0E77A97046A11B3363E61731A4A4419E9350606EF0C09CDC83E962D230
                                                        SHA-512:87348F745FA32C67F344C7071DCD0F74DD8ADAD0E619B534910DB016B1FBF5918679FF99BF308BDC82BC888A607C836FCB481461AFAAEF96EFF7EA643D24E199
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L............................n........... ........@.. .......................`......b.....`.....................................O........k.............. (...@....................................................... ............... ..H............text........ ...................... ..`.rsrc....k.......l..................@..@.reloc.......@......................@..B.......................H........o...I......6...PA..............................................r.(......}......}......}....*.....u....}.....{....o....r...p.o....&*........%.r'..p.%........%........(....*V.......%.r?..p.(....*........%.rU..p.%...%..{.....(....*....0..3.........(....}.......}.......}.......}......|......(...+*2.{....o....*6.{.....o....*...0..1.........j1+.k.k["...BZl(....i...{....1...}.......(....*....0..G.........(....}.......}.......}.......}.......}......|......(...+..|....(....*.

                                                        C:\Users\user\Downloads\Unconfirmed 468499.crdownload

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):144416
                                                        Entropy (8bit):7.3345637465971105
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:5A901473EED357A469CD3714CDB34497
                                                        SHA1:8DAF7DF632C7A1AD0CB73DAFA7EB998A8800B8FA
                                                        SHA-256:62BC5A0E77A97046A11B3363E61731A4A4419E9350606EF0C09CDC83E962D230
                                                        SHA-512:87348F745FA32C67F344C7071DCD0F74DD8ADAD0E619B534910DB016B1FBF5918679FF99BF308BDC82BC888A607C836FCB481461AFAAEF96EFF7EA643D24E199
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L............................n........... ........@.. .......................`......b.....`.....................................O........k.............. (...@....................................................... ............... ..H............text........ ...................... ..`.rsrc....k.......l..................@..@.reloc.......@......................@..B.......................H........o...I......6...PA..............................................r.(......}......}......}....*.....u....}.....{....o....r...p.o....&*........%.r'..p.%........%........(....*V.......%.r?..p.(....*........%.rU..p.%...%..{.....(....*....0..3.........(....}.......}.......}.......}......|......(...+*2.{....o....*6.{.....o....*...0..1.........j1+.k.k["...BZl(....i...{....1...}.......(....*....0..G.........(....}.......}.......}.......}.......}......|......(...+..|....(....*.

                                                        Chrome Cache Entry: 229

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:downloaded
                                                        Size (bytes):2276
                                                        Entropy (8bit):5.289920470090423
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:FD5459CDA12A98665EAC5E60DF2E46A5
                                                        SHA1:A8AAAD719A6EA612B9A38ADCB0B7F392278D7EDF
                                                        SHA-256:766F272FBF29958844EFB8E08B20F0E7D33D9C46F2889CBCFB602438B829B1BF
                                                        SHA-512:E7792E752E21EACEFF91CED2846A327BC862F1FC77E1E6B2E876BBAD98A2256F3EC2E2F38935FC932AEFFCB98807804893EB7B70F9706E49162F08FB280A9263
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/views/homepage/screenshots/desktop-bg-fd5459cda1.svg
                                                        Preview:<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">.<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0" y="0" width="885" height="594" viewBox="0, 0, 885, 594">. <defs>. <linearGradient id="Gradient_1" gradientUnits="userSpaceOnUse" x1="635.628" y1="41.655" x2="325.372" y2="552.345">. <stop offset="0" stop-color="#FFFFFF"/>. <stop offset="1" stop-color="#13CFFF" stop-opacity="0.25"/>. </linearGradient>. <clipPath id="Clip_1">. <path d="M874,0 L884,0 L884,594 L874,594 z"/>. </clipPath>. <linearGradient id="Gradient_2" gradientUnits="userSpaceOnUse" x1="616.703" y1="32.424" x2="295.297" y2="561.576">. <stop offset="0" stop-color="#FFFFFF"/>. <stop offset="1" stop-color="#13CFFF" stop-opacity="0.25"/>. </linearGradient>. <clipPath id="Clip_2">. <path d="M864,0 L874,0 L874,594 L864,594 z"/>. </clipPat

                                                        Chrome Cache Entry: 231

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:JSON data
                                                        Category:downloaded
                                                        Size (bytes):870
                                                        Entropy (8bit):4.557768118179261
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:AD809A6B9AFDA5DDE3EFF67031431B4B
                                                        SHA1:060E8CBE024196552636C951D6CDF83AEE97F55B
                                                        SHA-256:8EC44A4B321F5115D8760F193298585D8B28A26DD3190D0A3690B9E09A489A94
                                                        SHA-512:D36BDEF3595ECF8BD520C5292C2F14390D768958A26D8A2D5252D27C18EA1F3A7FCE522FE250027C98A2F0A56DC853A48396309F9A2816404CFE95DF9BAFBB0F
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://syndication.twitter.com/settings?session_id=35aae8b5275fceb67219908497f936d2cdc8f172
                                                        Preview:{"should_obtain_cookie_consent":false,"features":{"tfw_timeline_list":{"bucket":[],"version":null},"tfw_follower_count_sunset":{"bucket":true,"version":null},"tfw_tweet_edit_backend":{"bucket":"on","version":null},"tfw_refsrc_session":{"bucket":"on","version":null},"tfw_fosnr_soft_interventions_enabled":{"bucket":"on","version":null},"tfw_mixed_media_15897":{"bucket":"treatment","version":null},"tfw_experiments_cookie_expiration":{"bucket":1209600,"version":null},"tfw_show_birdwatch_pivots_enabled":{"bucket":"on","version":null},"tfw_duplicate_scribes_to_settings":{"bucket":"on","version":null},"tfw_use_profile_image_shape_enabled":{"bucket":"on","version":null},"tfw_video_hls_dynamic_manifests_15082":{"bucket":"true_bitrate","version":null},"tfw_legacy_timeline_sunset":{"bucket":true,"version":null},"tfw_tweet_edit_frontend":{"bucket":"on","version":null}}}

                                                        Chrome Cache Entry: 233

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:Unicode text, UTF-8 text, with very long lines (38752)
                                                        Category:downloaded
                                                        Size (bytes):93065
                                                        Entropy (8bit):5.182415079046025
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:824BEB891744DB98CCBD3A456E59E0F7
                                                        SHA1:57082A005D743EC4A7F928A928BD7BD561078C7C
                                                        SHA-256:173460E89E6A7244218BADAE2016F65C48A3EAE9D400802273EECA18B07336F1
                                                        SHA-512:6C19E304AF16AE43504A44EB60C542526D0D8F635E4F57AB557E93999AD608BE99C25354898EF4826DEFE63F8BA72E4D09C5EAC445EFBDE4587534CA202958E2
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://platform.twitter.com/widgets.js
                                                        Preview:Function&&Function.prototype&&Function.prototype.bind&&(/(MSIE ([6789]|10|11))|Trident/.test(navigator.userAgent)||(window.__twttr&&window.__twttr.widgets&&window.__twttr.widgets.loaded&&window.twttr.widgets.load&&window.twttr.widgets.load(),window.__twttr&&window.__twttr.widgets&&window.__twttr.widgets.init||function(t){function e(e){for(var n,i,o=e[0],s=e[1],a=0,c=[];a<o.length;a++)i=o[a],r[i]&&c.push(r[i][0]),r[i]=0;for(n in s)Object.prototype.hasOwnProperty.call(s,n)&&(t[n]=s[n]);for(u&&u(e);c.length;)c.shift()()}var n={},r={0:0};function i(e){if(n[e])return n[e].exports;var r=n[e]={i:e,l:!1,exports:{}};return t[e].call(r.exports,r,r.exports,i),r.l=!0,r.exports}i.e=function(t){var e=[],n=r[t];if(0!==n)if(n)e.push(n[2]);else{var o=new Promise(function(e,i){n=r[t]=[e,i]});e.push(n[2]=o);var s,a=document.getElementsByTagName("head")[0],u=document.createElement("script");u.charset="utf-8",u.timeout=120,i.nc&&u.setAttribute("nonce",i.nc),u.src=function(t){return i.p+"js/"+({1:"dm_button

                                                        Chrome Cache Entry: 235

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (7711)
                                                        Category:downloaded
                                                        Size (bytes):305421
                                                        Entropy (8bit):5.608313477291843
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:4151DB6D4CC5AC315AE4F76BEAADD5B6
                                                        SHA1:02D77C0CFA8772DA49D666682D99026DC36C30E5
                                                        SHA-256:F80BCE0C2798D75C3F48BEA6B791F5422BC657F92410BE0CD302F66C87A1156F
                                                        SHA-512:12F5324A0D0743162F9BBB797BF019A15F10FFE975AC55BAA8B79777B71ABC4ABF682A23391F38F7F1460B6DFF6EC279D67DD7D2D75A8CC668D7460C5E1FD2A1
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.googletagmanager.com/gtag/js?id=G-K7ZLZSR0WX&l=dataLayer&cx=c
                                                        Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_cross_domain","priority":28,"tag_id":14},{"function":"__ogt_1p_data_v2","priority":18,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneE

                                                        Chrome Cache Entry: 236

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:dropped
                                                        Size (bytes):812
                                                        Entropy (8bit):5.177157002138454
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:F47F2BA8ACB5067EAB33C724DA2BA1C8
                                                        SHA1:F6FA9E08E98DB721F70016D3421C19D1E1B8CEF1
                                                        SHA-256:8EF49D6AB7C04E529EE32B561CAE47C6173720D3DCB8445006102D9E1F7DC253
                                                        SHA-512:9F6963E90A31D1F132B5FD4CA71C268795DDC1AC84469A8C866EB8CA7A658789EBA9925CF06ED512A816CD54BF1D56739BCBF2E7B253F956016FA9B8FC10EA64
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="flag-icon-css-cn" viewBox="0 0 640 480" width="24">. <defs>. <path id="a" fill="#ffde00" d="M-.6.8L0-1 .6.8-1-.3h2z"/>. </defs>. <path fill="#de2910" d="M0 0h640v480H0z"/>. <use width="30" height="20" transform="matrix(71.9991 0 0 72 120 120)" xlink:href="#a"/>. <use width="30" height="20" transform="matrix(-12.33562 -20.5871 20.58684 -12.33577 240.3 48)" xlink:href="#a"/>. <use width="30" height="20" transform="matrix(-3.38573 -23.75998 23.75968 -3.38578 288 95.8)" xlink:href="#a"/>. <use width="30" height="20" transform="matrix(6.5991 -23.0749 23.0746 6.59919 288 168)" xlink:href="#a"/>. <use width="30" height="20" transform="matrix(14.9991 -18.73557 18.73533 14.99929 240 216)" xlink:href="#a"/>.</svg>.

                                                        Chrome Cache Entry: 237

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:downloaded
                                                        Size (bytes):977
                                                        Entropy (8bit):5.037305497839158
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:74C79E70C7F6015C1E198B235F6D5FD6
                                                        SHA1:860FA2B7AF89E0D76DCB31686CFAFC33F466E2BC
                                                        SHA-256:F6F1EB1ED026E78AA9EF4AB3F8337B405145F483D75E23B83757CFBBEF526CB4
                                                        SHA-512:035208D63CA34D6CB11ADCDD1BDD89A1B865DA581BC5C9477B4470349C665E63D9CA8016E396F56E8AF4C7ABD41AF62485DB44F95E5C345AFE84420AC49CAACE
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/views/features/save-cheats-toggle-74c79e70c7.svg
                                                        Preview:<svg width="31" height="20" viewBox="0 0 31 20" fill="none" xmlns="http://www.w3.org/2000/svg">.<rect width="31" height="20" rx="10" fill="white" fill-opacity="0.2"/>.<rect x="13" y="2" width="16" height="16" rx="8" fill="url(#paint0_linear_2433_18756)"/>.<path d="M24.0282 4.95253C24.0893 4.812 24.0434 4.64789 23.9183 4.5594C23.7932 4.47091 23.6232 4.48232 23.511 4.58673L17.6031 10.0867C17.5058 10.1773 17.4738 10.3182 17.5225 10.442C17.5712 10.5657 17.6906 10.6471 17.8235 10.6471H19.9178L18.0046 15.0475C17.9435 15.188 17.9893 15.3521 18.1144 15.4406C18.2395 15.5291 18.4095 15.5177 18.5217 15.4133L24.4296 9.91327C24.5269 9.82267 24.5589 9.68175 24.5102 9.55802C24.4616 9.43429 24.3421 9.35294 24.2092 9.35294H22.1149L24.0282 4.95253Z" fill="#111111"/>.<defs>.<linearGradient id="paint0_linear_2433_18756" x1="29" y1="2" x2="13" y2="18" gradientUnits="userSpaceOnUse">.<stop stop-color="#0BF2F6"/>.<stop offset="1" stop-color="#13CFFF"/>.</linearGradient>.</defs>.</svg>.

                                                        Chrome Cache Entry: 239

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:downloaded
                                                        Size (bytes):91919
                                                        Entropy (8bit):4.492887470684922
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:EA4D6145A6E95BDFEB3F8DF6A02B4275
                                                        SHA1:30FAB10BD5EB77D2B3B69D4B0C01D18BBBBC7908
                                                        SHA-256:0B6BF4F9D4E0769EA96B2A36DDBFB50EA5BAF90642E40C8D655DD05813445DEA
                                                        SHA-512:4EFED4C56F1C3BB4EC66E1CC419BB3EB6C9D5E5DD1AAAFF605B52F5C35CE1B805AED102F7F21C509EB1697AD6C1A77A650268CBBDCB66C80F9C7C6492549B814
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/flags/es-ea4d6145a6.svg
                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" id="flag-icons-es" viewBox="0 0 640 480" width="24">. <path fill="#AA151B" d="M0 0h640v480H0z"/>. <path fill="#F1BF00" d="M0 120h640v240H0z"/>. <path fill="#ad1519" d="m127.3 213.3-.8-.1-1-1-.7-.4-.6-.8s-.7-1.1-.4-2c.3-.9.9-1.2 1.4-1.5a12 12 0 0 1 1.5-.5l1-.4 1.3-.3.5-.3c.2 0 .7 0 1-.2l1-.2 1.6.1h4.8c.4 0 1.2.3 1.4.4a35 35 0 0 0 2 .7c.5.1 1.6.3 2.2.6.5.3.9.7 1.1 1l.5 1v1.1l-.5.8-.6 1-.8.6s-.5.5-1 .4c-.4 0-4.8-.8-7.6-.8s-7.3.9-7.3.9"/>. <path fill="none" stroke="#000" stroke-linejoin="round" stroke-width=".3" d="m127.3 213.3-.8-.1-1-1-.7-.4-.6-.8s-.7-1.1-.4-2c.3-.9.9-1.2 1.4-1.5a12 12 0 0 1 1.5-.5l1-.4 1.3-.3.5-.3c.2 0 .7 0 1-.2l1-.2 1.6.1h4.8c.4 0 1.2.3 1.4.4a35 35 0 0 0 2 .7c.5.1 1.6.3 2.2.6.5.3.9.7 1.1 1l.5 1v1.1l-.5.8-.6 1-.8.6s-.5.5-1 .4c-.4 0-4.8-.8-7.6-.8s-7.3.9-7.3.9z"/>. <path fill="#c8b100" d="M133.3 207c0-1.3.6-2.3 1.3-2.3.8 0 1.4 1 1.4 2.4 0 1.3-.6 2.4-1.4 2.4s-1.3-1.1-1.3-2.5"/>. <path fill="none" stroke="#000" stroke-width=".3"

                                                        Chrome Cache Entry: 240

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (7884), with no line terminators
                                                        Category:downloaded
                                                        Size (bytes):7884
                                                        Entropy (8bit):5.0998127410555885
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:FDF02DD038ED38DBF3C240D56262AF0C
                                                        SHA1:9C38EDFD3642747DB836A3A1F3A41328611D48B5
                                                        SHA-256:426E16D014775C77916610F675F58880874C645817ED26D01873DDE3466E6007
                                                        SHA-512:62EC1B51CEE4CD4F2CCE283A2EC2065C04208F60EA6E4A423839AA37FBD5768F9FE5A3A5959508C757CD679BECBE4A77305A05E6276E90A4F282FEDA4699B53A
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js
                                                        Preview:(window.__twttrll=window.__twttrll||[]).push([[2],{160:function(t,e,n){var r=n(39),a=n(162),s=n(7);(r=Object.create(r)).build=s(r.build,null,a),t.exports=r},161:function(t,e,n){var r=n(71),a=n(37),s=n(34),i=n(38),o=n(0),u=n(7),c=n(33),l=n(5),h=n(165);t.exports=function(t){t.params({partner:{fallback:u(c.val,c,"partner")}}),t.define("scribeItems",function(){return{}}),t.define("scribeNamespace",function(){return{client:"tfw"}}),t.define("scribeData",function(){return{widget_origin:i.rootDocumentLocation(),widget_frame:i.isFramed()&&i.currentDocumentLocation(),widget_partner:this.params.partner,widget_site_screen_name:h(c.val("site")),widget_site_user_id:l.asNumber(c.val("site:id")),widget_creator_screen_name:h(c.val("creator")),widget_creator_user_id:l.asNumber(c.val("creator:id"))}}),t.define("scribe",function(t,e,n){var a=this;return s.getHorizonSettings().then(function(s){var i={session_id:s.sessionId};t=o.aug(a.scribeNamespace(),t||{}),e=o.aug(a.scribeData(),e||{}),r.clientEvent(t,e

                                                        Chrome Cache Entry: 242

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:dropped
                                                        Size (bytes):79124
                                                        Entropy (8bit):4.604960997925407
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:865206B9B1AFD1575D2B55D215527BE7
                                                        SHA1:0262760249333F2058F60A9642C2DDBC60C97B06
                                                        SHA-256:C860085CDC808EBAF4EEDE6752D46FBA00F9DA43D56B798B0D565C76736BE2D5
                                                        SHA-512:442A0AF663D7385233E8753525BCC88DA385439341778562D23F7162EC1D875A1375EAA140865227E356525B6EA5A94CB65E05B36D184D2324662BF8C72DF617
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:<svg width="1010" height="260" viewBox="0 0 1010 260" fill="none" xmlns="http://www.w3.org/2000/svg">.<rect width="485" height="260" rx="20" fill="#1A2837"/>.<rect x="525" width="485" height="260" rx="20" fill="#1A2837"/>.<mask id="mask0_735_9522" style="mask-type:alpha" maskUnits="userSpaceOnUse" x="551" y="23" width="459" height="237">.<rect x="551" y="23" width="458.979" height="237" rx="8.34507" fill="#18293A"/>.</mask>.<g mask="url(#mask0_735_9522)">.<path fill-rule="evenodd" clip-rule="evenodd" d="M884.365 141.239C884.365 142.16 883.618 142.908 882.696 142.908H878.684C877.762 142.908 877.015 143.655 877.015 144.577V148.576C877.015 149.497 877.762 150.245 878.684 150.245H890.038C890.96 150.245 891.707 150.992 891.707 151.914V155.915C891.707 156.836 892.454 157.584 893.376 157.584H926.769C927.69 157.584 928.438 156.836 928.438 155.915V144.577C928.438 143.655 929.185 142.908 930.107 142.908H941.465C942.387 142.908 943.134 142.16 943.134 141.239V137.238C943.134 136.316 942.387 135.56

                                                        Chrome Cache Entry: 243

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:downloaded
                                                        Size (bytes):1048576
                                                        Entropy (8bit):7.999731211938268
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:C71DA32D4675F6D77EAA7A6E0BD49204
                                                        SHA1:CE5F3C08042C8AE2F24C3C1FD554CFFBF26DBEE6
                                                        SHA-256:75777482ECF3D75079D02469CD9A2E69A6179BD71AE33478E4D3D299B308A7B3
                                                        SHA-512:5A7B001FA14C5BCF733F73FE52FB756BABF0E2B5A8531A3D0BA0E9C58AB1E19BAF38102469CD6E2D8CF2C6D9CC82E4BF9EBF3DF1CE4151B323C77F853C81073B
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/views/homepage/background-all-29a095a620.mp4:2f759729ce1067:2
                                                        Preview:>.'i...4.k...R..s...yo.F....g..H.3FO.n..u(j.b..ageyAq9.wWq(Qg.H.Lm.Qh0..m..{)..^...t...M...Od-....m.;<...M...}.N..dvc5.x.O.Y...........,z-..4.F.q.{..Y.kA....L...CL[H<.P.!... ...y."...8.@0-b..6|b..X.{.U-L.}Z..D ..L.x.e....yc.....s15.'....,..l."\.9z....M.s._...8.W....x.B...S....@.`4..Bc,.*...H..t]M/.M...\D....E..9t....:R...fl0....f...VN....D.jg.n......H..!.....w"T....)......+....~ut..@.(qkn.GE.pW..pF.EJaG9..(.8.....KB..Bh...,.#...V2.3L7...h........A.(..Jq.^6....i..&..1.l......~..).........1...G...(>(..5'.....})N..JPL.U.k..........p(....&..2...$k.+sMk...2.........._..&...Wf.j.?....w...........q_j....c..K;...G..#...~?;...,O.;J...P....5...%jP>.M.}y...I....N#.z....f....1.../..k.T|.....":{.....<y.6L.c....'.F..2u.a..\.}.....D.a"....`...)...R*....!.:...#.|...1.eby........X.=.Oo./|;>..4.r.Ku.:.9...&.5...|r...k?.[w.....^:.....5.UAnt...v...=o....".......r...B\.0..s.y2..o:I.1.Gk.1.....Cr...[.....T..Q$2..q.c.m.b+.....&..W..~.0sY.G.....R=...X.D.}../ >...b..

                                                        Chrome Cache Entry: 244

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:downloaded
                                                        Size (bytes):312
                                                        Entropy (8bit):5.067871133906658
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:EFDBD2A688F2E3521238DDFF38F69E70
                                                        SHA1:9A799CE8E51CD28A0827708C324BBC18936E3F17
                                                        SHA-256:179F926E5F4D65B3EF5EF5C18FEDE80470010D10EA3E1370BC19F9D7065E9456
                                                        SHA-512:77115E4BE6389AE82B88F93BC27613595380E702FABF3B1D38DE319A2DD31251D8BEB3BA3CA6E7D7D90DFF4DCCEB14E8F3F2D2894F9C841F8664E362CB906CEB
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/flags/fr-efdbd2a688.svg
                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" id="flag-icons-fr" viewBox="0 0 640 480" width="24">. <g fill-rule="evenodd" stroke-width="1pt">. <path fill="#fff" d="M213.4,0h213.3v480H213.4V0z"/>. <path fill="#00267f" d="M0 0h213.3v480H0z"/>. <path fill="#f31830" d="M426.7 0H640v480H426.7z"/>. </g>.</svg>.

                                                        Chrome Cache Entry: 245

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:downloaded
                                                        Size (bytes):4472
                                                        Entropy (8bit):4.189837295153014
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:43F31A39622611E032CB8C441F73CA4B
                                                        SHA1:9E8CB38FC9A30CE150216914C044880A2F9ED71A
                                                        SHA-256:96DEA00C7BA84EE6B0F814435CE16088A32DC60C3006A897CBF298DA605604FE
                                                        SHA-512:807A9D92B3F57968D5CFD6F88F89D510E7F33B64A17AB18F62DD9E96E7075CB7DE4E88F9C38D8F2D6C41C49C8DA82A65B449AD898FDDB391E2881F5DE5ABE7FF
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/flags/us-43f31a3962.svg
                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" id="flag-icon-css-us" viewBox="0 0 640 480" width="24">. <g fill-rule="evenodd">. <g stroke-width="1pt">. <path fill="#bd3d44" d="M0 0h972.8v39.4H0zm0 78.8h972.8v39.4H0zm0 78.7h972.8V197H0zm0 78.8h972.8v39.4H0zm0 78.8h972.8v39.4H0zm0 78.7h972.8v39.4H0zm0 78.8h972.8V512H0z" transform="scale(.9375)"/>. <path fill="#fff" d="M0 39.4h972.8v39.4H0zm0 78.8h972.8v39.3H0zm0 78.7h972.8v39.4H0zm0 78.8h972.8v39.4H0zm0 78.8h972.8v39.4H0zm0 78.7h972.8v39.4H0z" transform="scale(.9375)"/>. </g>. <path fill="#192f5d" d="M0 0h389.1v275.7H0z" transform="scale(.9375)"/>. <path fill="#fff" d="M32.4 11.8L36 22.7h11.4l-9.2 6.7 3.5 11-9.3-6.8-9.2 6.7 3.5-10.9-9.3-6.7H29zm64.9 0l3.5 10.9h11.5l-9.3 6.7 3.5 11-9.2-6.8-9.3 6.7 3.5-10.9-9.2-6.7h11.4zm64.8 0l3.6 10.9H177l-9.2 6.7 3.5 11-9.3-6.8-9.2 6.7 3.5-10.9-9.3-6.7h11.5zm64.9 0l3.5 10.9H242l-9.3 6.7 3.6 11-9.3-6.8-9.3 6.7 3.6-10.9-9.3-6.7h11.4zm64.8 0l3.6 10.9h11.4l-9.2 6.7 3.5 11-9.3-6.8-9.2 6.7 3.

                                                        Chrome Cache Entry: 246

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:dropped
                                                        Size (bytes):8208
                                                        Entropy (8bit):4.127182388141161
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:3D8F40191EB49D039CFB28B9F892B9AF
                                                        SHA1:6105C382231C7FF1EB1CCED06EDEDB79F4B821F4
                                                        SHA-256:822588A9B5481DD7846C6986E714B7A3E94F0FA8B4BEF7F1B0F962222B9E5164
                                                        SHA-512:BBD16ACE115FCFF39BEDC84F86DA0235A290568D411EFEB9D6E8C49C8753B1256FD37D6F94C53920A294E71A0375E364BB7DA862110758CC2364696488B50AF9
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" id="flag-icons-br" viewBox="0 0 640 480" width="24">. <g stroke-width="1pt">. <path fill="#229e45" fill-rule="evenodd" d="M0 0h640v480H0z"/>. <path fill="#f8e509" fill-rule="evenodd" d="m321.4 436 301.5-195.7L319.6 44 17.1 240.7 321.4 436z"/>. <path fill="#2b49a3" fill-rule="evenodd" d="M452.8 240c0 70.3-57.1 127.3-127.6 127.3A127.4 127.4 0 1 1 452.8 240z"/>. <path fill="#ffffef" fill-rule="evenodd" d="m283.3 316.3-4-2.3-4 2 .9-4.5-3.2-3.4 4.5-.5 2.2-4 1.9 4.2 4.4.8-3.3 3m86 26.3-3.9-2.3-4 2 .8-4.5-3.1-3.3 4.5-.5 2.1-4.1 2 4.2 4.4.8-3.4 3.1m-36.2-30-3.4-2-3.5 1.8.8-3.9-2.8-2.9 4-.4 1.8-3.6 1.6 3.7 3.9.7-3 2.7m87-8.5-3.4-2-3.5 1.8.8-3.9-2.7-2.8 3.9-.4 1.8-3.5 1.6 3.6 3.8.7-2.9 2.6m-87.3-22-4-2.2-4 2 .8-4.6-3.1-3.3 4.5-.5 2.1-4.1 2 4.2 4.4.8-3.4 3.2m-104.6-35-4-2.2-4 2 1-4.6-3.3-3.3 4.6-.5 2-4.1 2 4.2 4.4.8-3.3 3.1m13.3 57.2-4-2.3-4 2 .9-4.5-3.2-3.3 4.5-.6 2.1-4 2 4.2 4.4.8-3.3 3.1m132-67.3-3.6-2-3.6 1.8.8-4-2.8-3 4-.5 1.9-3.6 1.7 3.8

                                                        Chrome Cache Entry: 247

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:downloaded
                                                        Size (bytes):362
                                                        Entropy (8bit):5.374668303238331
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:F270ED71570F3D766CA0D80D9E51C666
                                                        SHA1:357A9A904DA667AC01E984216A5F585B35E7EDF1
                                                        SHA-256:E7D9FE77EAFE2782DEF1F495D7501E273FED4F2FF3F0CE7CC285D459E99EE6C5
                                                        SHA-512:4F116CE110224A2CEE5D189B8ECD94EAC6A799E0B57C1E2DE2F2DED54721C12111F6A4C116968622368A05E979C6123E833B6B1B36CAFD9BD3383D41B99CB4C5
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/views/homepage/slash-f270ed7157.svg
                                                        Preview:<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">.<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0" y="0" width="40" height="50" viewBox="0, 0, 40, 50">. <path d="M0,50 L7,50 L40,0 L34,0 L0,50 z" fill="#00F3A2"/>.</svg>.

                                                        Chrome Cache Entry: 250

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (2702), with no line terminators
                                                        Category:downloaded
                                                        Size (bytes):2702
                                                        Entropy (8bit):5.878173860000746
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:FA1D575FDFC7853BDE9B492DCD04E5B5
                                                        SHA1:BBF9606E0E2218C4AC1A1C444D25A194886C9551
                                                        SHA-256:0BA0A0F8F3E80F91EEC4B039FD1141C3C9947C34C62E807072E1C0A0F026BA37
                                                        SHA-512:00CE332F5E79C7505A15E1C0C5604710369BC43B57ECA1232E1F47BD1F5DC150E0B6396A6C55EB40DF2B904A39CEEDCF4A8F412D27E0B8A51D592D75D6A7F2EA
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://googleads.g.doubleclick.net/pagead/viewthroughconversion/946705537/?random=1714142406106&cv=11&fst=1714142406106&bg=ffffff&guid=ON&async=1&gtm=45be44o0v9168888440za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.wemod.com%2Ffr%2Fdownload%3Ftitle_id%3D16170&hn=www.googleadservices.com&frm=0&tiba=Merci%20pour%20le%20t%C3%A9l%C3%A9chargement!%20%7C%20WeMod&ga_uid=G-K7ZLZSR0WX.85a87e78-cc50-40fb-adbb-4d28b806910f&npa=0&pscdl=noapi&auid=1483828468.1714142406&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
                                                        Preview:(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],null==p){k=null;break a}k=p}var r=k&&k[610401301];g=null!=r?r:!1;var t,v=f.navigator;t=v?v.userAgentData||null:null;function w(d){return g?t?t.brands.some(function(a){return(a=a.brand)&&-1!=a.indexOf(d)}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return-1!=a.indexOf(d)};function y(){return g?!!t&&0<t.brands.length:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x("Coast"))||(y()?0:x("Opera"))||(y()?0:x("Edge"))||(y()?w("Microsoft Edge"):x("Edg/"))||y()&&w("Opera");var A=/#|$/;function B(d){var a=d.search(A),b;a:{for(b=0;0<=(b=d.indexOf("fmt",b))&&b<a;){var c=d.charCodeAt(b-1);if(38==c||63==c)if(c=d.charCodeAt(b+3),!c||61==c||38==c||35==c)br

                                                        Chrome Cache Entry: 251

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:dropped
                                                        Size (bytes):505
                                                        Entropy (8bit):5.022583014102361
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:67F291C7195AE6071754134D7B34A106
                                                        SHA1:07974C13A9B635C3B2A8948C59B6B167664E91F8
                                                        SHA-256:1595496434353DEA9BBA780950FFBBAA3415EA748E39B65D3508C71940AF29E5
                                                        SHA-512:D2F4383902D63AB4142AFB1EE4FE8C70F7BE190B1ED53CBB1FC04E16D984A908CBC0B607DB5C2FD46DEA480472D6E4728F9B3F5500965CB3BA30991FECA12BA7
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" id="flag-icons-jp" viewBox="0 0 640 480" width="24">. <defs>. <clipPath id="a">. <path fill-opacity=".7" d="M-88 32h640v480H-88z"/>. </clipPath>. </defs>. <g fill-rule="evenodd" stroke-width="1pt" clip-path="url(#a)" transform="translate(88 -32)">. <path fill="#fff" d="M-128 32h720v480h-720z"/>. <circle cx="523.1" cy="344.1" r="194.9" fill="#bc002d" transform="translate(-168.4 8.6) scale(.76554)"/>. </g>.</svg>

                                                        Chrome Cache Entry: 252

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (2642)
                                                        Category:downloaded
                                                        Size (bytes):125414
                                                        Entropy (8bit):5.535593593448221
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:640E40A14FD56B8E17A499502DF2A41E
                                                        SHA1:9D93590BB2E328FECC64BE9A113B6686247C3823
                                                        SHA-256:39D743F9BA3138EEE87210AC61F6F8E86BC30093FCBD9CEF0AEEDB89B94EBD30
                                                        SHA-512:E4F8F8C206B478F75128853847B998C90FF151CA1487D8BABE9020D4815B1A13E9E694322F40933DB6F95E21C5195246F864165C41CFD5B98147D88C8E743BF4
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.googleoptimize.com/optimize.js?id=OPT-53T5WHN
                                                        Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"13",. . "macros":[{"function":"__e"},{"function":"__dee"}],. "tags":[{"function":"__asprv","vtp_globalName":"google_optimize","vtp_listenForMutations":false,"tag_id":9},{"function":"__asprv","tag_id":10}],. "predicates":[{"function":"_eq","arg0":["macro",0],"arg1":["macro",1]},{"function":"_eq","arg0":["macro",0],"arg1":"optimize.callback"}],. "rules":[[["if",0],["add",0]],[["if",1],["add",1]]].},."runtime":[ .]..,"blob":{"1":"13"}.........};...var aa,ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ea="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a},fa=function(a){for(var b=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global],c=0;c<b.length;++

                                                        Chrome Cache Entry: 256

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:GIF image data, version 89a, 1 x 1
                                                        Category:dropped
                                                        Size (bytes):43
                                                        Entropy (8bit):3.16293190511019
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:377D257F2D2E294916143C069141C1C5
                                                        SHA1:B7CAE69682CF31DD670B65088DB8395ACDA6ED3E
                                                        SHA-256:AC8778041FDB7F2E08CEB574C9A766247EA26F1A7D90FA854C4EFCF4B361A957
                                                        SHA-512:01211111688DC2007519FF56603FBE345D057337B911C829AAEE97B8D02E7D885E7A2C2D51730F54A04AEBC1821897C8041F15E216F1C973ED313087FA91A3FB
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:GIF89a.............!.......,...........L..;

                                                        Chrome Cache Entry: 257

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:downloaded
                                                        Size (bytes):5223
                                                        Entropy (8bit):5.285058353392769
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:CCE4C595CBBD4EE61F0324E4E5A148F0
                                                        SHA1:80AACC4BEFB185CD4262B6C50A6A5960056298D3
                                                        SHA-256:B6075AECDDF94D9FA1D1A658B3A7DCA788FFC006DDD1370E7C1DC48EA1765B5B
                                                        SHA-512:2BF70BF141AEE8A1F03F737EF0CCC4D91D505442CDECA4C0F2CA5DE7E23EFEAA5696DCC58EBE5857105E0619C6C2F6783ED5423522DF8B48AAEEB8C9E445761A
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/views/features/example-cheats-save-cheats-icons-cce4c595cb.svg
                                                        Preview:<svg width="11" height="282" viewBox="0 0 11 282" fill="none" xmlns="http://www.w3.org/2000/svg">.<path d="M8.98913 1.00195L1 8.43945H4.49926L1.646 15.002L9.63513 7.56445H6.13587L8.98913 1.00195Z" fill="url(#paint0_linear_2446_33562)" stroke="url(#paint1_linear_2446_33562)" stroke-linejoin="round"/>.<path d="M8.98913 39.002L1 46.4395H4.49926L1.646 53.002L9.63513 45.5645H6.13587L8.98913 39.002Z" fill="url(#paint2_linear_2446_33562)" stroke="url(#paint3_linear_2446_33562)" stroke-linejoin="round"/>.<path d="M8.98913 77.002L1 84.4395H4.49926L1.646 91.002L9.63513 83.5645H6.13587L8.98913 77.002Z" fill="url(#paint4_linear_2446_33562)" stroke="url(#paint5_linear_2446_33562)" stroke-linejoin="round"/>.<path d="M8.98913 115.002L1 122.439H4.49926L1.646 129.002L9.63513 121.564H6.13587L8.98913 115.002Z" fill="url(#paint6_linear_2446_33562)" stroke="url(#paint7_linear_2446_33562)" stroke-linejoin="round"/>.<path d="M8.98913 153.002L1 160.439H4.49926L1.646 167.002L9.63513 159.564H6.13587L8.98913 153

                                                        Chrome Cache Entry: 258

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (20303)
                                                        Category:downloaded
                                                        Size (bytes):547361
                                                        Entropy (8bit):5.431026201247079
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:3DDA8DA4DFE9273BA481AE622BC4E882
                                                        SHA1:A9EE62A4678E7344B3BC8589A37DBFBFB63C46EF
                                                        SHA-256:0895FF026A043DD592056EAC47C4F27DDEE5621D9BF68B3992948B6753F28777
                                                        SHA-512:C6DCBD2DE809341D34101D772D655BE1677F91E94FAF7F10CDB93BD011E2C93248B78DC148891D056723C29362D4F2D461AC75E1B00EEC71506D3E34B7785040
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yy/l/en_US/JEeFeYKiBmD.js?_nc_x=Ij3Wp8lg5Kz
                                                        Preview:;/*FB_PKG_DELIM*/.."use strict";(function(){var a=typeof globalThis!=="undefined"&&globalThis||typeof self!=="undefined"&&self||typeof global!=="undefined"&&global;if(typeof a.AbortController!=="undefined")return;var b=function(){function a(){this.__listeners=new Map()}a.prototype=Object.create(Object.prototype);a.prototype.addEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();d.has(e)||d.set(e,new Map());var f=d.get(e);f.has(b)||f.set(b,c)};a.prototype.removeEventListener=function(a,b,c){if(arguments.length<2)throw new TypeError("TypeError: Failed to execute 'addEventListener' on 'CustomEventTarget': 2 arguments required, but only "+arguments.length+" present.");var d=this.__listeners,e=a.toString();if(d.has(e)){var f=d.get(e);f.has(b)&&f["delete"](b)}};a.prototype.dispatchEvent=function(a){if

                                                        Chrome Cache Entry: 259

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:dropped
                                                        Size (bytes):1893
                                                        Entropy (8bit):4.9458801886855674
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:24DBFB1CD955F8626D805BFC4E4A79C2
                                                        SHA1:0440AC857B41F57601E8F93E812881DD5138FAC2
                                                        SHA-256:9B517D3FBF734A749249242F16D470A4F7B445182F7CEBDE45BD953284EDFC88
                                                        SHA-512:96B1A8452DE011722773B73F40F3D8D308ACF645FF28E270FC3EDDD2BA0CF1A1669157062D5A8A26FCC025FD9BC5A8E5E3E0AF0C558FCAE068CDAF5AF060895E
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">.<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0" y="0" width="82" height="15" viewBox="0, 0, 82, 15">. <g id="Layer_1">. <g id="Layer_1">. <path d="M15,0 L0,0 L0,15 L15,15 L15,0 z" fill="#00F3A2" opacity="0.75"/>. <path d="M7.5,9.666 L9.455,9.186 L10.272,11.625 L7.5,9.666 z M12,6.514 L8.558,6.514 L7.5,3.375 L6.442,6.514 L3,6.514 L5.786,8.46 L4.728,11.599 L7.513,9.653 L9.228,8.46 L12,6.514 z" fill="#FFFFFF"/>. <path d="M31.75,0 L16.75,0 L16.75,15 L31.75,15 L31.75,0 z" fill="#00F3A2" opacity="0.75"/>. <path d="M24.25,9.666 L26.205,9.186 L27.022,11.625 L24.25,9.666 z M28.75,6.514 L25.308,6.514 L24.25,3.375 L23.192,6.514 L19.75,6.514 L22.536,8.46 L21.478,11.599 L24.263,9.653 L25.978,8.46 L28.75,6.514 z" fill="#FFFFFF"/>. <path d="M48.5,0 L33.5,0 L33.5,15 L48.5,15 L48.5,0 z

                                                        Chrome Cache Entry: 262

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (4179)
                                                        Category:downloaded
                                                        Size (bytes):253267
                                                        Entropy (8bit):5.54669590588751
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:7A60884F38D01D1B0142027D5F00A253
                                                        SHA1:7B4DCBD4B998632E3A54BAE96F04F1284F9B6D79
                                                        SHA-256:F55A7D25A5A41552071553DA84DFE4AB7FFA3C08BCCC53B4411F16D90788301B
                                                        SHA-512:2D3BB6D422CDD71FDD7DD8D43CC8277B889A3F3DED86CF4A13A91BC470764CB5DE71CD33AD0C30D1EC42599F89E566F9F0C5DDC290DC76F5B06007BE059C2A8F
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.googletagmanager.com/gtag/js?id=AW-946705537&l=dataLayer&cx=c
                                                        Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_ads_datatos","priority":16,"vtp_instanceDestinationId":"AW-946705537","tag_id":10},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regi

                                                        Chrome Cache Entry: 263

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (64347)
                                                        Category:downloaded
                                                        Size (bytes):223683
                                                        Entropy (8bit):5.454805360153245
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:85F41014BE15CC3E54A4123C00C5021E
                                                        SHA1:1E5468F507A8B0216114A8D8F63309BE8CBCAB9F
                                                        SHA-256:01E9582655224C83E6C075F44B7EECB135E108B6AD2150BF6F78A0A77C4AD5E0
                                                        SHA-512:78F6D6CD922AA42FD340CF215D7D91DDFABEF5EC393DFA5EB578436B9B668F839747218A4DE980AEC2395194667B1E0215623EC902EAAF8CE592536172414FCD
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://connect.facebook.net/en_US/fbevents.js
                                                        Preview:/**.* Copyright (c) 2017-present, Facebook, Inc. All rights reserved..*.* You are hereby granted a non-exclusive, worldwide, royalty-free license to use,.* copy, modify, and distribute this software in source code or binary form for use.* in connection with the web services and APIs provided by Facebook..*.* As with any software that integrates with the Facebook platform, your use of.* this software is subject to the Facebook Platform Policy.* [http://developers.facebook.com/policy/]. This copyright notice shall be.* included in all copies or substantial portions of the software..*.* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.* CONNECTION WI

                                                        Chrome Cache Entry: 264

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (2344)
                                                        Category:downloaded
                                                        Size (bytes):77307
                                                        Entropy (8bit):4.952741336788789
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:628C8157EE8BFE5C8C52AA6B15D1C442
                                                        SHA1:0F141254CBF7ED5A377D029EC7390DD0EA818087
                                                        SHA-256:F06A7271D64D65D5627896FB2E03CEA5F6EC040A0B20D8093452EA4BF47F8826
                                                        SHA-512:51516F21D1E4D534A49512215C624F12FF277EF07F8F69D12203FF5B124DD6EA9CB8110C0B2350090BBB86899B3B1371A5E2735B5D9AF4A1B4A474C39D6B1FA3
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/fr/download?title_id=16170
                                                        Preview:<!DOCTYPE html>.<html lang="fr">. <head>. <meta charset="utf-8">. <base href="/">.. <link rel="dns-prefetch" href="https://api-cdn.wemod.com">. <link rel="preload" href="static/app-4901b73512.css" as="style">. <link rel="preload" href="static/fonts/inter/Inter-roman-57fa490cec.var.woff2" as="font" type="font/woff2" crossorigin>. . <title>Merci pour le t.l.chargement! | WeMod</title>. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="theme-color" content="#1a2837">.. <link rel="shortcut icon" href="/static/images/device-icons/favicon-0b9e908694.ico">. <link rel="icon" type="image/png" href="/static/images/device-icons/favicon-16-0a4b2be4bf.png" sizes="16x16">. <link rel="icon" type="image/png" href="/static/images/device-icons/favicon-32-b6ba8686b5.png" sizes="32x32">. <link rel="icon" type="image/png" href="/static/images/device-icons/favicon-64-dc96704e5e.png" si

                                                        Chrome Cache Entry: 265

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (32087)
                                                        Category:downloaded
                                                        Size (bytes):222828
                                                        Entropy (8bit):5.433692566019223
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:1FAAC569E1835024DED911DC333FB8E2
                                                        SHA1:2E24BE14B2166C99A73D5190B2D73E3524745C0A
                                                        SHA-256:C9B675D3492827F6C5998B155A8FD0D934E348673DE7D2769CC0D183964AE03E
                                                        SHA-512:6DF3A1AAF8A1FF8D2077691389339FDCA75B639AE732A237ED9D6524915F2258E579772E200502C92342C5CC1ED8A18BB53DF6F22CF9473215ECA1FE204679ED
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://cdn-4.convertexperiments.com/js/10046150-10046491.js
                                                        Preview:if(typeof(window['convert'])=='undefined' || typeof(window['convert']['doUseBackupData'])=='undefined') {.window['convertData']={"device":{"mobile":false,"tablet":false,"desktop":true},"geo":{"country":"US","city":"MIAMI","continent":"NA","state":"FL"}};.var convert_temp = convert_temp || {}; convert_temp.data = {"u_id":"10046150","prj":{"utc_of":"-18000","extset":{"ga":{"on":true,"measurementId":"G-K7ZLZSR0WX","type":"ga4"},"maxvis":0,"maxtv":0,"minordv":0,"maxordv":99999,"mindays":999,"csmb":"$","minvis":5,"minconv":5,"stopTrackingGoalsAfterDays":"30","dnt":"0","d_anon":true,"autlnk":false,"gdprw":false,"srm_check":false,"smart_recommendations":true,"stats_engine_processing":{"stats_type":"frequentist","power":80,"test_type":"one_tail","multiple_comparison_correction":"sidak","power_calculation_type":"none","fixed_mde":1,"decision_threshold":95},"gaUA":[]},"id":"10046491","name":"Project #10046491","global_d":{"js":"","css":""},"domains":{"wemod.com":["wemod.com"]},"domainsCount":1},

                                                        Chrome Cache Entry: 267

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                        Category:downloaded
                                                        Size (bytes):261663
                                                        Entropy (8bit):5.219673076042228
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:78FECEADCFD1EF5C75F938DDCB1AD2FA
                                                        SHA1:954A37D64FA90C44C3CF64BD9ABD53D7C94089A9
                                                        SHA-256:691D73B41F1A47AC7CEBC8116810F49F802FE50FF4970D9E4CC46188496F4B2D
                                                        SHA-512:17AA5719650BE113FA0DEAD4831967E8ADCA01DE20CF93C0B2BD34896347B0F63169D5FD16EEC0140CD9F8084D06D94344314CD5D972908C42A0E6AA5F9F4E10
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/app-4901b73512.css
                                                        Preview:@font-face{font-family:"Inter";font-style:normal;font-weight:100;font-display:swap;src:url("/static/fonts/inter/Inter-Thin-c51873c62e.woff2") format("woff2"),url("/static/fonts/inter/Inter-Thin-0f080c40c6.woff") format("woff")}@font-face{font-family:"Inter";font-style:normal;font-weight:200;font-display:swap;src:url("/static/fonts/inter/Inter-ExtraLigvvvht.woff2") format("woff2"),url("/static/fonts/inter/Inter-ExtraLight-7d759358c1.woff") format("woff")}@font-face{font-family:"Inter";font-style:normal;font-weight:300;font-display:swap;src:url("/static/fonts/inter/Inter-Light-4e2e86733e.woff2") format("woff2"),url("/static/fonts/inter/Inter-Light-0f0118feb7.woff") format("woff")}@font-face{font-family:"Inter";font-style:normal;font-weight:400;font-display:swap;src:url("/static/fonts/inter/Inter-Regular-8070997696.woff2") format("woff2"),url("/static/fonts/inter/Inter-Regular-14d1275c67.woff") format("woff")}@font-face{font-family:"Inter";font-style:normal;font-weight:500;font-display:sw

                                                        Chrome Cache Entry: 268

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:PNG image data, 16 x 16, 8-bit colormap, non-interlaced
                                                        Category:dropped
                                                        Size (bytes):323
                                                        Entropy (8bit):5.54022252766947
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:984B5F922B8DF33111C9941C04DF637A
                                                        SHA1:D260EC5196D02B78A3ED8E0D3315E94F7FB3B56C
                                                        SHA-256:092CB8A7C234247243577529FA46F11C66216FB8C2B91A9E12D6BDA73B739ED9
                                                        SHA-512:5F039171B1280678195A461F87B0AC0D3EDCB0C3B2E4C8059F1EEEDD062A627B7C75A3417B8073DDF3D3187302C484191F36A4C1436944C2887BB5C3173B06F6
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:.PNG........IHDR.............(-.S...]PLTEGpL..................................................................................................tRNS.x..+............*.....].....X.......wIDAT.....b............\R.../sU...`Z.......Z......k...Q.3.-.[...K;P7.w....@U..h..z....0v>...s...PmW(.nU...4TU=.{..G.?B....._....IEND.B`.

                                                        Chrome Cache Entry: 269

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 460x215, Suserng: [none]x[none], YUV color, decoders should clamp
                                                        Category:dropped
                                                        Size (bytes):26538
                                                        Entropy (8bit):7.992643604527192
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:CD68407856160E41CDF8C84C99F305C2
                                                        SHA1:4B1E3E3C32548F9B439EA3107DCC81BAD988ED16
                                                        SHA-256:B5A45AAA171FF5F85E656EC27760255E3B7457BB5245E6570501AB5DCC565B40
                                                        SHA-512:22F210FB39122AE45113BDC10708E6B458DDB7D70A8F1F298D2EEF194DEAE7E3A2ED79E722D36CAC735B1FDCCF277AAD20E98367F384F9ED241B0F4654E8DAB9
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:RIFF.g..WEBPVP8 .g...+...*....>1..C"!!.y.. .....P.b.3.cG.....[I:.d?.~....?.........|.z.......U..=.?\..}Wy................?..h.....].......~.{T................+.O..._.}..3./1.....g.?.O........................._..u9.x........o..........#..?......S.G......._..h.).[......./........C...._...~.?`.M.s...?.?..........M........x?...~....t....nG..,f.. .0.vm....z..<0G.!M..}.)....S..?..U8..nhb.."...$t&$.:.....Y.G.S.C.Vwc....S.+'.&....%..h..h...a>...[..M.%.S.....#..~../..n....y.M.!....-."1..t.{...o..>7J..G.8.&..h..u..VUl.XD`...T0.. z....-.e../.o(...2I.hQ...aGz..J.*`....`].m..M..qyal... ..P..................it..n..J.....|.O5.,.P}.u]..u+.2."..u.K..e.nw~.{...}.._'..g@...,.B.[...+U.#..D.DA.6.X4.#:M...Xo.\.r...K2..E..w."U.2v...n..eu6l|I.........*"K.I.et*.6..|..i........m...^...T.e.o.....U.......zS.iU.]..R"v........"...T..[.3.?..9]c..,93./<...+.-WT...D....*....z...?.....xa...@&.a1J.$.^}..0._C..'..R.w.}.hY....<A.{._.C/mBs|......qI....;+..4......#C9f..i.=......Wk..

                                                        Chrome Cache Entry: 271

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (1957)
                                                        Category:downloaded
                                                        Size (bytes):3093
                                                        Entropy (8bit):5.588009613587946
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:BAB848F8852BB43E725C9BED18FD189F
                                                        SHA1:410F5B3B624AA534A6204BEEA0181D8BFADDCBAE
                                                        SHA-256:F61FCC458CFA34ACAC00D947327E3DD063DAD271D30FFE05FCD791DC47D4EAD2
                                                        SHA-512:98A259BFDA9408123FDA5F2F978ADE106E22DA910810EA00491EB9768C61D53C09A0743E8BAEF798669FE8461F14E59EF0787D4E4CB33874FC4B651214CED8E2
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://connect.facebook.net/en_US/sdk.js
                                                        Preview:/*1714141673,,JIT Construction: v1013077871,en_US*/../**. * Copyright (c) 2017-present, Facebook, Inc. All rights reserved.. *. * You are hereby granted a non-exclusive, worldwide, royalty-free license to use,. * copy, modify, and distribute this software in source code or binary form for use. * in connection with the web services and APIs provided by Facebook.. *. * As with any software that integrates with the Facebook platform, your use of. * this software is subject to the Facebook Platform Policy. * [http://developers.facebook.com/policy/]. This copyright notice shall be. * included in all copies or substantial portions of the software.. *. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS. * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR. * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER. * IN AN ACTION OF CO

                                                        Chrome Cache Entry: 272

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 460x215, Suserng: [none]x[none], YUV color, decoders should clamp
                                                        Category:dropped
                                                        Size (bytes):51286
                                                        Entropy (8bit):7.995601806385469
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:FCD8A657298573DE066CE7A92E490BA1
                                                        SHA1:8594B5C2EAF0B0DB38532A6C360EED3FB593E30D
                                                        SHA-256:820C6D0693DECD973FBC982B3C631B5E73C299E7341DD1ECDB476442E4322469
                                                        SHA-512:AF9255BBAC7E1985B08369333B977766E256F7C8EC06EB1D4DA21A91C042B2AD90235710F501C71F00E6756CF04EB984173525A6B31BADFDFEF389748620B35B
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:RIFFN...WEBPVP8 B...P....*....>-..B.....d..b[.+.n_..7s.g.e.........._............{.e.].......w.7.....~..........#.g.........u./......?n=.......?......././..=......(...S.....?............@...W.7.....g.O.......?.........}'.?..r./.............|P.i..............p................w..................k.....+......|.6.......z...................~.{..g.....w.......I.................../..Go........C..............,.5.s.....?.......7..........U.....7..........W.......^.?p....~....Y....,pb...,.....|...q..;..`.,.C..&y.h...t"..sz.c...!.c..[.w..Fx.3..b..J....3c...u.Nq.....!+...M..h.1.a.mq..o.........).~i.2OV0.Fu....@M.z../..E...H...e._.?..(.8....e5,zu...Ia+'P....X....'......P{....dm..T..... r....M..m%..1..rw......g.k.o..6x6f(.w....ay...:x%.,c.f.W,@...N.1..(jY...\ydH~_B.........].T....".D9.c..B.*7.T.K<.}N....vMg..&0.H;....A. ,......>q..Y..._r...o.8...^N~../.Y...:.q....sL#2WG.....eS..z......G1>{-:.N.7.4..."..P.S..K.......tj.b.T\..:....>B.y

                                                        Chrome Cache Entry: 273

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 460x215, Suserng: [none]x[none], YUV color, decoders should clamp
                                                        Category:downloaded
                                                        Size (bytes):23510
                                                        Entropy (8bit):7.9898200755112745
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:674FE0F9F7D0A4D8811CA45ED1D49D3B
                                                        SHA1:1B298B25D815FB9DA03E2B5F8667A24E97A09A13
                                                        SHA-256:EB39BCAD79B5513D93A262C50C9BADEFB8BAEB2411C9B4EBB69D42DC06022658
                                                        SHA-512:4443A2EAEDE2B9C58EA9B22A188A9CED184C74CB956712E29253E395BE0D1B912D87E3BD0A8898E998C302F5217AB5B50F9D0236E24ED8426B56367684AC9940
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://api-cdn.wemod.com/title_thumbnails/43046/132505/460/1/thumbnail.webp
                                                        Preview:RIFF.[..WEBPVP8 .[.......*....>1..C"!!..uD ...6.~..p..|......S...7......~.......v_../.'..78...........O......m.M...{.7................w...#.o..._..z>b?..........G.....?.?..c...J.5..........._........F.....G.........?..y|..........}...i.!............c...........|............9.....W.#..?...~.............f.......?.~....H._........'.........?..|...U................G........m=.}9.....g._............o.........?....sx.%2.......T!.&.S..!...!.Z?i.S.=.?...K8....q.....r..k...na....2x.au...*9...P....}.&A.....9.Z..Jsp.......p}.\)-G..M..P.$_.=.Pz.....i.>...C...6..........ftumI.l..!ZF....VD.]....Y..F.w3.=..m.M...6.'..+...[.....t.....H.@.&..R.b....]s.....]..j.Y/.t..,...%..9o...S<Op"......*J..suw..a.oR....Hr.v..../.....9..........9................`..%...Y....d.?5......e.....[......-?..]..^6..P.......M...l"/......6...<S3yX[.Ff...NI...I....o....Y/-.RH........gw.G.,..K..]8..HQU.{.......1.qQ.s._..^.H.t;1{.....Z..u......>..7o...R....E..@..k~..l#.~..[....J

                                                        Chrome Cache Entry: 277

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 460x215, Suserng: [none]x[none], YUV color, decoders should clamp
                                                        Category:downloaded
                                                        Size (bytes):42508
                                                        Entropy (8bit):7.994644547145351
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:AF1FDCEEE958D482284F79D0989680EA
                                                        SHA1:1A2FD037B55CBAD25F5FC34FA9DEE2CE4F37A20C
                                                        SHA-256:6CAC0DF3CE7512A40D56B1FFAA6201F8C602F9F9FEFF9216D395B22DE8F79F69
                                                        SHA-512:39B6424FC156DF978C2BCD51C7ADF607F71DDD1BE6EBCDBB85B871007DE1873B46EE091C5D15C12F54635869062CC0E8E0E565EF6A684CCA1DAE90475E3AD23A
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://api-cdn.wemod.com/title_thumbnails/77777/905782/460/1/thumbnail.webp
                                                        Preview:RIFF....WEBPVP8 ....0~...*....>1..B.!.V_b...X.-.../.^.>...".........'E..........................r.........G......y...........^.w.../._.o....q.._Y/._...~P........./..........j.....@7.x..?..2."..._.......y....y.......?.~?K...?...?.........w.....+~A...m.3...?....O............;........s...............5?....7.....W./.....~...../..._._......7...s..?...?.~..z.[.......?a..........g._...~......=.}.....O..UA..U....gJ2&LP.....*R.V....$...........Oe..6x........3.k..mV..>.....%n..DE".6y..~Q..`|Y~...q.GP.7...T.....R`|.Y^.a....3h...HD...C:...oEz...NJ//..6G..f,..|Sws....j}|.Q.......`.\.E.l...*.~.........49.{.....q..&.i.SE.R..k..p..tW%.R..aK2.*...6T..Vh.T....5q.X.z..E.C:5..l........&tN.c.%NS..(....^{.Lw....kz..M+..a.(..MW..d.>.T..* .R.7...5.f{..s^/!]7.~=l..-W..k..L.l]..-.A4K..)3.ke..j?h>.).[.-...xEgW......S.>G..:.T..h%.. K..k.Dvj..]s.O...El./..&r..s;.Y.c......vY.w/...;.(.i...O.n. ..-..A.n'..e...a~R....}s..z....!!.\.^>s.....R*Kv.-G..IL.w.ge..R....~.Nd.W....2./..~

                                                        Chrome Cache Entry: 279

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:HTML document, ASCII text, with very long lines (56043)
                                                        Category:downloaded
                                                        Size (bytes):327164
                                                        Entropy (8bit):5.5061054495525745
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:81267302EFDFB3E4524A22631A8FC99E
                                                        SHA1:EFB274E7D019D5F3CDBEE88D317F46FE45BC91EE
                                                        SHA-256:70C00445D6632039ED99AF760731DAF3BF60EB12061863EE61E2CD7276A54D18
                                                        SHA-512:D378A12E5465E2DEFBBB794D1F5CA287D8A9B31E16482F782DC6C53D9F6CB4600B8B2ADCAAC0CCF963AA06B42569C8119E16987F59FB052B4AB1254784ED5EF0
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.wemod.com
                                                        Preview:<!DOCTYPE HTML>.<meta chartset="utf-8">.<title>Twitter Widget Iframe</title>.<body>.<script type="text/javascript">!function(){Function&&Function.prototype&&Function.prototype.bind&&(/(MSIE ([6789]|10|11))|Trident/.test(navigator.userAgent)||function(e){var t={};function r(n){if(t[n])return t[n].exports;var i=t[n]={i:n,l:!1,exports:{}};return e[n].call(i.exports,i,i.exports,r),i.l=!0,i.exports}r.m=e,r.c=t,r.d=function(e,t,n){r.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:n})},r.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.t=function(e,t){if(1&t&&(e=r(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var i in e)r.d(n,i,function(t){return e[t]}.bind(null,i));return n},r.n=function(e){var t=e&&e.__esModule?functi

                                                        Chrome Cache Entry: 280

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image
                                                        Category:downloaded
                                                        Size (bytes):87956
                                                        Entropy (8bit):7.9884665209927395
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:B607B57776341A28D735FB7A415D39A1
                                                        SHA1:E1B07D5A804C8F2BE446F87545A170F82B93A410
                                                        SHA-256:E4A23E7032A8FA137FC71D2083E91CC6FE9BE18F14FE8287C5B85ACA5083B459
                                                        SHA-512:2EEFD4BAE62B4CC8EB9BE5CB7CFA5B7423A84A10559A320A529DA5AF5DD49D407B4E5D62647FD286A5DEF5C99B12070D24E9899F323DFCDB79E009B1F0EC3236
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/views/homepage/screenshots/desktop-fr-b607b57776.webp
                                                        Preview:RIFF.W..WEBPVP8X..............ALPH.1......$.....Ws...`....O..W.1..j...\..{........s.M...f...K.zAU...p.m...V.........U..\...o.J...D.qc..z..G<.T*....T...7........T...LKI.B...;....J.<.\;.L.>d...?;...3.y....bz.b..[..,....V./.;]#.wjZ...f.C.`y....X...D'q....N......?t....V8.V+.i...A.R..H..I....{...0l.6....^.v...1....lhY6.......".-..1....."f.%;+.,.,+..$.......!.%O...t1.B.Y....@AW/.q..$..*x...n.`...sjw.p{.fn9.H...<.J[z>...]D.,s`k...e..<.9.C.).e.D{.2M.5g],'.........Y@<..1.....g...,..e.(.JW.t.eYeY..-..d..Wv.."H>.>.........UR....T.=Q.TR.......=F....h......Y.m.it.D_..K"u.?....H..=..3.p.I.".).r../5...Hn.}...Y>f..3.,.....I...27....'f&.-.bf>.3/......43...SO....E.V.j.....-....!4tq._.....?........V.BI.6....[.$!.Y..(.P.:..dN.......5h.8)q..9. A.y..V...B. "b....0.&.Bv@4.g..b.,..4M=.o.P7..B...y......M)%.M..j.P..zQ[....Yp...Pn8'.~...-....g2.9[.......[-...~..6...p/.Ji.....\.QL......_Cb....p....#..L....Q......e."..K...W...U.....,%...Y.f+...&h..E.=&.i..

                                                        Chrome Cache Entry: 283

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image
                                                        Category:downloaded
                                                        Size (bytes):94536
                                                        Entropy (8bit):7.995066012708744
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:52C5D36551342E6680B9C6ADD7A2E4A6
                                                        SHA1:CA1CD1C9138378E787B6622EDF72D1E269A0FCEE
                                                        SHA-256:3D37FA1304D66EB88366495D40EDC81DFCD07E575C83C02643B851300C4A2D41
                                                        SHA-512:FA8374DEBA6699FED8BD19AD0106C3276CDF542BD084AAAB076487158C80373C312A242910EFE481CE73FF739AC804A6578CE040E4CF598E8FAC7046B2D3A76E
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/views/features/overlay-screen-desktop-52c5d36551.webp
                                                        Preview:RIFF@q..WEBPVP8L3q../..J...*.lW.=..}...:.}.s.96 ....QT....A.jf....G.mU..p...G..s.~~.B..t.....+=BN......L.@.P-.C)).b.Z.#B.m#2....1P......Fb.Uh.. 9K..j....0...5.)......!..2..[B............!.*3..w.$..d.C.....X3...%..L..P.C......_.....Z..T."W.YS#4T...R.@c.U...g...d./@- ..Kt@......gm..a.+_.u...vQ+......0..]f.?s...q..2..r).&.........=-.oi..@...c:..2.%Sf&..L2..+....._t.d-.} y.....f@.*...v..J....0.....v.[.....Tc.....dW..j7.r.h....>x.........7._n..0...I....vm""&..1...........cfW.}.].,..*.{.ED.....{...R9f.D...*..\....o.=.f&'..*...\...........E..}v..?.2..0......9#.~g.2.........L...wN...N.E..;.'W...O..v.WU...?-.....7l^.V...5!....m$IOGH%....x...;.\.LF.K.fWN....f.2..~0.o......X...m.....LJ...N.?.-).$E.v=(.33..9<.f.`P....Y...nnf...E.j.FWH ..><.,.2..u....V.K.D.&.S.@...A.,P.Z&@..&.NN....2.F.-d.,G.....W...b.I...I.s.]/.....LuN}......#......y.\....(........z...W..r..H.I.2...Y"@..xKR=.J...I...5KU]..y..WM/.}.x.............G...$;U....+Z..B...u..,=.$]v......#

                                                        Chrome Cache Entry: 284

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                        Category:dropped
                                                        Size (bytes):15406
                                                        Entropy (8bit):3.133183167191395
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:0B9E908694C3915973847B08612535A3
                                                        SHA1:A0E9184C543E2CC448269607DD33108D1C73AE19
                                                        SHA-256:ED7857BE6483BF484C978446820EC1304C0AA5784B12726210AEE188674C70CA
                                                        SHA-512:75EB6F56D33BD2A5B640AE069C19E3B7632C6FDF435255831A695C4E225E5F68AAFBA47BAF5C280CFB5DC8CC1D846AE3B05E251035500FCDF6B5DC49533D72D5
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:............ .h...6... .... .(.......00.... .h&......(....... ..... ......................................................................................................................................................................................................................................bU..aT..fTg...................x.......{.....................UZ6.S^..T].._V..iK............................#.................Ef..Bg..He..[X...@..........................................7o..4p..4p..>k..gQ...?... ......................................'x}.$z..(x..?i..}D...>...*............................g......f..............`V...;...8...-....................................V..............A;..1...0...+................9...............A.......................'..)D...........H...!...................................(...................................=...............s...........................................................b..........................................................................

                                                        Chrome Cache Entry: 286

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:downloaded
                                                        Size (bytes):1259
                                                        Entropy (8bit):4.801343748869693
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:D80DF3C17704C0D189AC97A4484B86B3
                                                        SHA1:5F693974DB0812DCAE8E8D67E7AE1E4FC1DC5D62
                                                        SHA-256:9383E4915D0CD5CBA6D2D5EFF0C62CE50046AAFA91DC07E2E3BB831402840361
                                                        SHA-512:F3FBF55108603E9D9C5904839F8A7C7BA20411B36673A4F335C80902B133C516ECC02826A238996FE5CEFDDB58458650775CB5DF09346609F6560F62DBCC8694
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/views/homepage/creator-wemod-icon-d80df3c177.svg
                                                        Preview:<svg width="120" height="120" viewBox="0 0 120 120" fill="none" xmlns="http://www.w3.org/2000/svg">.<rect width="120" height="120" rx="25" fill="url(#paint0_linear_425_116266)"/>.<path d="M78.0594 85C74.9889 85 72.3022 83.0658 70.9589 80.3578L67.1207 71.0734L66.3531 72.0405C64.8178 73.7814 62.7069 74.7485 60.5959 74.7485C58.293 74.7485 56.182 73.7814 54.8387 72.0405L54.071 71.0734L49.8491 80.3578C48.6976 83.2592 45.819 85 42.7485 85C39.678 85 36.9913 83.0658 35.6479 80.3578L21.6387 46.7019C19.9116 42.8334 21.8306 38.3846 25.6688 36.6438C29.5069 34.903 33.9208 36.8372 35.6479 40.7057L42.9404 57.7271L44.6676 53.4717C45.6271 50.9572 47.93 49.2164 50.6167 48.8295C53.1115 48.6361 55.7982 49.6032 57.5254 51.5375L60.5959 55.0191L63.4745 51.5375C65.2016 49.6032 67.8883 48.4427 70.3831 48.8295C73.0698 49.2164 75.1808 50.9572 76.3323 53.4717L78.0594 57.7271L85.3519 40.7057C87.0791 36.8372 91.4929 34.903 95.3311 36.6438C99.1692 38.3846 101.088 42.8334 99.3611 46.7019L85.16 80.3578C83.8166 83.2592

                                                        Chrome Cache Entry: 287

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:Unicode text, UTF-8 text, with very long lines (37163), with NEL line terminators
                                                        Category:downloaded
                                                        Size (bytes):197589
                                                        Entropy (8bit):5.350394804066685
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:519E53B0570FB511F1351959CECE49CE
                                                        SHA1:2C590EDB08BDDFB537DDC197BEDD2113251E331A
                                                        SHA-256:6AC2713245FC25E1A75E9F04A03385CDB4DE43CFF5F93454B71EBA36969E67AC
                                                        SHA-512:7855AAD9BFA49DC67236A52898C463C5CE1EEA89F4D756292A10D27D5A3398E0F81038AF0ACD9A55215380D0241586ACF8D3BA2F6E0CE2E885DD70D574C99E0F
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/app-519e53b057.js
                                                        Preview:!function t(e,n,r){function o(s,a){if(!n[s]){if(!e[s]){var c="function"==typeof require&&require;if(!a&&c)return c(s,!0);if(i)return i(s,!0);var u=new Error("Cannot find module '"+s+"'");throw u.code="MODULE_NOT_FOUND",u}var l=n[s]={exports:{}};e[s][0].call(l.exports,(function(t){return o(e[s][1][t]||t)}),l,l.exports,t,e,n,r)}return n[s].exports}for(var i="function"==typeof require&&require,s=0;s<r.length;s++)o(r[s]);return o}({1:[function(t,e,n){(function(e){"use strict";if(t("core-js/shim"),t("regenerator-runtime/runtime"),t("core-js/fn/regexp/escape"),e._babelPolyfill)throw new Error("only one instance of babel-polyfill is allowed");e._babelPolyfill=!0;function n(t,e,n){t[e]||Object.defineProperty(t,e,{writable:!0,configurable:!0,value:n})}n(String.prototype,"padLeft","".padStart),n(String.prototype,"padRight","".padEnd),"pop,reverse,shift,keys,values,entries,indexOf,every,some,forEach,map,filter,find,findIndex,includes,join,slice,concat,push,splice,unshift,sort,lastIndexOf,reduce,r

                                                        Chrome Cache Entry: 289

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (2971), with no line terminators
                                                        Category:downloaded
                                                        Size (bytes):2971
                                                        Entropy (8bit):5.946636714572439
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:C60C82AE20F0AB8A360B89CDA9DFFE78
                                                        SHA1:EBACEB9FAFD789562072644BAA841AEFBC4A52F6
                                                        SHA-256:7DBCE7AC1872994FFEBD24BA4B5CB253C342BADDE672212A4D7745203BBA0623
                                                        SHA-512:E6A92B76F96228AB872D81B714540D58BE7C3B131666019CC42ED489DF4589473CEA721EE8B6DFCD59AE91AB34B212C46608D1CF94545B2296A21CA8C10D2CE3
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.googleadservices.com/pagead/conversion/946705537/?random=1714142406178&cv=11&fst=1714142406178&bg=ffffff&guid=ON&async=1&gtm=45be44o0v9168888440za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.wemod.com%2Ffr%2Fdownload%3Ftitle_id%3D16170&label=BY2LCI-E55ABEIGptsMD&hn=www.googleadservices.com&frm=0&tiba=Merci%20pour%20le%20t%C3%A9l%C3%A9chargement!%20%7C%20WeMod&ga_uid=G-K7ZLZSR0WX.85a87e78-cc50-40fb-adbb-4d28b806910f&gtm_ee=1&npa=0&pscdl=noapi&auid=1483828468.1714142406&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&ec_mode=a&fledge=1&capi=1&data=event%3Dconversion&em=tv.1&rfmt=3&fmt=4
                                                        Preview:(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],null==p){k=null;break a}k=p}var r=k&&k[610401301];g=null!=r?r:!1;var t,v=f.navigator;t=v?v.userAgentData||null:null;function w(d){return g?t?t.brands.some(function(a){return(a=a.brand)&&-1!=a.indexOf(d)}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return-1!=a.indexOf(d)};function y(){return g?!!t&&0<t.brands.length:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x("Coast"))||(y()?0:x("Opera"))||(y()?0:x("Edge"))||(y()?w("Microsoft Edge"):x("Edg/"))||y()&&w("Opera");var A=/#|$/;function B(d){var a=d.search(A),b;a:{for(b=0;0<=(b=d.indexOf("fmt",b))&&b<a;){var c=d.charCodeAt(b-1);if(38==c||63==c)if(c=d.charCodeAt(b+3),!c||61==c||38==c||35==c)br

                                                        Chrome Cache Entry: 292

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 460x215, Suserng: [none]x[none], YUV color, decoders should clamp
                                                        Category:dropped
                                                        Size (bytes):28002
                                                        Entropy (8bit):7.993129966616942
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:852D266F48F3667191EE55A0FA8C5BFC
                                                        SHA1:9612B35372C606431F9F978134350B3AA64CF9B5
                                                        SHA-256:78B87D74027660FBF9875C84ED426E0569209D6782082B118A4EB01F3111872B
                                                        SHA-512:594D9E6B7F8A51509F0F40A038F93A4AA036A97345143DD3649FA1517A9E4E5734B06C85B4B94ED4BA842A6F78B815F18EA344BC8F0CDDFEE230662C5320255F
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:RIFFZm..WEBPVP8 Nm...E...*....>1..C"!!.Z.. ....8>)wG..y.+G.<...{..S..f........\...y.z`...+.../...g.W...'q/.O.?..;...w.>..$.w.g............?.;....._.?...~j.....N.[....G.........+...h.d.i.......?..................y..._.........,.......?..........A........|...s..?j...t.}.K..^..).f..V..;.5..p.:.z.{Tp.~lR..@x.@!..G{.CI. ?.0...l.v}..T....D.,}i.K....a.{.W+~..e.4.BGx...@.4?_...7..M..J+.2.XU........5........P..lz.<U...,K.;.z..ij.1.....?u.V.]..aM>.>..?jw...bH..f..8}.gB]..Y.t:....[.:...3.........5.'*...........[....8..~P.=.!......s<..n......*=..*...;Q.....?l...P.z.Y./...A..Q./..{3..Wa...+..........T\ .bd...I..;..6....j$..8?....<<=!|.....$.h.(..f.~..X+....f0..P.G..2.Alr.3..kX.!.9}....bR...........#...K.H..x..!....w.0..iv.....\2/W.Y....;.zv.....Z.y.-..kyX[.......:a.o..9....VS:...I.)..c....].fu.M...0b'.....S.R*HRhc...[...`...em....XF;..^Q.Q....W....0.u2v.S.PA{.e.b'O......x..A..]7$....0.j.LkV..t.BO.Sl.../.............u....qM.j.....:zj..oQ....#...

                                                        Chrome Cache Entry: 294

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:dropped
                                                        Size (bytes):241
                                                        Entropy (8bit):4.854832561022393
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:33A3321FB7FCC4B225C3FE18EB6F259C
                                                        SHA1:E537441F6321D6005E0914E74308008C47299078
                                                        SHA-256:E173AA6CF864F93BB22DEF2FE9020AD91B7717FB929E9AB1FCAA2C3AFA951E51
                                                        SHA-512:976A2E091BC0D7271E2C9518E5DA319635D6ABF39711088FFEF3688AC78885BF4508577CC742634CDB98ABFA7454BDB692CC4058A2F5BDBF9908A3EF4EEEC9AD
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" id="flag-icons-pl" viewBox="0 0 640 480" width="24">. <g fill-rule="evenodd">. <path fill="#fff" d="M640 480H0V0h640z"/>. <path fill="#dc143c" d="M640 480H0V240h640z"/>. </g>.</svg>

                                                        Chrome Cache Entry: 295

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (29689)
                                                        Category:downloaded
                                                        Size (bytes):34805
                                                        Entropy (8bit):5.331795438914605
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:4043F0931BC921CD3FD837417ECFB05D
                                                        SHA1:8B904272436903B8E3FC4313A43C645D712E1B63
                                                        SHA-256:ECEB7FBEB0536FF25F5DCE33B331A6C600DAF84A4E41D7F1DF253EF539D39415
                                                        SHA-512:3E757480804772C6FF8C7B8068B7EB1778A2FD665F7F6C877616A7D548321D7615F057262B26FE61E839BCDEBBB2D8DA0895B87281A2299825D3754056F7191A
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.fr.html
                                                        Preview:<!DOCTYPE html>.<html data-scribe="page:button">.<head>. <meta charset="utf-8">. <link rel="dns-prefetch" href="//twitter.com">. <title>Twitter Tweet Button</title>. <base target="_blank">. <style type="text/css">html{margin:0;padding:0;font:normal normal normal 12px/18px 'Helvetica Neue',Arial,sans-serif;color:#333;-webkit-user-select:none;-ms-user-select:none;-moz-user-select:none;user-select:none}body{margin:0;padding:0;background:0 0}a{outline:0;text-decoration:none}body.rtl{direction:rtl}#widget{display:inline-block;white-space:nowrap;overflow:hidden;text-align:left}#count,.btn,.btn .label,.btn-o,.count-o{display:inline-block;vertical-align:top;zoom:1}.btn-o{max-width:100%}.btn{position:relative;height:20px;box-sizing:border-box;padding:1px 12px 1px 12px;background-color:#000;color:#fff;border-radius:9999px;font-weight:500;cursor:pointer}.rtl .btn{padding:1px 12px 1px 12px}.btn:active,.btn:focus,.btn:hover{background-color:#333}.btn:active{box-shadow:inset 0 3px 5px rgba(0,0,

                                                        Chrome Cache Entry: 297

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:downloaded
                                                        Size (bytes):16
                                                        Entropy (8bit):3.875
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:AF91277A8263E7B2E3E8753DB2814BF5
                                                        SHA1:2398C04946DE732AC6B3674DC8301D52F67A6970
                                                        SHA-256:5A48E426BA20F4848D4B92367A45BAAB63DF650355455F2309F16795554E4114
                                                        SHA-512:9EA32ACDFF6835498BB2180407350D07BBF3B0DB63F11EC703B4107995787237A7DC5E0365DE3FE03856480EC9F21270C1FE47FF892E74378A982D8ADCA9FC84
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAmRSmFpfhgzRhIFDWl5tVo=?alt=proto
                                                        Preview:CgkKBw1pebVaGgA=

                                                        Chrome Cache Entry: 298

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 460x215, Suserng: [none]x[none], YUV color, decoders should clamp
                                                        Category:downloaded
                                                        Size (bytes):44104
                                                        Entropy (8bit):7.995470718545488
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:10BA9C7D84E0A14382445EB0EA8DD476
                                                        SHA1:927090102F9A22FA4E8EAEB5138B337282AAF780
                                                        SHA-256:B096ECA7FD58058FE8254FD7BF4CCAABF645BAE13B4BD7FD8F1E28F861234E58
                                                        SHA-512:816653EB41ED3DD1E4160E46A3D29F677C3C86FF654B374A85106C5972780589476151895035EF2967E8FB1839D2C2F0ABC155050E586BBA4F8B91F0B6F72DE6
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://api-cdn.wemod.com/title_thumbnails/14/9672/460/1/thumbnail.webp
                                                        Preview:RIFF@...WEBPVP8 4....W...*....>-..B....S...bY...F ...'.......w_.....g...~..o*............_...].#.c............._......U.....W.....}...~.{............>............../.w..i.........~.|.~................oP.[xE.......7.......9...'..?...8....s...I.{.......................-.3.......................j.....k............I............?......w....._....i.7..............W.W.O..?..............O....&}../......`?........c.........?....s.........|e.+.............s...O..._.............Or....}..\?..~....$.Q.!ze..LZljD..>n.e...!....:f.j.&3<...*#...]8..?\..k.B:V.......=..rTt/l....xt/...;}5m...'...zHp...1eN....hF0......B.|..Z...).kk....(..2..x,...vR..c...0.C..R/......8.. 1..xr.F.."..ho.9..4R...\.!..O..*.....'.6..@e......kV~....".>;.4...j e............b>..2.i.w.3.TEnAL.>.M..!l!.|\v.z3.X..x;.,........~..o/).L.G.9..w..W.I..h...'.....r.l..4.}..z3.g.IH...Ne.].....o..^w....j..Q..V.@...!..}p.W...\...&:h..\6h*...Q...p.=.k..x!.]M3..}..|'RH.qad7.Yg...]........EkO-\.:p....>.o.g.P

                                                        Chrome Cache Entry: 300

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:dropped
                                                        Size (bytes):1147
                                                        Entropy (8bit):4.834803638679282
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:8E2A8138F819175227F31FDD343D6138
                                                        SHA1:7C10D33C9B02960EE8F037C8A8F4170887E10A6C
                                                        SHA-256:AF747023E02EA3D7F8156A5BDB4B04BFC4E52FE457C393A5E37D73427C443B1B
                                                        SHA-512:03C3AAFD5BE231D8CBEB52AF6E96F8B5C5E475B6ADCA7752C1045B4A8D307D0EF8B342D56036070A521D21CD13BE4D2187A6CB608B9990B2F9D6D0AB70C2BE93
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" id="flag-icons-kr" viewBox="0 0 640 480" width="24">. <defs>. <clipPath id="a">. <path fill-opacity=".7" d="M-95.8-.4h682.7v512H-95.8z"/>. </clipPath>. </defs>. <g fill-rule="evenodd" clip-path="url(#a)" transform="translate(89.8 .4) scale(.9375)">. <path fill="#fff" d="M-95.8-.4H587v512H-95.8Z"/>. <g transform="rotate(-56.3 361.6 -101.3) scale(10.66667)">. <g id="c">. <path id="b" d="M-6-26H6v2H-6Zm0 3H6v2H-6Zm0 3H6v2H-6Z"/>. <use xlink:href="#b" width="100%" height="100%" y="44"/>. </g>. <path stroke="#fff" d="M0 17v10"/>. <path fill="#cd2e3a" d="M0-12a12 12 0 0 1 0 24Z"/>. <path fill="#0047a0" d="M0-12a12 12 0 0 0 0 24A6 6 0 0 0 0 0Z"/>. <circle cy="-6" r="6" fill="#cd2e3a"/>. </g>. <g transform="rotate(-123.7 191.2 62.2) scale(10.66667)">.

                                                        Chrome Cache Entry: 303

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (5140)
                                                        Category:downloaded
                                                        Size (bytes):57572
                                                        Entropy (8bit):5.324732946619778
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:A7F3A9FE84090AC4D124435F2595A6C0
                                                        SHA1:B8EDB136F7AE5642BD00DBEAE0B0DDCF2A1B8AD5
                                                        SHA-256:9B3F60D09D05BA29B7A426F3086AA23A23686786A8809B3BF772969064EDEE66
                                                        SHA-512:9F7A19DCB2BCE85D23DD624BA3DAC97F325D58FDCA61776D8B5099EA846FD2004BEE82114EB857441D2B669382F294BA2C72AAA5F0A2D7F90509400821B65912
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://connect.facebook.net/signals/config/147177192577662?v=2.9.154&r=stable&domain=www.wemod.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
                                                        Preview:/**.* Copyright (c) 2017-present, Facebook, Inc. All rights reserved..*.* You are hereby granted a non-exclusive, worldwide, royalty-free license to use,.* copy, modify, and distribute this software in source code or binary form for use.* in connection with the web services and APIs provided by Facebook..*.* As with any software that integrates with the Facebook platform, your use of.* this software is subject to the Facebook Platform Policy.* [http://developers.facebook.com/policy/]. This copyright notice shall be.* included in all copies or substantial portions of the software..*.* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.* CONNECTION WI

                                                        Chrome Cache Entry: 304

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image
                                                        Category:dropped
                                                        Size (bytes):3154
                                                        Entropy (8bit):7.9187552013910905
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:40777EAE112E634071FA0242E1D9AFF0
                                                        SHA1:42D16D30FF47256FC44A3D33A23B00BC7278FE95
                                                        SHA-256:6DF25EDEC1F5260919BACB15D25B32864C5E681A679610D7C828989B45E13490
                                                        SHA-512:B58169FF0A0494E10D7C7FA23BA64F30A2A275308496964A2A23CFD6CB01C2991A9C50DCD2D312C73FAA8D2F478DF641265CCADF7BFDE78BF3FB4B8187959A14
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:RIFFJ...WEBPVP8X........q..E..ALPHh.........8^.g$k.q3..,K.....;......0...2.|L...B5...0}......."b....vxR)vd.0.=+..-..}~...6V$.k..f........E.]L.%/.?....0.FQ..&Q...1s.D=.`....po..]$*./f....U.YC...u\..-3d.;....3..^.r..&.9.....<.F.............heI..[..HUX'..-.O...L...[I`$...&.....X.R....={./t....w.\.N..M.y.%kC5.y&..'(..;..q..&..u....Ye+.j.......'a..!6.;.,y'..*..V..O%|..........E.;`.SQ.s.......,..3M..}....../.JC..../k...y.@.O.#j&.{....X.....u`...B..f.mR.dY..@'G..w...H>a.G.X.U..Y.........,y..i.>..g.;..e.Y.....v...X.A....V5.2.f...K..1.E.....C.6.......A=`.j.3.h....L6....~.X.[....X..K.k#4.5.A:..j...4.,=..'..D9h.f ..5.....N..U..S.6.E.;.A..k...(\t..z.@....C.0.b.;-6.%zfE..L....@.Cy.......U.W........d.....\$.C..!T.<^..p^.............oPT..k...>D5^$....%..'..Z.......i.jN...Ay.z.*..F..L.kB+.....0...jW.ha......PI...[k.=}.....]M"...zzd8.i..............O.Y.....j.Z*d\..VP8 .....(...*r.F....%..T...........~....@..D.m...k....I.......}..{.?E...;...............

                                                        Chrome Cache Entry: 307

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:downloaded
                                                        Size (bytes):92233
                                                        Entropy (8bit):3.984325473991811
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:B1D8541EA2F20717786FFD32EA62EA74
                                                        SHA1:C017B3DFE8F62CEF25C2568F096FCAB035AAE928
                                                        SHA-256:6262E89FCE93292EBCD02CCDFC9881392B13DA3706880F28B05B40ACC5268DA8
                                                        SHA-512:206856AAB7075DC946D20115C6B9D0C8D8FC6BF31352EA2FB616D68057DFAF4B66537802E86C90B2EFA3856CF6F317C4C472CC7B07D30E97FDDB621B94E663EE
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/views/features/overlay-fr-b1d8541ea2.svg
                                                        Preview:<svg width="197" height="282" viewBox="0 0 197 282" fill="none" xmlns="http://www.w3.org/2000/svg">.<g clip-path="url(#clip0_2933_67929)" filter="url(#filter0_b_2933_67929)">.<rect width="197" height="282" fill="black" fill-opacity="0.75"/>.<path d="M35.75 31.9598H37.2677L38.8706 35.8704H38.9388L40.5417 31.9598H42.0593V37.7803H40.8657V33.9919H40.8173L39.3111 37.7519H38.4983L36.992 33.9777H36.9437V37.7803H35.75V31.9598ZM45.0228 37.8655C44.5814 37.8655 44.1996 37.7717 43.8775 37.5842C43.5573 37.3947 43.31 37.1313 43.1357 36.7941C42.9614 36.4549 42.8743 36.0618 42.8743 35.6147C42.8743 35.1637 42.9614 34.7696 43.1357 34.4324C43.31 34.0932 43.5573 33.8299 43.8775 33.6423C44.1996 33.4528 44.5814 33.3581 45.0228 33.3581C45.4643 33.3581 45.8451 33.4528 46.1653 33.6423C46.4874 33.8299 46.7356 34.0932 46.9099 34.4324C47.0842 34.7696 47.1714 35.1637 47.1714 35.6147C47.1714 36.0618 47.0842 36.4549 46.9099 36.7941C46.7356 37.1313 46.4874 37.3947 46.1653 37.5842C45.8451 37.7717 45.4643 37.8655 45.02

                                                        Chrome Cache Entry: 312

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:downloaded
                                                        Size (bytes):618554
                                                        Entropy (8bit):7.978971160294134
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:2358080E7CD5C47575B0456584D354AD
                                                        SHA1:1CC9018D4143DE8BCC127DD946EAD28E9D706543
                                                        SHA-256:EB608DBE39C6A65BDBC4D354F3B2A849E505901F0DFC5B327ABBDAD284AE5123
                                                        SHA-512:91860C1E69E017C6202B3569D40B93E64467621D834F57C887ECCDACAE3B6DEBB43220BB49298749577106EFD4C460D736B9A33496395C7905713B6119490998
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/views/homepage/background-all-29a095a620.mp4:2f759729ce1067:3
                                                        Preview:?.;.........>h.......+.W.^f .7.U.i.2.X....n[..q.Dn..`C#......*....u.....\.K..|z..c$}........S.rHB;./.L.......jW.}...q..D"=%.Q.j.....j[.;b_BS..:.ja.u..'...c..6...8.xzKuf.kr`.E.{.^Y...b.K..J..o8.?B.Ne.(z8.0...".e.v..30T.K6q..A.-@.^p..L/....@....8...",I.d{.vi.'o..,|4..*.......d....a.#.+ST....3....d....xn...,.n.*.M^.N]9;U.o&....7U.s.l.:.O.*.3<...&.....Xjy..-..t..M%eNI5..6......Q5Z."i.qMm.........g.....~.e..%........-Z.b.~.?7Q.9..OE..\x."._......Eb!...5....Q...Z4.:@.E.\.......X.Y.......T..E^....;.<..:. p...p...F`..M..~.7...JR.N.^.V|..8...Sf...E.z.}..2W..A~..HY...0.....u....(..|..Am...b......H...S.eG...E........Z............S...9zl.....Her..3.?../h....rQ.....m=.M..p3...U..ah..b...]...3.&..G./?.*s<s|....-...I.]h.n...1..D.d..)wA.5....w2.^...#.....4..S...g............2.5W{..;...@........|..Y...e...d.7J.<...D..b:P.~G...tS.v..g......J.V.*:.~.../t.J,..s..5,.(....b1b.-.\#J@.....G.H.GsG..4.g%...."\...M....S...nf...... ,{!....)..~=."..R..$...#E

                                                        Chrome Cache Entry: 313

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:downloaded
                                                        Size (bytes):224
                                                        Entropy (8bit):4.894466551909278
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:DFC7BDF141BE1F87217BE3F4A7B08E87
                                                        SHA1:77B4647E4B7B4D20870CB87A3085AAC0B5189631
                                                        SHA-256:D01FC7298B1E1BE1A8997A8399204532E62178649B3537E44DBD12167E9A474C
                                                        SHA-512:CDDDFCBA636539F76F07035D6D74725F1DCF1A78C083B83788DF30F90519D40EAD5FF02363FC334AE0C5E0EDBD2951DB2479D1BC99EA59CA25AF59F3A338C655
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/flags/de-dfc7bdf141.svg
                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" id="flag-icon-css-de" viewBox="0 0 640 480" width="24">. <path fill="#ffce00" d="M0 320h640v160H0z"/>. <path d="M0 0h640v160H0z"/>. <path fill="#d00" d="M0 160h640v160H0z"/>.</svg>.

                                                        Chrome Cache Entry: 314

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 460x215, Suserng: [none]x[none], YUV color, decoders should clamp
                                                        Category:dropped
                                                        Size (bytes):35958
                                                        Entropy (8bit):7.994315061626114
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:5367131575A02FF4829BB436EEDE03C1
                                                        SHA1:AEDB57432C7CE8A67CBA72A9477303A82C84C2BC
                                                        SHA-256:08626CA343B5C45542B8731BFFDEAC9C4C3B2FBDAD2D4C0A49529337BC72ADBE
                                                        SHA-512:14FE43E70AE482B728935D9551FCED945A412D84C3FFBB4AD0BC1FEB4E196E9EF174DF47B8B73B3C6AB9BC316A443DB3296D76CD59717FC29ACFA61007C66059
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:RIFFn...WEBPVP8 b...Pg...*....>1..B.!..f....[./U.........m.\zk._......M..[yh....._..4..~..........W.....^..........#.E.7.......'.O......@..............O................o.........?"_._.?s..?..\.....?..n~......~y.../.........x......C.O....?........#...>&...../.#......~......_..O|.O.3./........K...O._.O......?...}....,.....7............O.......{..H...?.o......................}'.w..............9........{.........l.......W..:..f....?..!..g....d.....Q.......;8/HE..1.;.aK.6.i......1......g.A4&(...N..2Y.I.........IO..}}..1......a..WY...k.VV.!....E..T........m].M...k..dF.`...1Yb..X.U......SO.)..Y..*.......F.!.y...0..(#........gr.M...e.M.:D..)..Q.ON.C.(3...R(1.=?...P..}.?.:..}U|..........1.qvf}"..o...#....~^....6W.[.7.1..0.[.;...A.Z..(9u...Z{.R.6.VE..dy].,.b=....'...........J+....>.=C.......b.k..gF.jP....S....I5..{..+.<....j..O..%9.eV..\..#.k.........$...X..`.....|..]i.+8..*....h.$.c.........!|.p.....uk[....B.L..O.p... [....KO.;.&`...d.3..!.....?$;.hy......

                                                        Chrome Cache Entry: 315

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:dropped
                                                        Size (bytes):153759
                                                        Entropy (8bit):3.8760054746990034
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:D11465572591B9945082BD8C4F4538AD
                                                        SHA1:A9664E2D2F416685401DE8CA4BA5D4F4A835B246
                                                        SHA-256:B4A622FF8A187DFECFA0C64F16FACC8E39844D0A2C7465CB22F6B12E3CD3FD5A
                                                        SHA-512:552294CEF2E4433BD5CD72D14C06E8EEB2060F20F365235B09B822291CC074389044CDFAD0664AD221081CFF61F4DF916801045E5CD70A57EC978D9770DD439D
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:<svg width="468" height="292" viewBox="0 0 468 292" fill="none" xmlns="http://www.w3.org/2000/svg">.<path d="M0.821733 18V8.54545H2.82067V12.4464H6.87855V8.54545H8.87287V18H6.87855V14.0945H2.82067V18H0.821733ZM12.506 18.1339C12.0536 18.1339 11.6504 18.0554 11.2965 17.8984C10.9426 17.7384 10.6625 17.503 10.4563 17.1921C10.2532 16.8782 10.1516 16.4873 10.1516 16.0195C10.1516 15.6256 10.224 15.2947 10.3686 15.027C10.5133 14.7592 10.7102 14.5438 10.9595 14.3807C11.2088 14.2176 11.492 14.0945 11.8089 14.0114C12.129 13.9283 12.4645 13.8698 12.8153 13.8359C13.2277 13.7929 13.5601 13.7528 13.8125 13.7159C14.0649 13.6759 14.248 13.6174 14.3619 13.5405C14.4757 13.4635 14.5327 13.3497 14.5327 13.1989V13.1712C14.5327 12.8788 14.4403 12.6526 14.2557 12.4925C14.0741 12.3325 13.8156 12.2525 13.4801 12.2525C13.1262 12.2525 12.8446 12.331 12.6353 12.4879C12.426 12.6418 12.2875 12.8357 12.2198 13.0696L10.4009 12.9219C10.4933 12.491 10.6748 12.1186 10.9457 11.8047C11.2165 11.4877 11.5658 11.2446 11.9936

                                                        Chrome Cache Entry: 316

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:downloaded
                                                        Size (bytes):580
                                                        Entropy (8bit):4.812201267100154
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:DF45C7B97F777182CA3E6A1C3F5556DE
                                                        SHA1:1D12F09388AD79D72DB4243BE8B4DB271A1A1888
                                                        SHA-256:BFB2DC9DF2C2F8CF4EF32E6B2DC2B364C9631773246A49B8C24B3356D59E412F
                                                        SHA-512:9D1E9738B42247C3F8CFF8E700FBF9978DC3B396E1747D44E8EE8690B34F1EA2203700AC7B981839AF7C4D2D20955B34925E337D709055C1DD8DA75A8FC3F532
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/flags/tr-df45c7b97f.svg
                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" id="flag-icons-tr" viewBox="0 0 640 480" width="24">. <g fill-rule="evenodd">. <path fill="#e30a17" d="M0 0h640v480H0z"/>. <path fill="#fff" d="M407 247.5c0 66.2-54.6 119.9-122 119.9s-122-53.7-122-120 54.6-119.8 122-119.8 122 53.7 122 119.9z"/>. <path fill="#e30a17" d="M413 247.5c0 53-43.6 95.9-97.5 95.9s-97.6-43-97.6-96 43.7-95.8 97.6-95.8 97.6 42.9 97.6 95.9z"/>. <path fill="#fff" d="m430.7 191.5-1 44.3-41.3 11.2 40.8 14.5-1 40.7 26.5-31.8 40.2 14-23.2-34.1 28.3-33.9-43.5 12-25.8-37z"/>. </g>.</svg>

                                                        Chrome Cache Entry: 317

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (18641)
                                                        Category:downloaded
                                                        Size (bytes):311748
                                                        Entropy (8bit):5.500449393319633
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:EA71A876EB93D2667E05C5066A459989
                                                        SHA1:18E243203EE1257664866A16C6FC5007CF531F10
                                                        SHA-256:CD51C3E661BE6A4D85F07486659346988C1F361E0D7C79FE206923E318118D35
                                                        SHA-512:6A99BE8560CE5360527EDE723BD99D3E290620F77DE0C1454374E9854AD3D90832CAAB5DE0001B34BA863544D5973E04D183E82E3AA64B35F6B2BEB01680D6A0
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://connect.facebook.net/en_US/sdk.js?hash=642c435b9969a9365c67a252fa3ee342
                                                        Preview:/*1714138826,,JIT Construction: v1013077871,en_US*/../**. * Copyright (c) 2017-present, Facebook, Inc. All rights reserved.. *. * You are hereby granted a non-exclusive, worldwide, royalty-free license to use,. * copy, modify, and distribute this software in source code or binary form for use. * in connection with the web services and APIs provided by Facebook.. *. * As with any software that integrates with the Facebook platform, your use of. * this software is subject to the Facebook Platform Policy. * [http://developers.facebook.com/policy/]. This copyright notice shall be. * included in all copies or substantial portions of the software.. *. * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR. * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS. * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR. * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER. * IN AN ACTION OF CO

                                                        Chrome Cache Entry: 318

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 460x215, Suserng: [none]x[none], YUV color, decoders should clamp
                                                        Category:downloaded
                                                        Size (bytes):20030
                                                        Entropy (8bit):7.988412769580632
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:8B7FAB2509B32042C477A316647BDA05
                                                        SHA1:39F4C08EC853E507A90F1CEBA6D91CA70D6AD178
                                                        SHA-256:304819A71B4115B71DAB41FDF99B750CD2E8DBD55C6F05CB45E70602A77C98D0
                                                        SHA-512:D551E43B51E87A90D8F117B72C3CD2BDD799240527E346D7E365290829C41A83FA8CAEA5D441F56E06E57290463602C464FC811CDA1091E6821FFFBFDB540336
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://api-cdn.wemod.com/title_thumbnails/57522/513833/460/1/thumbnail.webp
                                                        Preview:RIFF6N..WEBPVP8 *N.......*....>1..C.!!.... .......V..2Q.._...{g.O.|..i..g.......?....Q.....l......./..O...O.....`..............|..?...?x...o}9.u?....v.......c............R......l..._....../...~..[.O......2.;...?.4..s........._..g.?..G.`..............|..N...G......_........I....._......................s........,.....Y.s.3..m8,..y43v)5....W;..M.J..{...+.E.2Z.....T...W.m&..<..7.+C0iP-.'.......P..}......-......"^[........5...;...ns..gu..4/+...t...H......C2....[yln...f......r.VXFp"..R....K...C.>>........~...P.@Jq.H44BS..f..j..h..t...s+...xP. Rm..^l..0y.[.I....'.m.HwR...h.%.#./&C..'..O....{..Gg.~...:........=.....&...hb......P.H....h`.u.,........a.k%...$.?Y...]....B .0....T.6.S..O.moG.5.v%....~.............A .=.U.2,.&....z..{....$......n....1..a.3M%}6.....Pd....z.....o..$?..-...xZ..[..}..`Q. ..!.ws...9Jx. .......?n. .er0.8..$.Q..H1.{...Pq..l...N.4.U...7..te.@.!Q-.....w.S_I..nP.t.y..........%.kq.2......v".^'8..n,J`.....&..O.....W.....o

                                                        Chrome Cache Entry: 319

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:data
                                                        Category:downloaded
                                                        Size (bytes):1048576
                                                        Entropy (8bit):7.9997362316573914
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:4566A2D79D0FFD99FC45D31CE0C6F14E
                                                        SHA1:7BAD824171684DA2649D195D5BC5B188A15D3E85
                                                        SHA-256:975E52F0677196E5E4D71A5CC4DEB087EDD981C87EB1889D8E83963A1265668E
                                                        SHA-512:678C0B19E802E117FC01D6D7513316EED3F952F431021008B191652503E1458A355645B95FD17C4345EF88DD2D002981BB9F50FE0C2003B86DD5C6F8281F9DCD
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/views/homepage/background-all-29a095a620.mp4:2f759729ce1067:1
                                                        Preview:/...<_..P..^..:.......T...8d.D.b.j....R<7y\..?g.v...V...21..`...i}...;i.H...\...H.......*e.p%r....;.K.V......VC+....%..=....Vx$V...c..ce..U..JI`8Y.j..9(...4...3 ....~...K/94U.x.q...E..r..R....-..._.......R3*.A.V...)..x.s.zu.7.Q..L...S......~\f."..g..].{7..::5.R..H.".......n.c.]-.#_Q....}._....~N6..C...'B...3...!.5AN.. UF.7.A.l/r.V`....K..q..3. \..o....r....\.-w.V..Aiat.!.jH,.Y......i.....(.o...T...$F.g-f..s.....H.].4.....X^...a:~.D..7..B`.k....e...@..[Rc.I-....ES...........~.])...G.l..{M..r......*..a.&R.wr..t.r....-...>Tbu.^.(..!..W..<.g...o..\%.s...Z..}.......3.Z..=.uft._#..@..4T./..m.|..~.&...c .|x._i...0._.Y.,i...I.{Md8..cW.qt...@......#_n.>.q..\)V#:..f.2.H]V^.......}.L......F..U.x[..T..)....D..*r......|...`.%g.k..t.I...R.I..#....'.....dv.W.K...n.K..Y....e...v.n...^.a$/..Y....4t..g..\Y.s...Dw.f39...q.l<..3]..~A.....R.EI..Q...Ons..1o...:v...zKyQ%..4+..ht}.KF~..A..w.N.a.....d......$(.c......A8....B6vw.T@.01.G.)...Bk\.'.P^..$..d.../

                                                        Chrome Cache Entry: 320

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x720, Suserng: [none]x[none], YUV color, decoders should clamp
                                                        Category:dropped
                                                        Size (bytes):13932
                                                        Entropy (8bit):7.98793651618967
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:2D0D258A9CDDB0C9BEE139C0433AD963
                                                        SHA1:A98688DBF55E74AE79C6AA8B04CF0A61894F20D2
                                                        SHA-256:58D5064E50B7F90627E1DFD12B9191E195D036FF056060EB9F95A43FA1FAD5FD
                                                        SHA-512:AB6A19A2860F3399B5599357AC700ACFBE3D397A7B789161E4D5045C381E71C2E74B1A71D66FABC89BCC6FE7AE793D22AC1BDEE5682BF402BBD1C88E99B92C66
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:RIFFd6..WEBPVP8 X6..0<...*....>m6.I$&/*..IQ...in......;...;.(<h._.?...r'.x.z......y.~..?..tv...Z`?.......N..'...o....?..+).R.3...JP"7........,2MuRIU...I.H!F.Y.....c.....h..,+.n..{"....%B.v.n.B....;......#.......1O.9...s?.v..."`.&i.E....1.J5KR.Nd9........#7'.)......a.f..y50.."s...C].2x.M;.......qF.a.j.ynk..5=..ZL.Z...b...Y.IX....e&.A......w......$..L5K.].*.%..P_..r..V..K..H..&....*..K:na4..i......^b[......[.[E.>....|Q.&.....Is."w...........Ej..@%$..-..~......h .\..j.....j-.....E.r...:K.....Qc...."..I!..a....L7Y.&./.....4..8.......v.F..[.?l...pW...C........^..9n.pY.K..A..d....?OP.i6>....r.....*..g.....w..|qO../"c...ax.X%....o..a./.}<`<..xx..XPk2......l|....e..N..!+.c.\..u...F.*.../Q`E...x.:......OyL.\.F..._ ..gw..N.,R[".~...:.zu..W.z.Y....r.:M)B....R......o..(I..n..j.C.5M.pp/.......+...G...)..BF......B..|.uV....!.$..........."......R..z.,K.%.e:....MS/a...HV..h...{(.{8?....q:2*..\'...n..uu.$<*,b`....z....2.......o.....6.5...9p.5&."F..

                                                        Chrome Cache Entry: 322

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ASCII text, with very long lines (7711)
                                                        Category:downloaded
                                                        Size (bytes):305407
                                                        Entropy (8bit):5.608278375594231
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:7DD254FFE4D299FBA93322EE1829D4F4
                                                        SHA1:2A7BAAB5E6A5A88E9EB2129B5CCEF37210102DE4
                                                        SHA-256:E26E9F742C955EF60BC5F034F5603637043A6B7DA0F59CBBABC9E3D5E7C0D7D5
                                                        SHA-512:6E353EF328CDC1916F367E0E68CE7859A4282BBCF158AF7867DECF54EBAEF6D904E2A5B060B1BE7267EE174785797D4352FC9E67BB4A3F9EA6728DD21B91AABF
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.googletagmanager.com/gtag/js?id=G-K7ZLZSR0WX
                                                        Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_cross_domain","priority":28,"tag_id":14},{"function":"__ogt_1p_data_v2","priority":18,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneE

                                                        Chrome Cache Entry: 323

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:HTML document, ASCII text, with very long lines (1011), with no line terminators
                                                        Category:downloaded
                                                        Size (bytes):1011
                                                        Entropy (8bit):5.791285819392302
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:D3CA2977F11CFBCDB9BC4EE283E83EE0
                                                        SHA1:22FDFF428F4678648497C97E7C3B93988B5B9FDE
                                                        SHA-256:D52E9750FC62D9DAB8A1D8A6A26AEBFAA3AE3235403F3136806F108E08FFD484
                                                        SHA-512:7AC8E4D3693465577E4DE7B58F84390BB6C2DEEAF5E8DAEDB0F3AD3DA84A624A3095B8D520981653A53E267CACC90EBFC5CB45C5F71ACBEB57DFA276226E29A8
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://td.doubleclick.net/td/rul/946705537?random=1714142406106&cv=11&fst=1714142406106&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be44o0v9168888440za200&gcd=13l3l3l3l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.wemod.com%2Ffr%2Fdownload%3Ftitle_id%3D16170&hn=www.googleadservices.com&frm=0&tiba=Merci%20pour%20le%20t%C3%A9l%C3%A9chargement!%20%7C%20WeMod&ga_uid=G-K7ZLZSR0WX.85a87e78-cc50-40fb-adbb-4d28b806910f&npa=0&pscdl=noapi&auid=1483828468.1714142406&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=event%3Dgtag.config
                                                        Preview:<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhwaXJ5IjoxNjk1MTY3OTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="></head><body><script>var ig_list={"interestGroups":[{"action":0,"expirationTimeInSeconds":2592000,"interestGroupAttributes":{"owner":"https://td.doubleclick.net","name":"1j740911628!5b1","additionalBidKey":"MPV/Q5ys4NRl7XXTEwBqJQUAS645hnB3RdaPQHwrfls="}}]};</script><script>for(let i of ig_list.interestGroups){try{if(i.action==0){navigator.joinAdInterestGroup(i.interestGroupAttributes,i.expirationTimeInSeconds);}else if(i.action==1){navigator.leaveAdInterestGroup(i.interestGroupAttributes);}}catch(e){navigator.sendBeacon(`https://pagead2.googlesyndication.com/pagead/gen_204/?id=turtlex_join_ig&tx_jig=${encodeURIComponent(JSON.stringify(i))}&tx_jem=${e.message}&tx_jen=${e.name}`);}}</script></b

                                                        Chrome Cache Entry: 324

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 460x215, Suserng: [none]x[none], YUV color, decoders should clamp
                                                        Category:dropped
                                                        Size (bytes):31666
                                                        Entropy (8bit):7.9928656259063136
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:26AF04CA4FB4AB03EF3ADB4707801389
                                                        SHA1:C9AF56C7566AD70EBB66B9227E86F9D188507C19
                                                        SHA-256:002DA5525AA0DBFBCAFB740A262F92CDAFF02C4D625FF39A46419170C23D0BE3
                                                        SHA-512:FA838A0DFAA1F353B2A6F090301C5E8D5791BF04FBD6A19D3FF92514D74CE40EC27121201CFB22E7B0A81F753A0F1CC6BC680C4CC3984BFE086BEC38CE92DA4A
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:RIFF.{..WEBPVP8 .{..pO...*....>1..C"!!..m. ....H.....o......^........=.vu.^`}......g.......U.......}...............O.?w...............W........t...t..{............}......g.....^...}@?.z.y..7.:..Q.........O...>....?._........O.C.....|c...O.._._.?..m.........w...........?......+.....zk......_....~....#...?*?............w.O.?.?N?....G..................g.O.......?.............u.._.?..*./.....S..G.$.yu`.U0.HM.V.L..S.....}P..@.~=R..9.q.y..M......K............$5}....C8...a.=a..=.D~..[@O.Se\.+..;_..MW3.).`y.p..k.:.i....q.a...+.Z..&p...^.>........6....<.e.......X2dO.8.....uYe[!]..W....T5...V...R....g.....X9.R....Wm~d......]....E..]A_L9.w5..nd..>.].q..Y.||].?k.)..>..l..g.D_S.....1.......'...,..E.}....A@..1+...T..G..S.M.o.+.+..14..b..x@.t...A..S.19.J.4..9.8>....qSZtF....!...aQAf.M!....FE..v....._n..$j..O.................E.?.P.......M.......`..G..<g.a..j..:J_............/J..c.$..gMG..Y..Z..t..v.6j..'.I....H..L-#.+}%z........*.:..............<.q{>....

                                                        Chrome Cache Entry: 326

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 460x215, Suserng: [none]x[none], YUV color, decoders should clamp
                                                        Category:dropped
                                                        Size (bytes):36970
                                                        Entropy (8bit):7.994235428410627
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:0FD6896AB0C75EFCAB1A8CEB7B5459F6
                                                        SHA1:901644B28A488AD856FD6B65B0505447EFDA0722
                                                        SHA-256:98B8425B419B3B12235BB4C576FF1577250DF83097889E82DC118BA3062C555E
                                                        SHA-512:CFF7903609AD320395D09A2CB5B4CBB280236C1D793B69166F3BF9848236AEB44168801AF141CDA00CB6C394DBA210654EFB815E63715AB186813EE3A21FC5CE
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:RIFFb...WEBPVP8 V........*....>1..B.!.......P./..e|...&.2...O.......=.v7.O.?.....K.....Y..?......W.....W./.....Q...~.{......K.........>@?.........#...?..._._.....~.|!.q...{.../.............{..O.o...<....?..l.)...../..\.Z...+.G....G....a?............~.|..G.o........!...?./..?q....}S.WiF......_..m.y.....O.>......w._....|..8.....O.....................a.{......?0..}E.../............S.../....~..................a.........|.S.F........v.F.VB...@.....}...E.....H.y..i...[.}.S.U....nS...zU.5..F.S.......I.UL..^......9-?i_..8...M.K>...DW...b...I1Uj..........y.*H...C...w.........8nm...k.w.J..-...|N..wt.q|m5.0.e.1[..iL.N]..B...O..|..J>B7.!)A6f... .o[.j.......sO?.K...........#I........k5.JS..07.7... .?..`..+_....[...|.=J.....V.x.".S.. .;....o.u.~}..&......C..?0.V...C.Y.xA.]P..Z.Zvk..m..J.w..Z.......=h....qZ....OrR..3.KQ..Vmf.s=.9.O.,w..&.......ZQ....?...[......@..WjW..+x_..{$.)...T..+._...d.....Z5."o...]...L.5. .x....xnC....|.Z....,6>G....`.B.D.....M.K1Z._..

                                                        Chrome Cache Entry: 327

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:Web Open Font Format (Version 2), TrueType, length 224744, version 1.0
                                                        Category:downloaded
                                                        Size (bytes):224744
                                                        Entropy (8bit):7.998817924977747
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:57FA490CECD74C7C8CAB3D5E4B895E64
                                                        SHA1:B6DB24116BED3D9D7949D4B216DDBD8BDB978155
                                                        SHA-256:ED38B29CFA2FC0D12D0ED4ED265228DE9BD4C733D1CE007B54B4655928697420
                                                        SHA-512:43E379F9E81E21759667631DCA9E2E17F6CE502ADEF1914E73EDF49743A86DB5B6B188485F0B9C039896C84D3E1EC4E410480D27C79385124561E9E0AA75899B
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/fonts/inter/Inter-roman-57fa490cec.var.woff2
                                                        Preview:wOF2......m........l..mq..........................#.......L?HVAR.b?MVARP.`?STAT.....</l.........T.0..n.6.$..N. ....../[pz.....v....1......Y....?.:..?.E..S.y...T@..E.F..c.......H.q.9G.......O.Pk....................n.g....;.....Xh.h,...b4j6.h.q.i...?D.g.aD=.#aRR.....g...Jr......Bs....%..+.j.v ]!...j....|e...si...FF7.H...X....}........y.<o..R.C.....>.U. ..cl.6..o`?..F.y.O....1l.....vT|.L...i...I..h./.V.Qm....fj.s'...C.Dd....:d..3rA..}9g....0C)..eF....t..9.X.#&..}........d(..5..G..#.$^..U..d.K..6.Vb..=.9.X../R.Kh......R.a.f..4..:z.b......H.Mq0 ..PQ....@.W....eF..R.t...;.*T...."....-.9..Ld..n.s/d.{F.,sB.C...o.&.%...^.(>.?9....&Kb.....>VG.......bZ6LRsG.7.[....3H.......4NL.....^._....<._...K.*.*..U!..z.6Z.....65P,c|..>.."...i..#;..<]..o......N.?s.D.*3........MH...+........-.28L.........."..=.......1...2.:7..v..t~.DM.....z..R....-.E..L......n..p..0vsvn.9.,..Y(aO..'...!..z..#E.J7....%.......N. .5.....b=.I1|.....b.|..z.....I....Y)...Q.L..@.F..7G..`..+.

                                                        Chrome Cache Entry: 328

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:SVG Scalable Vector Graphics image
                                                        Category:downloaded
                                                        Size (bytes):801
                                                        Entropy (8bit):5.173028635083033
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:8D9C7D4E8DE5FCDB58A366567C89B634
                                                        SHA1:CDFF97CC555F99D32B97EFBD1B4652F5AF2F8FFF
                                                        SHA-256:EBCE43C0B7CC7AB7FF80B920305C3017E9A4E3060CCA330E313F2641A9FCE712
                                                        SHA-512:F99B965460E660F255A7364878B68504A43E90278879C61BAFD3DEC6CA436F5DC0D061D7E6515357E79C1FF34F99C8D851947693E5C4FC0D2416551C2ED4F0B2
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/views/homepage/scroll-down-8d9c7d4e8d.svg
                                                        Preview:<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">.<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0" y="0" width="17" height="26" viewBox="0, 0, 17, 26">. <g id="Page-1">. <path d="M8.5,5.5 L8.5,5.5 C8.776,5.5 9,5.724 9,6 L9,8 C9,8.276 8.776,8.5 8.5,8.5 L8.5,8.5 C8.224,8.5 8,8.276 8,8 L8,6 C8,5.724 8.224,5.5 8.5,5.5 z" fill="#FFFFFF" id="Rectangle-11"/>. <path d="M8.5,0 C13.194,0 17,3.806 17,8.5 L17,17.5 C17,22.194 13.194,26 8.5,26 C3.806,26 0,22.194 0,17.5 L0,8.5 C0,3.806 3.806,0 8.5,0 z M8.5,1 C4.358,1 1,4.358 1,8.5 L1,17.5 C1,21.642 4.358,25 8.5,25 C12.642,25 16,21.642 16,17.5 L16,8.5 C16,4.358 12.642,1 8.5,1 z" fill="#FFFFFF"/>. </g>.</svg>.

                                                        Chrome Cache Entry: 329

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:HTML document, ASCII text, with no line terminators
                                                        Category:downloaded
                                                        Size (bytes):13
                                                        Entropy (8bit):2.7773627950641693
                                                        Encrypted:false
                                                        SSDEEP:
                                                        MD5:C83301425B2AD1D496473A5FF3D9ECCA
                                                        SHA1:941EFB7368E46B27B937D34B07FC4D41DA01B002
                                                        SHA-256:B633A587C652D02386C4F16F8C6F6AAB7352D97F16367C3C40576214372DD628
                                                        SHA-512:83BAFE4C888008AFDD1B72C028C7F50DEE651CA9E7D8E1B332E0BF3AA1315884155A1458A304F6E5C5627E714BF5A855A8B8D7DB3F4EB2BB2789FE2F8F6A1D83
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://td.doubleclick.net/td/ga/rul?tid=G-K7ZLZSR0WX&gacid=1302397294.1714142404&gtm=45je44o0v873416052za200&dma=0&gcd=13l3l3l3l1&npa=0&pscdl=noapi&aip=1&fledge=1&z=1222630508
                                                        Preview:<html></html>

                                                        Chrome Cache Entry: 331

                                                        Download File
                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                        Category:downloaded
                                                        Size (bytes):1048576
                                                        Entropy (8bit):7.999700754998942
                                                        Encrypted:true
                                                        SSDEEP:
                                                        MD5:60BB0C5206DC3B3EAD72F679DFB2421B
                                                        SHA1:F3CE9A2E67A502D66790E07A8CE0C499F7404C4A
                                                        SHA-256:09D15B469251F77A846300A826787B0CF76C14B2DAD560E24B2E134EF4C9A64B
                                                        SHA-512:73F039B4ECCCE792B73BE303830022C4879313DE8E233737E574734ED36017C48BEE6CD998E944D05337B89997D0BD21721FB361638CEDB22D6FF9D3A603AE9B
                                                        Malicious:false
                                                        Reputation:unknown
                                                        URL:https://www.wemod.com/static/images/views/homepage/background-all-29a095a620.mp4:2f759729ce1067:0
                                                        Preview:... ftypisom....isomiso2avc1mp41....free.9@.mdat..........E...H..,. .#..x264 - core 159 r2991 1771b55 - H.264/MPEG-4 AVC codec - Copyleft 2003-2019 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=12 lookahead_threads=2 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=24 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=abr mbtree=1 bitrate=800 ratetol=1.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00....$.e...g&e3...m......iT..h14k......V.;.k.....2.9...i8yL.}..S..J_.%.}.V.........qU.e.XR...l.-..M.bi.}PDi._H......./..Py.t;....,.1...T`#.B..I............._0 ..s[}..:.E........1Lf.(1I..'.t....&.[r..kH.G..1..DL..xM..+..p.#...GN.%..o.|.F..#...S6

                                                        Static File Info

                                                        No static file info