bfaa8fc5c1e0f4bd2555dd2d0686c90ef635cf3e909bac5776564474f1f459cf

Analysis

max time kernel
62s
max time network
68s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-de
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-delocale:de-deos:windows10-ltsc 2021-x64systemwindows
submitted
17/11/2024, 11:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WutheringWaves_overseas_setup_1.6.4.0.exe
Size

93.4MB
MD5

38c37084833ab6bf9ef9efee8efd56d0
SHA1

2ebc95b94a6c8186a52440dbd72a227cf183ae4e
SHA256

bfaa8fc5c1e0f4bd2555dd2d0686c90ef635cf3e909bac5776564474f1f459cf
SHA512

6a1d2feb5cb25e3a16b0235df06b10e9fb5a79375d11de7db66a7774c657a5103be94f2a1fcab9e6ebcc21213b7b3ded9391dd5323226d5e0c26f6312b512161
SSDEEP

1572864:YA2UCKzJYfDaeltyO9DJdmgxsmJ87lQ8rGwGjomUjpj5CJrWCga2/nme829YcQu:YaCCSme6ORJd6l12jomU95Cxglue8C

Score

6^/10

defense_evasion discovery

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	WutheringWaves_overseas_setup_1.6.4.0.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000\Control Panel\International\Geo\Nation	TQMCenter_64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 4 IoCs

pid	Process
3212	launcher.exe
1840	KRInstallExternal.exe
4412	TQMCenter_64.exe
3548	KRInstallExternal.exe

Loads dropped DLL 64 IoCs

pid	Process
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe

Embeds OpenSSL 1 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
behavioral1/files/0x0028000000045124-82.dat	embeds_openssl

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WutheringWaves_overseas_setup_1.6.4.0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmic.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmic.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmic.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	WutheringWaves_overseas_setup_1.6.4.0.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	WutheringWaves_overseas_setup_1.6.4.0.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\	WutheringWaves_overseas_setup_1.6.4.0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate	WutheringWaves_overseas_setup_1.6.4.0.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	launcher.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\	launcher.exe

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
3212	launcher.exe
1840	KRInstallExternal.exe
3548	KRInstallExternal.exe

Suspicious behavior: EnumeratesProcesses 48 IoCs

pid	Process
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2604	wmic.exe
2604	wmic.exe
2604	wmic.exe
2604	wmic.exe
4464	wmic.exe
4464	wmic.exe
4464	wmic.exe
4464	wmic.exe
1684	wmic.exe
1684	wmic.exe
1684	wmic.exe
1684	wmic.exe
2924	wmic.exe
2924	wmic.exe
2924	wmic.exe
2924	wmic.exe
3212	launcher.exe
3212	launcher.exe
4944	wmic.exe
4944	wmic.exe
4944	wmic.exe
4944	wmic.exe
1444	wmic.exe
1444	wmic.exe
1444	wmic.exe
1444	wmic.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
3212	launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2604	wmic.exe
Token: SeSecurityPrivilege	2604	wmic.exe
Token: SeTakeOwnershipPrivilege	2604	wmic.exe
Token: SeLoadDriverPrivilege	2604	wmic.exe
Token: SeSystemProfilePrivilege	2604	wmic.exe
Token: SeSystemtimePrivilege	2604	wmic.exe
Token: SeProfSingleProcessPrivilege	2604	wmic.exe
Token: SeIncBasePriorityPrivilege	2604	wmic.exe
Token: SeCreatePagefilePrivilege	2604	wmic.exe
Token: SeBackupPrivilege	2604	wmic.exe
Token: SeRestorePrivilege	2604	wmic.exe
Token: SeShutdownPrivilege	2604	wmic.exe
Token: SeDebugPrivilege	2604	wmic.exe
Token: SeSystemEnvironmentPrivilege	2604	wmic.exe
Token: SeRemoteShutdownPrivilege	2604	wmic.exe
Token: SeUndockPrivilege	2604	wmic.exe
Token: SeManageVolumePrivilege	2604	wmic.exe
Token: 33	2604	wmic.exe
Token: 34	2604	wmic.exe
Token: 35	2604	wmic.exe
Token: 36	2604	wmic.exe
Token: SeIncreaseQuotaPrivilege	2604	wmic.exe
Token: SeSecurityPrivilege	2604	wmic.exe
Token: SeTakeOwnershipPrivilege	2604	wmic.exe
Token: SeLoadDriverPrivilege	2604	wmic.exe
Token: SeSystemProfilePrivilege	2604	wmic.exe
Token: SeSystemtimePrivilege	2604	wmic.exe
Token: SeProfSingleProcessPrivilege	2604	wmic.exe
Token: SeIncBasePriorityPrivilege	2604	wmic.exe
Token: SeCreatePagefilePrivilege	2604	wmic.exe
Token: SeBackupPrivilege	2604	wmic.exe
Token: SeRestorePrivilege	2604	wmic.exe
Token: SeShutdownPrivilege	2604	wmic.exe
Token: SeDebugPrivilege	2604	wmic.exe
Token: SeSystemEnvironmentPrivilege	2604	wmic.exe
Token: SeRemoteShutdownPrivilege	2604	wmic.exe
Token: SeUndockPrivilege	2604	wmic.exe
Token: SeManageVolumePrivilege	2604	wmic.exe
Token: 33	2604	wmic.exe
Token: 34	2604	wmic.exe
Token: 35	2604	wmic.exe
Token: 36	2604	wmic.exe
Token: SeIncreaseQuotaPrivilege	4464	wmic.exe
Token: SeSecurityPrivilege	4464	wmic.exe
Token: SeTakeOwnershipPrivilege	4464	wmic.exe
Token: SeLoadDriverPrivilege	4464	wmic.exe
Token: SeSystemProfilePrivilege	4464	wmic.exe
Token: SeSystemtimePrivilege	4464	wmic.exe
Token: SeProfSingleProcessPrivilege	4464	wmic.exe
Token: SeIncBasePriorityPrivilege	4464	wmic.exe
Token: SeCreatePagefilePrivilege	4464	wmic.exe
Token: SeBackupPrivilege	4464	wmic.exe
Token: SeRestorePrivilege	4464	wmic.exe
Token: SeShutdownPrivilege	4464	wmic.exe
Token: SeDebugPrivilege	4464	wmic.exe
Token: SeSystemEnvironmentPrivilege	4464	wmic.exe
Token: SeRemoteShutdownPrivilege	4464	wmic.exe
Token: SeUndockPrivilege	4464	wmic.exe
Token: SeManageVolumePrivilege	4464	wmic.exe
Token: 33	4464	wmic.exe
Token: 34	4464	wmic.exe
Token: 35	4464	wmic.exe
Token: 36	4464	wmic.exe
Token: SeIncreaseQuotaPrivilege	4464	wmic.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe

Suspicious use of SetWindowsHookEx 42 IoCs

pid	Process
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
2812	WutheringWaves_overseas_setup_1.6.4.0.exe
3212	launcher.exe
3212	launcher.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
1840	KRInstallExternal.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe
3548	KRInstallExternal.exe
3548	KRInstallExternal.exe
3548	KRInstallExternal.exe
3212	launcher.exe
3212	launcher.exe
3212	launcher.exe

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2604	2812	WutheringWaves_overseas_setup_1.6.4.0.exe	89
PID 2812 wrote to memory of 2604	2812	WutheringWaves_overseas_setup_1.6.4.0.exe	89
PID 2812 wrote to memory of 2604	2812	WutheringWaves_overseas_setup_1.6.4.0.exe	89
PID 2812 wrote to memory of 4464	2812	WutheringWaves_overseas_setup_1.6.4.0.exe	91
PID 2812 wrote to memory of 4464	2812	WutheringWaves_overseas_setup_1.6.4.0.exe	91
PID 2812 wrote to memory of 4464	2812	WutheringWaves_overseas_setup_1.6.4.0.exe	91
PID 2812 wrote to memory of 1684	2812	WutheringWaves_overseas_setup_1.6.4.0.exe	93
PID 2812 wrote to memory of 1684	2812	WutheringWaves_overseas_setup_1.6.4.0.exe	93
PID 2812 wrote to memory of 1684	2812	WutheringWaves_overseas_setup_1.6.4.0.exe	93
PID 2812 wrote to memory of 3212	2812	WutheringWaves_overseas_setup_1.6.4.0.exe	97
PID 2812 wrote to memory of 3212	2812	WutheringWaves_overseas_setup_1.6.4.0.exe	97
PID 3212 wrote to memory of 2924	3212	launcher.exe	98
PID 3212 wrote to memory of 2924	3212	launcher.exe	98
PID 3212 wrote to memory of 1840	3212	launcher.exe	100
PID 3212 wrote to memory of 1840	3212	launcher.exe	100
PID 3212 wrote to memory of 4944	3212	launcher.exe	101
PID 3212 wrote to memory of 4944	3212	launcher.exe	101
PID 3212 wrote to memory of 1444	3212	launcher.exe	103
PID 3212 wrote to memory of 1444	3212	launcher.exe	103
PID 3212 wrote to memory of 4412	3212	launcher.exe	105
PID 3212 wrote to memory of 4412	3212	launcher.exe	105
PID 4412 wrote to memory of 2604	4412	TQMCenter_64.exe	106
PID 4412 wrote to memory of 2604	4412	TQMCenter_64.exe	106
PID 3212 wrote to memory of 3548	3212	launcher.exe	108
PID 3212 wrote to memory of 3548	3212	launcher.exe	108

C:\Users\Admin\AppData\Local\Temp\WutheringWaves_overseas_setup_1.6.4.0.exe
"C:\Users\Admin\AppData\Local\Temp\WutheringWaves_overseas_setup_1.6.4.0.exe"
1⤵
- Enumerates connected drives
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic diskdrive where index=0 get SerialNumber
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2604
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic cpu get Name
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4464
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic cpu get NumberOfCores
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1684
- C:\Wuthering Waves\launcher.exe
  "C:\Wuthering Waves\launcher.exe" KuroGameSTARTUP
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3212
- - C:\Windows\System32\Wbem\wmic.exe
    wmic diskdrive where index=0 get SerialNumber
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2924
- - C:\Wuthering Waves\KRInstallExternal.exe
    "C:\Wuthering Waves\KRInstallExternal.exe" ewogICAgImRiX3BhdGgiOiAiQzpcXFVzZXJzXFxBZG1pblxcQXBwRGF0YVxcUm9hbWluZ1xcS1JMYXVuY2hlclxcRzE1M1xcQzUwMDA0XFwiLAogICAgImRpZCI6ICIzZDhmNTcwNC1iZWZlLTRiNmYtYjQzMC1jMWI3NGQyZjQwMjMiLAogICAgInJlcG9ydF9pZCI6ICI1ZDQ4MTNkZTBlODk0MDJmYTI2ZWE2MmU0YjkzZDNjYSIsCiAgICAicmVwb3J0X2tleSI6ICJNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURDSy9MMStnc2YvWXFJcXNLbElLSDhLOGRmRitPSlVmdzRJdkNuNU9sbytyRUszYlowclMrMncvKzl4TS90c3d2ZDU1Y1BWVUhzWkQ3a1RzbUl2K0dnNTdKanFQZmJYMW5Ub2FXZkNHdEVuWE11TWNtU3JkblBDOUZwNGs1WXlCY2ROV3lSb2Q3bGp5M1g1TGRudkVpWEQ0Qjk4WjRpVzg1YjFVODVseURjUFFJREFRQUIiLAogICAgInJlcG9ydF91cmwiOiAiaHR0cHM6Ly9xY2xvdWQtc2ctZGF0YXJlY2VpdmVyLmt1cm9nYW1lLnh5ei8iLAogICAgInV1aWQiOiAie2UxMTIxOWQ5LTNmNjItNDY5OS05MTgzLWU3NzA5MmQ3NDExNX0iCn0K
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    PID:1840
- - C:\Windows\System32\Wbem\wmic.exe
    wmic cpu get Name
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4944
- - C:\Windows\System32\Wbem\wmic.exe
    wmic cpu get NumberOfCores
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1444
- - C:\Wuthering Waves\tqm64\TQMCenter_64.exe
    "C:\Wuthering Waves\tqm64\TQMCenter_64.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4412
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c rmdir /s /q "C:\Wuthering Waves\tqm64\stm\"
      4⤵
      PID:2604
- - C:\Wuthering Waves\KRInstallExternal.exe
    "C:\Wuthering Waves\KRInstallExternal.exe" ewogICAgImRiX3BhdGgiOiAiQzpcXFVzZXJzXFxBZG1pblxcQXBwRGF0YVxcUm9hbWluZ1xcS1JMYXVuY2hlclxcRzE1M1xcQzUwMDA0XFwiLAogICAgImRpZCI6ICIzZDhmNTcwNC1iZWZlLTRiNmYtYjQzMC1jMWI3NGQyZjQwMjMiLAogICAgInJlcG9ydF9pZCI6ICI1ZDQ4MTNkZTBlODk0MDJmYTI2ZWE2MmU0YjkzZDNjYSIsCiAgICAicmVwb3J0X2tleSI6ICJNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlRS0JnUURDSy9MMStnc2YvWXFJcXNLbElLSDhLOGRmRitPSlVmdzRJdkNuNU9sbytyRUszYlowclMrMncvKzl4TS90c3d2ZDU1Y1BWVUhzWkQ3a1RzbUl2K0dnNTdKanFQZmJYMW5Ub2FXZkNHdEVuWE11TWNtU3JkblBDOUZwNGs1WXlCY2ROV3lSb2Q3bGp5M1g1TGRudkVpWEQ0Qjk4WjRpVzg1YjFVODVseURjUFFJREFRQUIiLAogICAgInJlcG9ydF91cmwiOiAiaHR0cHM6Ly9xY2xvdWQtc2ctZGF0YXJlY2VpdmVyLmt1cm9nYW1lLnh5ei8iLAogICAgInV1aWQiOiAie2UxMTIxOWQ5LTNmNjItNDY5OS05MTgzLWU3NzA5MmQ3NDExNX0iCn0K
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\KRPlugin_aki.dll

Filesize
16.4MB

MD5
6d9b3c70056c3af44c29a2f021d093a9

SHA1
b52445c4dd67bb7cc6857be1cf1f1d5391d31dc5

SHA256
e42222fee2388cbc4814ff5b4d05e6a2f1a602a06352409a1f62cc718526bb2d

SHA512
cfaed8b105a8d2eac8bf8c99787c9cc48f9fae401530dfae266f6cb1e2660e9ffcaeaab5dec0292a0136d01c90eaaf81ffa235dbe73f931fb484e3e3fe8008cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\Qt5Core.dll

Filesize
4.9MB

MD5
1849ef00f2b0d4bb8c475df4d714b8ff

SHA1
10bd730411fe8c6c3fa75994763c542591fbdd72

SHA256
fa6c28d6fc6e319f9c6348541cf8803ee5d32e6afccb666b3c67a54c50c81ba3

SHA512
c41794646549b5d7c22ee0cbdcff78450476f965bbf6cb83d07d97a2e23c5c2085366deaad62e37e0cc3dc072ac9e15bf40b39cf20e22a0980dfcae318f35136

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\Qt5Gui.dll

Filesize
5.2MB

MD5
0906103e25f7349766fc6025c491aa5a

SHA1
350589ec1f12ba5f65afc263c10243e10a362287

SHA256
ba869785c14c4ace0924c123295a503a59cf90cc4da68e0c61c47187b3754fe6

SHA512
ab28b7c562a342c8cbc1dad5290c2c9d2e0678de871f8ae71163fdc6bd7458084481f84baeff3349f9f79c5f07fa3e20cea4553b163fcbec75709ddf599b808b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\Qt5Network.dll

Filesize
1.0MB

MD5
11c016d03aefc9e124828cb7cd775cf3

SHA1
cfdcf0bf5834e507cf87c7e283d14a7c89aa2628

SHA256
10fabe35ca0b0b9c35c2f618c801fb999bde09572a7fa10415b2b3f6b6470a7d

SHA512
87cc26fee8033ce638828fb773f62704f48a20c042faf70c9f97e9f1d76a09e6060c818ad2d4cd6cccaf4464fb23e9bcfc77d53a6f24415aa0d83455260ce36d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\Qt5Widgets.dll

Filesize
4.4MB

MD5
07b30ed72326c030aae212224034bf28

SHA1
13283d6bd5e953a298ea2dd095bedb239dcd7961

SHA256
fae1cbde9e10955e8b0ff414e64020be20bf9d1d62e7c583b4510b60f363faf0

SHA512
228bf5d5adac1e6fb8eb4cdc75d60f44d1c81c2e5f44d1f04bb3929a06fc2ebbe33bc634a90d593d5892f75121d96a680fd988cb0b462bed82db7183c936fbf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\imageformats\qgif.dll

Filesize
35KB

MD5
e070dbf1a9253bde7910e040dfd5d4bc

SHA1
43f396528d643bd2c9fd8e1b63c4151bbb23c980

SHA256
7ac66b0c813585b7cd3645ad3bcab0b225006cee9076b05a21cb6b8db176462d

SHA512
317af40137f8f1d475349a926067bfb6b776c0e26352e164d6cf1fa95293b865ca6e07cf3cb305eff122c1033cd3cd7e2931b8c0083424ebc91be111d6b89a8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\imageformats\qicns.dll

Filesize
43KB

MD5
d617d449bff841e9e56ae5d66733c1f0

SHA1
57f9104c906d88b5193475286b9a1e9d55cd3fe1

SHA256
3587d149b774835aaebf9122945d432cb97a01f923c2bdf45c8ddf7db46fde6f

SHA512
1b4f7be9b650aa5658dde24da392262055b867525f8a2e61a2656c2617651f29dc5b61dd41f57ba84be030616d2060185f4790c7dd4a29d07b1e62af16b7f565

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\imageformats\qico.dll

Filesize
35KB

MD5
77b5eee567d88078024e3b535d6196f1

SHA1
db155287e3a3fcff2d280b5a4aa555784c2bea91

SHA256
ae2d373da197c94fd6aff5b56baf3df754722926af4f71279688ce563fe6ef31

SHA512
811b1654a0b17eada09e37d4d29a3297d5aaf9f2eae1f3cf48cb6b7c5d36f28450ca80084aec94765bee0b02c03854c3e489327911de9d96f8189a6e92c6648c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\imageformats\qjpeg.dll

Filesize
383KB

MD5
1f8c4a04573e26286ee2fafdf03f8f85

SHA1
b3d3ed2615d63ea26ed035ad191164e0297f088f

SHA256
18706a0bff940116731de4a55d8312c054771271c49fe47f77e07b0d73529053

SHA512
699c66b862675ef4e519e962bc8ffb87536fe81f5870f91f4179d9dd34c222e9107f92fc3e6138a8ed005293f90fb993144f4eaf9ab1518072718b730d1dd91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\imageformats\qsvg.dll

Filesize
30KB

MD5
7ba0979da56479bd964810e8ce794e9e

SHA1
68465868b7f9e944c6d5c57e4bc1d9383e234a74

SHA256
099eef1d161e9c4bb957d73678d471cc276337233a8e715e181a352760346701

SHA512
31edacc55c659571b473ac41041bd2779fcb36576882f9250790a7a5419cd64271560f5bf9039cb49ef621e970b2db028cca653ac8e83696e5b7822f6d287400

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\libcrypto-1_1.dll

Filesize
2.4MB

MD5
e879fa16f3746a14cd46dbc514452eea

SHA1
ba9559dca54da672a81cfe711004b25259fe8cf4

SHA256
e8a549275b205df98c33d76c47d2476ea57d14ed476d759fc921357a05ab740c

SHA512
274605fc33e77d6e891f070e09a00d65bea4aebd28506d3d4b036cf4436ab29a29fce887f0091080027529f7848b84625fffeb13b7e32d3c5472995da16a6a97

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\libcrypto-3.dll

Filesize
3.5MB

MD5
3b4dce9348385fbb3dee25e3e0db7efb

SHA1
f760a89a8bbeff22d3a837ee50089a616c9e247d

SHA256
b99f87138165561775b29283879722333082c5f12f4716ee423da880aefc9fb9

SHA512
dac1a728dd9388120b05ec79bcc6005a1a50f28a4051500acca24217e9efccec8529e377537d6bc5f6cc9a87a1aa3e5ce7206a04b5283848499f5f46eb8ca800

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\libcurl.dll

Filesize
460KB

MD5
fe5e6aecb98bbcb2cb0e826526dea007

SHA1
936f0e2ade5a909e714c307c1e2aa2702f1e464c

SHA256
ec5f18199dc57130082315bfb6baedb8614da92ae256019a30b5880dded9ae47

SHA512
7ae9fa473e612791a606f6fd7043a5385b3b4eb3bc612652c05d8520d2b2f766232c03de436636362c60b08cbdfec919a35dc07075b2877753ca4779c9cdf0d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\msvcp140.dll

Filesize
439KB

MD5
5ff1fca37c466d6723ec67be93b51442

SHA1
34cc4e158092083b13d67d6d2bc9e57b798a303b

SHA256
5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062

SHA512
4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\platforms\qwindows.dll

Filesize
1.2MB

MD5
f52d1908e2d1f5b03b72cc87df48c8ad

SHA1
aa50aa22dbe42f20e0f67f2102cb37eb39d86dc6

SHA256
60085c5b61554a1e9d96350f039597a1b77a7576a81a12a24ace9de4c323bb8d

SHA512
70a67a052c4daa445ca200768f9675ebbc987d86efcdef8bc6b35fbf8b907c4dd48bcde890476001bdeb655606fe00a804de7f5d1b08505bcf7883a5326aa0b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\sqlite3.dll

Filesize
1.1MB

MD5
b8074421d9f92adb9d112b90a54d47d1

SHA1
97eecbb5adb3d75d7ba791fc8625611e8854ee6e

SHA256
8ce20d2f27c6574dcaed648971778bb11d1ec18b9a44e879c0e53c1a29273dd8

SHA512
bef2881cd618c7a8a5871e6f58032ae81225f02bd005355d00ef6b05c30e2a8112763ec1cb0474f1f3fb93d43b8609070d0daf33f0b9fdb92196e1c5fae4213b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\styles\qwindowsvistastyle.dll

Filesize
129KB

MD5
cea2589b96f6a9f02fccc0bc0786965f

SHA1
dc115c308579d59f31346b3535fbc3e0338e0dd8

SHA256
a0b0177a40b1c74ac79bf31c9f26ab0770d54c2297d68a53d289c48ff5b23edb

SHA512
7865d1ee088cc880670bebb90ed13f5bb55b14affc98dac1ff9bdfcc94aacc84b1379dedcd1ffc992b8f45df40434bdb1c3a3e396410f2f292fd9c83d7d2c338

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\thinkingdata.dll

Filesize
294KB

MD5
e295bbb7c68f5cb535d72983227b12cd

SHA1
d42a6214e46e95f082426f52af52ddbe46725a12

SHA256
e988ebfb5798d712ca21fb8986c06a364b1d1f3b9397277898bf2e80b5818e2b

SHA512
a84ed487c75b012cd863f044865c4fb9e7cffe354737176f9626ac027d843c763be5668391219c7019fcb419267393f4dc5244020c953cf9ecdf4a68fb67b9f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\vcruntime140.dll

Filesize
78KB

MD5
a37ee36b536409056a86f50e67777dd7

SHA1
1cafa159292aa736fc595fc04e16325b27cd6750

SHA256
8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

SHA512
3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

Download Submit
C:\Users\Admin\AppData\Local\Temp\nshA48E.tmp\zlibwapi.dll

Filesize
469KB

MD5
5b56b325dbd6a7284d2ecf09d4cc0623

SHA1
38c86384096b428f127117fe58284a03f5f09fc1

SHA256
14aca2bf23b47996f630a1c5175fa6003e5898612411eeb6cad5abf96bc27b8c

SHA512
3d5d7bf4196ffd20b1a6e747ebd0dd7f2ab83458b4360d2c003e306fe1bbf5de48ddae2404fcf297deef06ae9acd0067314e1abef8433735776805e9b1093d88

Download Submit
C:\Users\Admin\AppData\Roaming\KRLauncher\G153\C50004\5d4813de0e89402fa26ea62e4b93d3ca_accountId_tag

Filesize
38B

MD5
6e71383ac47bae343cadca7cb9a27e58

SHA1
cccf18b0340cd81da20a0288d5db7116b79ef112

SHA256
d71920fc5bd0ec7abf0c0dc1ac6d44f0670bd521a48c83fbd768deace94631ba

SHA512
feafd7d4ccc760533c94bb02e31781ddce55bedb5a2436531d6869e7893298512a66eded399ae63858a5f74c33741d23400ac253e87960d83992c52763b0a04f

Download Submit
C:\Users\Admin\AppData\Roaming\KRLauncher\G153\C50004\kr_starter_cached.json

Filesize
46B

MD5
2a9afdfebd68b26a191e9ba8adb92a35

SHA1
abe99996d3b9985605295065d7c8f42277bb5c9e

SHA256
d08835da9256fc9cc0b2d9819deefde16538dd5f9a2eb0937ea99753a6c09a6c

SHA512
a4a63f5494a12f9f6a109594c39c198caa745e02cad0c5a917a3e9f316930ae847a6b33cdd747e872d31126cdf64af0fa0ed0c7ac099162c332e645a2a910e82

Download Submit
C:\Users\Admin\AppData\Roaming\KRLauncher\G153\C50004\kr_starter_language.json

Filesize
17B

MD5
1041cc1fe1030c1a82ac24346f8c69a7

SHA1
f53090f779d10e4644489bfcf1f9c8c1fa7a6451

SHA256
72006d81d8e2e779e60db60bf0bdecfae011822b76e1f8dc688d6b27d775f2d8

SHA512
245db8c9df43fb8cc43967fcaca4221eb79267c0b95cf841bd31e69af30884735ecb2f902da6b4c26198266710d661a591771bc4b2e8e8c85d843cb2d2a7e0f7

Download Submit
C:\Users\Admin\AppData\Roaming\KRLauncher\G153\C50004\log\2024-11-17\kr_launcher_2024-11-17-11.log

Filesize
6KB

MD5
9d3d9572d2134c38b79250096057829e

SHA1
9effc02071956e34c8dfa6a917637af54b3cdee4

SHA256
d9453e410fdf7ecaecc0451389845ff624261d3d5980c40b508a5ad0bfff44aa

SHA512
dd9ce461ed7f616bcfddea1f370990698bae756abef8713a71453500f83343b959cf0f558b01f460105c249eb1f01031dbec66256a348349c27f430bc21ca0d7

Download Submit
C:\Users\Admin\AppData\Roaming\KRLauncher\G153\C50004\log\KRInstaller_2024-11-17_11_41.log

Filesize
3KB

MD5
22758fbb990d20c7b3d2387fb44fcb13

SHA1
8b6e3980ec47c4f1c7302d88d765372fb04931f7

SHA256
58e5002a072ee5d738402463b24c6a001bbcae92c711d8ae51877d1257bd1925

SHA512
15969ea9c4285200b34c1c52673df7fb103f764fb3e9469b1d99301b2bc555075c89c425ba1f5a2dd6b659a8b3ee53659666579f0fdcee2ba012d574869ddc9c

Download Submit
C:\Users\Admin\AppData\Roaming\KRLauncher\G153\C50004\log\KRInstaller_2024-11-17_11_41.log

Filesize
5KB

MD5
ca4b36643443ea0b9d3548b8196a4fb4

SHA1
44a8ec3c50b0b332ed593eac92f51f2ed377091f

SHA256
866a820106366be9c7030c2c27fad9cc2b17a34d74fda3e0610141f8bb058c07

SHA512
9ffe54095344b9b09f361bac039e95f3cbf90cec02512cf03816bf766de8172f6a3eef1cc4b6b644393bf0acfe0f81aa52113b64d8916ebeb4c4d6384d944289

Download Submit
C:\Users\Admin\AppData\Roaming\KRLauncher\G153\C50004\log\KRInstaller_2024-11-17_11_41.log

Filesize
1KB

MD5
9be39dff74f69b126d9db76acf98529c

SHA1
6a3c3c150e95595777a987da7986ab32b3d02f64

SHA256
0e1ca9cf6ce1c3f0b3b97f45dc693d6321dc6ada3b68ed940ae78a295e7bcc7d

SHA512
b2452f13d5a0d0b1b872dfde3dd4067acaef912b61e4c5a6c922bbdc036e8972c4e1185011f147908bc72f5130a9cbcd523f67dc628a9e5f83b5733a648b4779

Download Submit
C:\Wuthering Waves\KRInstallExternal.exe

Filesize
465KB

MD5
e9d50f588f53c7f14e5239c5bcff404e

SHA1
2b7023f94cb5cf0a22f3174aa8e5c61f806c4f6c

SHA256
7055f06e558afa04ae7f01998d996e6dfa686583adfde138e177b7ba96308a76

SHA512
d3ef441655b533f0d144f64882dd9967f89cb81c8bdc669605f901e308209785c4da7c7bd7333ac5a8d1b1fbcf63958576a6edbc1277c5e899d35965d36d2251

Download Submit
C:\Wuthering Waves\KRShmq.dll

Filesize
43KB

MD5
91e64868d9f89d3282d9fe5f70d3af60

SHA1
0dfef08302d1b946b1b9cadac2cfa84aaad4df56

SHA256
f177c55114e7b7d740327a9f292597ad3f6a9ec059a3aab6d052befd1d3e383c

SHA512
e01b893140c3780d55753db14754c1196df6d4839a1f8ea0f5a61f082309d6f67bfb89d2ba61102d2199846fe1dd48439dbf1cf8d3563b468478abbfd9b65718

Download Submit
C:\Wuthering Waves\Qt5Core.dll

Filesize
5.7MB

MD5
0e51ac35b4b2922288b956450a73cbab

SHA1
adee61361815b216ba5c6c3b1cab998f1093a06b

SHA256
3b2129169999b948ca6ef1931410c235ac2aece3088ff9fc486145dcf772dd46

SHA512
fd36ecf24fe17892817a3007d7cb1c730469f61e68c66ed2da090b9e84d782298d08849b80788f72e48e289332f6dbea7fa2222e7b9518165b0335643d710843

Download Submit
C:\Wuthering Waves\Qt5Gui.dll

Filesize
6.2MB

MD5
1273c387e80db82ee6a96ac4788da8f7

SHA1
d0ba5c2c54e535254fb1ac5866c32b4c1398e045

SHA256
90b1a7c47965eafcc896b99e9520198c097f60975b74884f1c2bc91a5ce88160

SHA512
3356e4da246a05aaa959002463835afc4154077e112acde6531b78bcaf32272f1d81d8b8aa8407d31bee48b1f439b57427874660386147729749efe790a2ada2

Download Submit
C:\Wuthering Waves\Qt5Network.dll

Filesize
1.3MB

MD5
20dc922278cd948ce6dbdcb74580f910

SHA1
1a34d4738955f99c17083fec22945b0d6af76f40

SHA256
f7c7a1ea2570d1238287470b479e384f87c39357d1a4b2eeedbf90901d9c3cbc

SHA512
90afc14985b51744e2f3ea11a0f6f0edc3c7306bf6e9539c9526adbed0caf47e2b19fa90b38a3269424f109adb80f2bd7394620a35360d5aeb0b3641eb92fb79

Download Submit
C:\Wuthering Waves\Qt5Widgets.dll

Filesize
5.3MB

MD5
91439f0387898388cb1a3150c5848d73

SHA1
d57b3c8bb6ae88f98add39890c9a8c3fdc2a0f55

SHA256
9e38324e796eb66200498dbfdcda8ac92f92155a9accdc6c97f92f475ea4c8c2

SHA512
8a282440d5b2ba67ef4d9f490c0ef93946b60351b4019cb247eac67da92398b55745f6325fe6ab7f62088132614cc9f6332726e532e692f0b709bdcaa3999bac

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_1.jpg

Filesize
392KB

MD5
cbc94eccb52796af3df2031f22569c16

SHA1
3eff86a21715a0a195f7b1a71f50835e0dd0f38d

SHA256
1115314d42f26f4b3594d3fd567c91b88bde2131ea628dddd1be529aa8970dbf

SHA512
8192e90c5e9b42515cd5f34c15c9abf33a6a3c4ba620887b86abed2a363e957a11d61c30883e854c2be8fe6602f602c4b1524df49667ae679bc6676d161389be

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_10.jpg

Filesize
391KB

MD5
73eb804a550b5e182049191386cdc7e1

SHA1
c74eae7ce0ce3747a80596ca55e1f66d85d9e04c

SHA256
918bd33bea3fef02cbe38e6df3d9b39249bb8bca7e0e07a438e2d275ad8335cc

SHA512
19033bd27b0f4c3b5c5939bd9099a5fb247d8d9dade98776f65e35c8f77794a97c1ac801fd7ec8aeb5d00110e2444d65c4fb7a044483052ebfc6bcc15dc7bcc3

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_11.jpg

Filesize
391KB

MD5
5a0b51de983ea7de26451e1a6a023a3a

SHA1
5594589a3fc41cb76b4a44fb21fe4b81c8e7c832

SHA256
ddb41cd4ac0a726dc0034deb7dabab3077afddf8644d910fcbd428ea229ee667

SHA512
39f95963d3e69ff5960a3683e67e42f185354f55d5e8c5588518ecf014f21f5567d3557fe3dd9adcb6468197893386e73ff6874a42d42ffdcd36dafa890c98bf

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_12.jpg

Filesize
391KB

MD5
21ec6279662a562c0fd6d5b848e397bd

SHA1
87a3aecc1408e559dc739ff6275cf820dbd1052c

SHA256
b0c9bde3c6af284d208a8a8b3e861320d7d6a90c3c2f333f284c4a75df4af33a

SHA512
9bc323ee8ce90f7558739614f96f53f74da2bd32a3a4a6106aece7bf905be061e95e965111068763b9462c3e95dd77e50b10b8985fd777468dd704135c194278

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_13.jpg

Filesize
391KB

MD5
6c6b0921c108e6384613cb052dfe1d1a

SHA1
51e7368896795743a7054d08b9af3e996ed3813d

SHA256
52979f5cfc7b491397d76e38ec4bd1c5a342ce25769bab23d6617767047763b8

SHA512
4d4bf8e71f3250e606f047cd7a1a9e724090e4992bb4972b6e314a84f74d0bff61e6858da1af87f3265296eb1e453e11085b1640ac57c9bdcafa9b38ab5574bb

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_14.jpg

Filesize
391KB

MD5
62ccee52117fc8e18252d91a77ed6eb5

SHA1
57c1638ed50f7742159455c62b1c86313efc0e99

SHA256
36b59581cd91e8f78ee229a2799f0babd741281e7437974d638b65e6473eaa60

SHA512
b9f779495071ba04df7164e19cae96cfdaa0f6a9fb658d5a7cdc55530d7c93f949842dc33e5252b53f0e0367cb86c767c467df5b3e916bff0b748c77e8c10e0b

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_15.jpg

Filesize
391KB

MD5
4ab0b894817efdc23b338406f17985bb

SHA1
fb93fda0daabf053099ee07475b1d5e036dbe616

SHA256
022306d65a0ea4e9b40de4f06ff8d56044ce05ebbadf90307bece81abdf6345a

SHA512
ebf9ca0368862f4119d4fd06bf84a760647be66c6551896048bfc3b57629a2592e87c1e1421eb311c3557a6d7fdbb6e828a231330ee6ea72d63d771d661d379b

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_16.jpg

Filesize
391KB

MD5
a30f824e4de2087fa7315af5111a9bb9

SHA1
241089f97c069561bcb915558cf08a79587b6626

SHA256
0087d605a9b11d9792a4757439ff60f85ac6fbdb8e5c67891492ccfc584dccf7

SHA512
cbd4e1ca4d3af1c590d0219cd8f4f2b1a063572778b9e5d51fd317bf7f167be651d6a92c189de64c3777e4d3bac571f253dfd50b018d152f4eb7e93ad4f9fed8

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_17.jpg

Filesize
391KB

MD5
9d52b7b4bec803b2e8f1a021a13b7960

SHA1
51d77972bde077f49715af8dba4a92b87a399c86

SHA256
201ae7cb405a9b36128f5abf0ecb3edea898f0ed0d5828d6190c8bf718024936

SHA512
6c78d4e716c310309b5ba1a253f62c30c498057bb132dd3e7ceded9dde389007c9a6bdc0123350142f8365cde68a6e227eb0d2235ac41ae798d0ce041789bbef

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_18.jpg

Filesize
391KB

MD5
48890a50f869dfc80234a11464fd3e7a

SHA1
6fc70db424da2d906f8f9eab336adf4d01f519c2

SHA256
bdc584350de092ea610f53e83e6e6d5fa5d78ecb196869335a5654b4a1552257

SHA512
8b26f6b22e51ac5b62ae6113728d84d3af9bb511e50f302662955ba01a7a0f829959e53967ee2d9e68f48d8eca844abe37c11744e498a2b568b0455112b6ebe8

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_19.jpg

Filesize
391KB

MD5
76d2ba9a6d31003a85c3b75abcbfaa85

SHA1
7ad06f30b75f4153c5470f9525299e07b3bddce8

SHA256
5c8b9f81423f493481cc3cc010f8508322c9d39e86b5c2899d7296df009c4cef

SHA512
cc17613da9759ae5da4f8f913f6e452bbb0a37986bd026b1eeab0762496e7d613bfccc67ccc9b370a1a747a6cdbe19cebcfa41989add4cc23a658271dd373037

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_2.jpg

Filesize
391KB

MD5
a1f1e083112eae883ddc1b39b677a267

SHA1
3bbb29eba78bef79ada8eb97473fdb738be42dd2

SHA256
d9f4b298b6e13c38b7edb2f5be072c39f84abd31f8b5d6966f0a193e92f040fe

SHA512
dadaee08edcd35c74371a1f53b4922aa51b262333bd8cd6be46f0a3ad4f705fe1bb1d7579fc2b5b8bc26f09f59de6a957d6a02b0d226b8584387fb1efe747647

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_20.jpg

Filesize
391KB

MD5
1e4e6b6cb66081fd0d1cf93c52f92c2e

SHA1
625f507908fde39761dcfc6d0946f5706e3179f9

SHA256
1cb61a1c00aa33dd6728ab9c89bbc4b53a3a3e16fb80b40993f3c3ec09236860

SHA512
ce864c592eb89dba35d8f6a800b78e880ad92f9f5f940c9bb1f74587eefae5a5f6647d4883a9949f9bb872e4e20b944cc8b693ac84a7f12affb7fc928e9f8f0a

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_21.jpg

Filesize
391KB

MD5
e77bfa4455562eeb4114e352e420630d

SHA1
2b30f27b03d89316022123dd942ee3d267fc0a16

SHA256
ccfbe2f72d0d69d3dd5025a40829081c3859f9a20398610f814befb4e2d9d88b

SHA512
899c4d31d838c63af107d61088a7bffc8bfc20b70c33ff8d45f8d4ff6759138461bd3fb8214180235439ed3fe252e00bee4de866d79449b5ae5a62e5febea0ff

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_22.jpg

Filesize
391KB

MD5
e7610964911cad1ac3255cda1b37d984

SHA1
b62f0553b4494e10ca7d3701fb6620d93fde5e33

SHA256
1ab6e230bfe0543e6e49a126b1f6aaf12797868cabf760ffe6d788852ff92b6e

SHA512
7d0a45e1b46e0847a15b9612ad604f174929bcc190e3768ae07c5de2d6168ca0d3d2f50b4e3bae548f2a65ebee172296f111ffd6468f84a91cbcd634af5db5ee

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_3.jpg

Filesize
391KB

MD5
e479b4668e4d0356c235d81e651266d2

SHA1
f38640afc5b161d8df8bdc146f3861eb2b2118a9

SHA256
ca31a63fd83b4d339a8dc57103b42fc4d92d4e07318151730dfd983a9dfa79f7

SHA512
29fc571fbfe3bc5be9a05aa5008a08dcd130a3ca7f30f9a3dcbcdb7c1dca4020456ec82f061a055f30d78f9ca6490dd0d46fbea8866ab63b9397dcc6a5c25517

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_4.jpg

Filesize
391KB

MD5
220252dc4f6d6130a972d10de81ff1d5

SHA1
a4d9210fedb96af74ede6625dfb3afbb7bb6e60c

SHA256
9a0183d9ee71d76dfc21b6b3768c9f09a3c056d3659824827a6a91ee4f74f381

SHA512
729c56ee29e309c744177a71a293c07d6e17ee9afcbbd2120fb5072148bb32faadc48dd2b20d9362a826a1acfa97353df056b64a4f0ebc4f46cf2e1f56cab0aa

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_40.jpg

Filesize
390KB

MD5
f920727a6756b35a91328ac0381d70b8

SHA1
a008e260a0871f71bf57f3d5ac71b81dc6df8560

SHA256
98ec2b14f008aef349044af90ddc39d344ce52cd3b34ee5ea4b3d4638ac399df

SHA512
098778097382421e62feb452ec03b2555a1e23bea65eec76d9c74dbf91f0c26fc81a9e87885ad5a1d9b4df68305a1238ea23c4a9a0221d9bb9c0904f74a434cb

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_5.jpg

Filesize
391KB

MD5
745a8c26593932775e31ab11d266ee48

SHA1
cb5a19e07e10b85869c5defdc7cebdee64e69bd3

SHA256
adce7ffd379dbf894b4b0d96827ba3765014e95c613f0641429709fbaecd485f

SHA512
0de5a5404bb7df8f87b4eb1ad2e98173d706d919172b30dfe27c2f3110c1ae35901031b880b636b2d11ee28a0188d11062b032ea207894ed3118b1ec4dec4139

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_6.jpg

Filesize
391KB

MD5
3dcb4737564097f6a552332bd85038bb

SHA1
b5c79b2349683406d860d1f0e63358ce030e72c3

SHA256
eabcc3a07ba01da27d06e7f1146286c71dbc16e6895f278a737ae402dd802d6f

SHA512
ce53a2e6e3cb7a6558eada78deb0f90ad253891f40c00d78638afc50ff7db79cddc39a010c3ba5f0eb700f5d63df7c248ad966c9301a34fbc7faa5cb1ed06e37

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_7.jpg

Filesize
391KB

MD5
5b91f322daf29125ff6d1bc69a30f1fd

SHA1
b0ce16134e74010ca1a3409331bbd4ca25f5de85

SHA256
4d06484f4f334046d1d58b60a104eefde5e198070ffe02fc0349ee6fce4f5e93

SHA512
8b845d86416ac8c112b87f99bc7363b110782e438241948e254af764ba332827954d04d66d5d5f1e39c768b5dd222fc2e42a6caf8710b76baf04f5d22b0a15f3

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_8.jpg

Filesize
391KB

MD5
d106d007ef5d5a765b423b65e1b1feff

SHA1
c8de17e7e5f1e3c25bf22ac119ab4e744916497f

SHA256
9306f8d87e91aa7b47afb9b5691c6b364a572aadb87e124e62a34600bacf0a87

SHA512
48df7299d604b3fe5aec5558ea760f2474a8f36c7f27f8beb947279d5389676487b1d0f48e5f5390bc857806011bab636362b2a806289f393c6f3ce1c0f40809

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\home_9.jpg

Filesize
391KB

MD5
273a329c26e11c83f792446092abe369

SHA1
8e589eebcab94435982b1340bf6ec610326487d6

SHA256
b2621e31f827fb192210c9b7b6bbf5da4493118d55072cdafbe744ec747d6482

SHA512
a41a12b720d42f1ba314267c636faacf3c326c4b210b3a6986f86d8aae515ce5bf94519c41299e00f1933e275ac3dea23f8a0ba276002aa27f4cbf28051d8136

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\6d59f04def20bc8bb6ec86a3fd12ab27\kr_signature.json

Filesize
84KB

MD5
295d8bdfa7c7ea638aa63e7e00922bdf

SHA1
dcd4bae5ed8278409f0ae4eea119383888fbb8ed

SHA256
ff1554f78361e1f4e62ed684f8ae3da759dce46f122326c92f5d9f81a2004931

SHA512
107f433929db2f12ab9df58383e3cfdcebbbfa88d04c52b339e9bea8741614deea64c06c7c507f49d3f9d5ae6624b3b2b962c70807001242b67de8d82a5f7606

Download Submit
C:\Wuthering Waves\kr_game_cache\animate_bg\animate_bg.json

Filesize
79B

MD5
6ca98d0fa4896e2dd3f16e9467155576

SHA1
7acc88a733b17a4a26af9bba2f8841a1035ae23b

SHA256
0f324ca5baa9a6205a632777770110cf86cb48804a131d12d952d36a56d6050a

SHA512
657cd7be6d333fafb6ea8bfa99a5dd908fba70d887a23f0ff91ea8fa34620bade7ef0cdf6a9bbd9c31799f25d2aa7953757d487dfbcc07a84be03fec48b20d4f

Download Submit
C:\Wuthering Waves\launcher.exe

Filesize
14.2MB

MD5
4d43d1344cf2c9d73a87163a0b10e60f

SHA1
1d66ca2f931b382f530b0e03314b2ba248b1f9d2

SHA256
10cb60121aaaf86379c71074762c7cd887af775c796a6ddb10fceb365835178e

SHA512
5b224daa2dc4183276b0250747e9e2bb581a7261395ce0f031cf178b7f021be687563250a1a598dccd756ca14b89a4366cdc3d129373546ffe584a2d1896777b

Download Submit
C:\Wuthering Waves\libcrypto-1_1-x64.dll

Filesize
3.3MB

MD5
ad7eb78deb617d95d69b9d58dfeaf62d

SHA1
655bc2b7b077fce5303ed22166233315f4bd20df

SHA256
5e0571359a22563aa748268a910aa193437fda551f6325714f8e2216c1bff645

SHA512
4a3aec1bbebdbd4f0be5b7f7371a0a79b12319ca58ef4621753210772ccc68991dfdfd086e08ee382bce1a9072720adea4e32e7842be91d357a71c2d606d1f58

Download Submit
C:\Wuthering Waves\msvcp140.dll

Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Wuthering Waves\platforms\qwindows.dll

Filesize
1.4MB

MD5
ac584cbeb327e9d2364873f451e074be

SHA1
eb2d7b7f38c880ae4bc4f32c50e10e73ee15c816

SHA256
1fa4d2f13d22d9a859503d7b7c87ba39d379d9a14afcea7299d572eabb2bdf57

SHA512
4fca1fa9494799f382318d329a3040bc067d55e7cd99be6d768e975fb585f61f8c1360908284bb04c055dcf21a164464305e9255d52b1c57a0cfc49eea003203

Download Submit
C:\Wuthering Waves\styles\qwindowsvistastyle.dll

Filesize
142KB

MD5
085087d668776333d78d87ff579fce87

SHA1
861af820e28c6070fa22defbb527e55cdbe3590f

SHA256
59f3183245e4ea6a93f04eb3dc7460b3911397cb5a9f7aa429921b7957b62684

SHA512
10b2492ec88f0682264169478b966cb6584276d4dfb6a49d62ce21dff68013b3d1e17cfc51c658f5773d5cb9b374ec90205f1ebd07db70e8f0c76a96cda80e2e

Download Submit
C:\Wuthering Waves\thinkingdata.dll

Filesize
334KB

MD5
c0a3fefffe9f407a2a257966cd92da52

SHA1
90424515844c4f6166f19505f94733a8896835ea

SHA256
bb424f14ca1907e42db116eefb493c814d38543b126ef0409e64f5b54a928447

SHA512
7c04487c57a49cb22a01004047d04c035e0d491a8e442596147e47eb698ec27453a876499a616f40ea9068dce2571608050d7104b40a35da32a6b13ad475417e

Download Submit
C:\Wuthering Waves\vcruntime140.dll

Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
memory/1840-337-0x00007FF9015F0000-0x00007FF901B45000-memory.dmp

Filesize
5.3MB

Download
memory/2812-340-0x0000000061E00000-0x0000000061EF8000-memory.dmp

Filesize
992KB

Download
memory/2812-122-0x0000000061E00000-0x0000000061EF8000-memory.dmp

Filesize
992KB

Download
memory/3212-313-0x00007FF9015F0000-0x00007FF901B45000-memory.dmp

Filesize
5.3MB

Download
memory/3548-383-0x00007FF9015F0000-0x00007FF901B45000-memory.dmp

Filesize
5.3MB

Download