4f9217c9c2d8e5eacff91ad74f9e59efca3897a1885941053cf586a76f076099

Analysis

max time kernel
106s
max time network
125s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
31/01/2023, 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GenshinImpact_install_20230104163543.exe
Size

118.4MB
MD5

7c54bc2ef1e7c306e9c6af92e3e6016c
SHA1

154155b98601fa93de119a66fbf8344e78adf4f1
SHA256

4f9217c9c2d8e5eacff91ad74f9e59efca3897a1885941053cf586a76f076099
SHA512

53b4a477d5caead029cf41d9dda73522b18dd36c809438de4b9a2fd93ef06269e58123d035ee1834b00150b0684e82e100ceb0c46cc2f84ad7fb979619c3f0ad
SSDEEP

3145728:zSd8/4DaN6JzlfJIacMERP42xgmPJM09F2cf4gCSuLQZUOwIig:k5aOYaHT2xgEJMI2tQlig

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
752	7z.exe
336	7z.exe
1832	launcher.exe
1716	QtWebEngineProcess.exe
1056	7z.exe

Loads dropped DLL 56 IoCs

pid	Process
752	7z.exe
336	7z.exe
2016	GenshinImpact_install_20230104163543.exe
1208	Process not Found
1208	Process not Found
1208	Process not Found
1208	Process not Found
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1208	Process not Found
1832	launcher.exe
1716	QtWebEngineProcess.exe
1716	QtWebEngineProcess.exe
1716	QtWebEngineProcess.exe
1716	QtWebEngineProcess.exe
1716	QtWebEngineProcess.exe
1716	QtWebEngineProcess.exe
1716	QtWebEngineProcess.exe
1716	QtWebEngineProcess.exe
1716	QtWebEngineProcess.exe
1716	QtWebEngineProcess.exe
1832	launcher.exe
1348	Process not Found
1056	7z.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Genshin Impact\config.ini.qkYiTt	launcher.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\hi.pak	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qt_fr.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\qmltooling\qmldbg_preview.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\Qt5Gui.dll	7z.exe
File created	C:\Program Files\Genshin Impact\languages\th-th.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-crt-locale-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\languages\tr-tr.qm	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qt_fi.qm	7z.exe
File created	C:\Program Files\Genshin Impact\imageformats\qwebp.dll	7z.exe
File created	C:\Program Files\Genshin Impact\libssl-1_1-x64.dll	7z.exe
File created	C:\Program Files\Genshin Impact\Qt5Gui.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\translations\qt_it.qm	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-core-debug-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\fr.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\id.pak	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qt_ar.qm	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\languages\es-es.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\imageformats	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\bg.pak	7z.exe
File created	C:\Program Files\Genshin Impact\MHYQtCommon.dll	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-core-heap-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\libEGL.dll	7z.exe
File created	C:\Program Files\Genshin Impact\hpatchz.exe	7z.exe
File created	C:\Program Files\Genshin Impact\libGLESV2.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\ca.pak	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\tr.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\languages\zh-cn.qm	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\imageformats\qtga.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\styles\qwindowsvistastyle.dll	7z.exe
File created	C:\Program Files\Genshin Impact\vcruntime140.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\translations\qt_he.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\imageformats\qicns.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\Qt5Core.dll	7z.exe
File created	C:\Program Files\Genshin Impact\config.ini.lock	launcher.exe
File created	C:\Program Files\Genshin Impact\updateProgram\languages\fr-fr.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\languages\ru-ru.qm	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-core-console-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-core-version-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\libssl-1_1-x64.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\languages\tr-tr.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\translations\qt_en.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\libeay32.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\config.ini.SGxDxN	launcher.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qt_en.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-core-string-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-crt-filesystem-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\imageformats\qsvg.dll	7z.exe
File created	C:\Program Files\Genshin Impact\qmltooling\qmldbg_profiler.dll	7z.exe
File created	C:\Program Files\Genshin Impact\patch\windows\Windows6.1-KB3033929-x64.msu	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-core-file-l2-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-core-processthreads-l1-1-1.dll	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qt_da.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\translations\qt_ar.qm	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-core-localization-l1-2-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\position\qtposition_positionpoll.dll	7z.exe
File created	C:\Program Files\Genshin Impact\Qt5Svg.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\Qt5WebEngineCore.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\am.pak	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\ko.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-crt-stdio-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\printsupport	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qt_ru.qm	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qt_es.qm	7z.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DPX\setuperr.log	wusa.exe
File opened for modification	C:\Windows\WindowsUpdate.log	wusa.exe
File created	C:\Windows\wusa.lock	wusa.exe
File opened for modification	C:\Windows\Logs\DPX\setupact.log	wusa.exe
File opened for modification	C:\Windows\Logs\DPX\setuperr.log	wusa.exe
File opened for modification	C:\Windows\WindowsUpdate.log	wusa.exe
File created	C:\Windows\wusa.lock	wusa.exe
File opened for modification	C:\Windows\Logs\DPX\setupact.log	wusa.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GenshinImpact_install_20230104163543.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GenshinImpact_install_20230104163543.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	GenshinImpact_install_20230104163543.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GenshinImpact_install_20230104163543.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	launcher.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	launcher.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	launcher.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2016	GenshinImpact_install_20230104163543.exe
1832	launcher.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1832	launcher.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2016	GenshinImpact_install_20230104163543.exe
1832	launcher.exe

Suspicious use of AdjustPrivilegeToken 51 IoCs

description	pid	Process
Token: SeRestorePrivilege	752	7z.exe
Token: 35	752	7z.exe
Token: SeSecurityPrivilege	752	7z.exe
Token: SeRestorePrivilege	336	7z.exe
Token: 35	336	7z.exe
Token: SeSecurityPrivilege	336	7z.exe
Token: SeSecurityPrivilege	336	7z.exe
Token: SeIncreaseQuotaPrivilege	1804	wmic.exe
Token: SeSecurityPrivilege	1804	wmic.exe
Token: SeTakeOwnershipPrivilege	1804	wmic.exe
Token: SeLoadDriverPrivilege	1804	wmic.exe
Token: SeSystemProfilePrivilege	1804	wmic.exe
Token: SeSystemtimePrivilege	1804	wmic.exe
Token: SeProfSingleProcessPrivilege	1804	wmic.exe
Token: SeIncBasePriorityPrivilege	1804	wmic.exe
Token: SeCreatePagefilePrivilege	1804	wmic.exe
Token: SeBackupPrivilege	1804	wmic.exe
Token: SeRestorePrivilege	1804	wmic.exe
Token: SeShutdownPrivilege	1804	wmic.exe
Token: SeDebugPrivilege	1804	wmic.exe
Token: SeSystemEnvironmentPrivilege	1804	wmic.exe
Token: SeRemoteShutdownPrivilege	1804	wmic.exe
Token: SeUndockPrivilege	1804	wmic.exe
Token: SeManageVolumePrivilege	1804	wmic.exe
Token: 33	1804	wmic.exe
Token: 34	1804	wmic.exe
Token: 35	1804	wmic.exe
Token: SeIncreaseQuotaPrivilege	1804	wmic.exe
Token: SeSecurityPrivilege	1804	wmic.exe
Token: SeTakeOwnershipPrivilege	1804	wmic.exe
Token: SeLoadDriverPrivilege	1804	wmic.exe
Token: SeSystemProfilePrivilege	1804	wmic.exe
Token: SeSystemtimePrivilege	1804	wmic.exe
Token: SeProfSingleProcessPrivilege	1804	wmic.exe
Token: SeIncBasePriorityPrivilege	1804	wmic.exe
Token: SeCreatePagefilePrivilege	1804	wmic.exe
Token: SeBackupPrivilege	1804	wmic.exe
Token: SeRestorePrivilege	1804	wmic.exe
Token: SeShutdownPrivilege	1804	wmic.exe
Token: SeDebugPrivilege	1804	wmic.exe
Token: SeSystemEnvironmentPrivilege	1804	wmic.exe
Token: SeRemoteShutdownPrivilege	1804	wmic.exe
Token: SeUndockPrivilege	1804	wmic.exe
Token: SeManageVolumePrivilege	1804	wmic.exe
Token: 33	1804	wmic.exe
Token: 34	1804	wmic.exe
Token: 35	1804	wmic.exe
Token: SeRestorePrivilege	1056	7z.exe
Token: 35	1056	7z.exe
Token: SeSecurityPrivilege	1056	7z.exe
Token: SeSecurityPrivilege	1056	7z.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2016	GenshinImpact_install_20230104163543.exe
2016	GenshinImpact_install_20230104163543.exe
2016	GenshinImpact_install_20230104163543.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe
1832	launcher.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 752	2016	GenshinImpact_install_20230104163543.exe	28
PID 2016 wrote to memory of 752	2016	GenshinImpact_install_20230104163543.exe	28
PID 2016 wrote to memory of 752	2016	GenshinImpact_install_20230104163543.exe	28
PID 2016 wrote to memory of 752	2016	GenshinImpact_install_20230104163543.exe	28
PID 2016 wrote to memory of 336	2016	GenshinImpact_install_20230104163543.exe	30
PID 2016 wrote to memory of 336	2016	GenshinImpact_install_20230104163543.exe	30
PID 2016 wrote to memory of 336	2016	GenshinImpact_install_20230104163543.exe	30
PID 2016 wrote to memory of 336	2016	GenshinImpact_install_20230104163543.exe	30
PID 2016 wrote to memory of 1832	2016	GenshinImpact_install_20230104163543.exe	33
PID 2016 wrote to memory of 1832	2016	GenshinImpact_install_20230104163543.exe	33
PID 2016 wrote to memory of 1832	2016	GenshinImpact_install_20230104163543.exe	33
PID 1832 wrote to memory of 1804	1832	launcher.exe	34
PID 1832 wrote to memory of 1804	1832	launcher.exe	34
PID 1832 wrote to memory of 1804	1832	launcher.exe	34
PID 1832 wrote to memory of 1716	1832	launcher.exe	36
PID 1832 wrote to memory of 1716	1832	launcher.exe	36
PID 1832 wrote to memory of 1716	1832	launcher.exe	36
PID 1832 wrote to memory of 1056	1832	launcher.exe	38
PID 1832 wrote to memory of 1056	1832	launcher.exe	38
PID 1832 wrote to memory of 1056	1832	launcher.exe	38
PID 1832 wrote to memory of 1796	1832	launcher.exe	40
PID 1832 wrote to memory of 1796	1832	launcher.exe	40
PID 1832 wrote to memory of 1796	1832	launcher.exe	40
PID 1832 wrote to memory of 1720	1832	launcher.exe	41
PID 1832 wrote to memory of 1720	1832	launcher.exe	41
PID 1832 wrote to memory of 1720	1832	launcher.exe	41

C:\Users\Admin\AppData\Local\Temp\GenshinImpact_install_20230104163543.exe
"C:\Users\Admin\AppData\Local\Temp\GenshinImpact_install_20230104163543.exe"
1⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Users\Admin\AppData\Local\Temp\Genshin Impact-iQZrzp\7z.exe
  7z.exe l "C:/Users/Admin/AppData/Local/Temp/Genshin Impact-iQZrzp/app.7z"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:752
- C:\Users\Admin\AppData\Local\Temp\Genshin Impact-iQZrzp\7z.exe
  7z.exe x "C:/Users/Admin/AppData/Local/Temp/Genshin Impact-iQZrzp/app.7z" "-oC:\Program Files\Genshin Impact" -aoa -bsp1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  PID:336
- C:\Program Files\Genshin Impact\launcher.exe
  "C:\Program Files\Genshin Impact\launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1832
- - C:\Windows\System32\Wbem\wmic.exe
    wmic qfe get hotfixid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1804
- - C:\Program Files\Genshin Impact\QtWebEngineProcess.exe
    "C:\Program Files\Genshin Impact\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=4443465800283245810 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=1 --service-request-channel-token=4443465800283245810 --renderer-client-id=2 --mojo-platform-channel-handle=1780 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1716
- - C:\Program Files\Genshin Impact\7z.exe
    7z.exe x "C:\Program Files\Genshin Impact\patch\fac986b82c31f75c0820803748a74af4_6387557389624353771.zip" "-oC:\Program Files\Genshin Impact\patch" -aoa -bsp1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of AdjustPrivilegeToken
    PID:1056
- - C:\Windows\system32\wusa.exe
    wusa /quiet /norestart "C:/Program Files/Genshin Impact/patch/windows/Windows6.1-KB2921916-x64.msu"
    3⤵
    - Drops file in Windows directory
    PID:1796
- - C:\Windows\system32\wusa.exe
    wusa /quiet /norestart "C:/Program Files/Genshin Impact/patch/windows/Windows6.1-KB3033929-x64.msu"
    3⤵
    - Drops file in Windows directory
    PID:1720

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Genshin Impact\MHYQtCommon.dll

Filesize
531KB

MD5
f83da46f16ccf1e3810d5d3e483d1cc4

SHA1
97c6e1c6b00ab7a2aff59d568f820e91f42735fc

SHA256
5da3e13281039a4a7e48b72c58d3a666c0fbe94d6415810900a736c3a8779e1a

SHA512
aa5e8c42d2e74aa59f83d851c5553009a9d34a1b25da553aec7449860a028667b1ccb3b4631d3415fdcb8b793e5d21bcaf23353db979ea39ef0300eda667083b

Download Submit
C:\Program Files\Genshin Impact\MSVCP140.dll

Filesize
576KB

MD5
e74caf5d94aa08d046a44ed6ed84a3c5

SHA1
ed9f696fa0902a7c16b257da9b22fb605b72b12e

SHA256
3dedef76c87db736c005d06a8e0d084204b836af361a6bd2ee4651d9c45675e8

SHA512
d3128587bc8d62e4d53f8b5f95eb687bc117a6d5678c08dc6b59b72ea9178a7fd6ae8faa9094d21977c406739d6c38a440134c1c1f6f9a44809e80d162723254

Download Submit
C:\Program Files\Genshin Impact\Qt5Core.dll

Filesize
5.9MB

MD5
92d549a235b8210507f833c3e0216815

SHA1
65809e2d079d391c36b1e92afba6d02fe9065cb5

SHA256
82ecd0ea08e6d4842ef51487a8390d7673653c91fb948250294de4d51dfc2cb7

SHA512
b93a4ba1c2f94c31b9cdca63e5e7a07370d66f109bf4d241e6b8977d42e30ef15df9e90b1b58570a91a25fa0675c7b87b8074a98a23345651945a60a114296d8

Download Submit
C:\Program Files\Genshin Impact\Qt5Gui.dll

Filesize
6.2MB

MD5
93135c19df028abfdac7373a98154eff

SHA1
a3d1f5ad01851e1f0caef4ee54c79e9503adcfe2

SHA256
5dfd057a046d9febaf4c1d79d7dc974821f1d922c9c2637b5df0f20279092c2d

SHA512
d5f4badd0aac50b73e3622e0b7f49c40a0c63be85b4625de5e0bbf6484ecec80724bc56fb57cf895cef1900604ee82487d5a99aa9be3cae8cf1be553ed323936

Download Submit
C:\Program Files\Genshin Impact\Qt5Network.dll

Filesize
1.3MB

MD5
6cd8227ef4d5152ef97cc56d21888e04

SHA1
54d0dd8f6bdcc4db3629ff6d60f9dbd5b3443edd

SHA256
3711a1054a27813b4d6857692799ff5b746ad50b248fd87e118cc59e89326bff

SHA512
551bb69f54e836571c705eb7d95f6d3e3a035be54815360acebc91dcab084a6dcb0dc99b06549b66186e34170594b25ee8280ee71480e0cb7745d08314110a00

Download Submit
C:\Program Files\Genshin Impact\Qt5Positioning.dll

Filesize
315KB

MD5
dbd4c8832ff7dd7f405d900ccbca2aa1

SHA1
c8c8d6a0e197d8aa0f0008f153ca736f56587d2c

SHA256
a5ab796ddf911e2df28f927a8663f507544cad7e1c26c6fdb59cb4f316c5196f

SHA512
f70fd48541bd88cdeedb94ea7df6d096eb996a7957ac22342c70ec6c118dcb86dc5d72316e3e10a2645384680ce96e49785ea5a658cdaf67513fb4b6a92fccd4

Download Submit
C:\Program Files\Genshin Impact\Qt5PrintSupport.dll

Filesize
316KB

MD5
7f0452271f1a6be55185c8ff11b0b77b

SHA1
735516bed5bde962503b12a2fe68a23c4b8d661a

SHA256
e5de0e5018145a3fd4b8c0264770241b329c8102f00eecf8091d6e7c0bb1f951

SHA512
76c7df1bc0b01bb401de7416647129986d20152832d820e5d7b768550a2a7ddc610924422697b71e4477effd56b39604e3bb581939a0eaa6bc4b38c53b210754

Download Submit
C:\Program Files\Genshin Impact\Qt5Qml.dll

Filesize
3.8MB

MD5
45390fa57bb8c30570d229c1d8d1c73b

SHA1
e183dff1da6dd32e21d9c46ae1d984d78bc33540

SHA256
433f41b93dde8a1b23611d28f7dbbd07cc3039b136b700e2c7fd9e7ef6d9c0dc

SHA512
7b7ff7242697df69107516113edaa35df5a6cc726d425ba9797612c012e3d6939aaf99ceb574fdead8381ec3a8c07fae0892c70c4f5604ec4125c821f342acbf

Download Submit
C:\Program Files\Genshin Impact\Qt5Quick.dll

Filesize
3.6MB

MD5
004e312a08becb87d25bf15747daeebc

SHA1
f97c1d86f9125eec088d53638a5c2d0951c99487

SHA256
a04a4d293191450879b365d00dc063e129bb4caffe2ccebf6e3079b4c538be91

SHA512
7508f1109f594899c6c269a9478f5ec19f33556ffa30902d14439a4a59d8d0c2211e1f12b575f395edf6d431c3d13692a21ad0028ba739cbbdd225b4bfb72b41

Download Submit
C:\Program Files\Genshin Impact\Qt5QuickWidgets.dll

Filesize
77KB

MD5
7494d78597a2f683c25a005609cb6453

SHA1
6b651da28cc4c22d86b2af3272e52bff0d2f1eec

SHA256
ae57a0b2e9ae3df31a22a372c7af061e653f72fdec3fb88306449911266ecdcb

SHA512
3107a1c8f91af86f320f14b8fdd4b8d31f9f16ba791f60fa1cfc0822372000e875d630c6cd77cd7b5ee4f16a54a39024a0d6a21226e3b0e35e0f31d90e0399bf

Download Submit
C:\Program Files\Genshin Impact\Qt5WebChannel.dll

Filesize
120KB

MD5
2bbc222f612e67ad199b2855fec62345

SHA1
3f4dc92bb74777952349e64e83789aad40caf1ab

SHA256
cfba487fc2009119295c5ad05e6c8cf9a3d6a9a72f48cb20ce2beba0bc353400

SHA512
908201b4f945fe5c4c04fa4197c0e718fc7bcddea379bd634946a2a4fbfd0a4e984fd26fd0573d84bd867a0e12a3261b19d9b770f05ff6574c924e9939d887a2

Download Submit
C:\Program Files\Genshin Impact\Qt5WebEngineCore.dll

Filesize
76.3MB

MD5
83f635ceb96697909e8c3b14b62cf584

SHA1
668abc7b9bb4e44abc14e9ae7b2987431e17f60e

SHA256
23c155b9ab3526c741754f4351fa8ea6b639ab669af2398e4bced0fd73911d6b

SHA512
f28faf554ca9f4c4157c762f20bef7fe8e48d197a7629662ec5d1b7b89927b5e59d9ab9cff4856873c37239a237c528df84179e18afeea5ac948d3be9f785641

Download Submit
C:\Program Files\Genshin Impact\Qt5WebEngineWidgets.dll

Filesize
226KB

MD5
47223069528384e7e6b40d9116640f27

SHA1
4402b986b9a5d8592b940b74c51b2f30b76fbb9f

SHA256
8af31ae80b25f573136643aeeb97aa5bc2919279915e7a648b7be855f0f61d90

SHA512
cd82f9e1b06c84d4b266912d94b56198eee33070501832ca39205ba78caf440270b92daa51edd9332ca02aacacd52150cff5e52946267ac456cb253a74fb90d2

Download Submit
C:\Program Files\Genshin Impact\Qt5Widgets.dll

Filesize
5.3MB

MD5
bf377ce7199eb0277133e38ae925812e

SHA1
dae0788bb124fcca274c775b93c8681b4ad0cf83

SHA256
19f8bff8cb5fa92a747f7f81640ddaa4dd8ed547c4051f6a79a2c148cd17131d

SHA512
bbc9f418b1fb826d114f72460ee261dc8c50726b7690e8f904d5431616b131f405bde9501f0757a33ae9d152d9b09fd8e300eb1cd95642c2e9e240d4d356cc70

Download Submit
C:\Program Files\Genshin Impact\VCRUNTIME140.dll

Filesize
78KB

MD5
1b171f9a428c44acf85f89989007c328

SHA1
6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

SHA256
9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

SHA512
99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

Download Submit
C:\Program Files\Genshin Impact\VCRUNTIME140_1.dll

Filesize
43KB

MD5
3b22b2ec303b0721827dd768c87df6ed

SHA1
86f8af095cf7368ccbff2d0fd6d33586145acd2b

SHA256
3b792da47040c3b3e0804cdc5153eef4e802b6975963029d8dc360cb824a7b62

SHA512
79db774980ee132797f7e7dbc0e055b724d8fbf0e4917523b285f918730adfff81022cc6f5e15469b011d55501fd7b085bc070e9ecdfb75c05f4d6622a7f2475

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
395d39f6ec3e09c5194899434150cdf7

SHA1
abd262b486e1adc39b40dbfe012a551c732dfd69

SHA256
ecc40b2c80300b94615b450d5a97ed15ce51aa929c73da22c906ab01856f8223

SHA512
0f55725eb8609ae52c45ff7e255c3e23bff0b9e049f2f37cb4fc12841ad9f5ed8264307961cbd27031997c29ce04677b646f9c859fc629b25186ec52f735ba36

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
f2cd3227975bd33ae08e34221d223ca6

SHA1
26b19fd814ea86825244e7a7cf82e7eddc189895

SHA256
f88209bb4993bfbcfc9727d101a4f1ecf84649ca5fd15b264faac11daf19ac7f

SHA512
690408ba6d88ad97334a8f9012c5db5c4d46d70cd9519f1d8e9131d1044805dce992d89167ef12d0192f4e5ab079722b88700df9601c05674267fc4f8d5486e3

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
b178f49844a5168d29d5cce20a6303e3

SHA1
29dd5bd890addbba1d8a9aeacb68716f8208da73

SHA256
9358400795afcc41f5e748e20b139cfbb1ac976b3e460597b0b21893d647276d

SHA512
b65308d482342291069314e9f99964c3479ea41579db17d3cbe3888318bb7605ee67c11a40f14609665a419f44a61809513bddb8b3657b24a4bac16bb274664f

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
19KB

MD5
da1c671169dd183afca9ac76f46fd86e

SHA1
47a1bd0c45d5b87351870b8dd2122da30638ec83

SHA256
e5c2478571ab260776b547579acd847bdecac9b4b9b4590d4ac7c80135c68930

SHA512
5e6eb5525a77ac63bbae2288fecfd5712aff5c194e55d93239ae6171b8602de9d029ca725f15efb03890dff57a34c07435687e87a20839d614cc9c90fdf06f5d

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-core-synch-l1-2-0.dll

Filesize
19KB

MD5
500dc43299f083fbdccd7043d8665c6f

SHA1
ad084aad23cc9e18fd4b436fb53aeff4484a7e14

SHA256
829c05601bac069db875dc89c713ee2f54b350cd5a1a96ecd1ea8ea46ac59ad5

SHA512
4b6490b9d4890b5c8d7fe2e2b31b88841f239daf6756034f14d3ded247eaece8290dc078d69e934de49ab623dcbf69c22b32a0fde72d31accef91f6c5cc496fd

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
c54a336fdc425291b1d972f6fbaca6c7

SHA1
ea3872c198f3f41e41dcc42cf92aabbc6540579d

SHA256
8d1f5410f8b4326876410b45fcdcabb96bea4941f71ea5b11cb6dae80e6bdd49

SHA512
abe7694493ce2e367582be1155fb5100a7840e67eb1f646dbd5360a47b430ec03634a3f1a940a8a5f555d96da0fdab66a4a2de544b847234e38b588cf597e0e9

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
6486f7508afd3ea4791ccd434c5ee39c

SHA1
071ff44f4a625ff5b0ac601efc8210648d5309bc

SHA256
82c4085866e4293759d9c9a5fed599f3fbff3abfa15f6c6ff0a8a82600592e37

SHA512
fe9d16bb25942f5b08509cdfae37c2a2846e2798142c9749b4965d244bccd65b7d7e5e6c82d73489c2c858d7313ee3f2543d3bbc4148646385ffaeb14f9b159d

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-environment-l1-1-0.dll

Filesize
19KB

MD5
e1c852f7771c28cea12da3084345b9a5

SHA1
5413f005fce127893c547927a4c7324ad07f1ad4

SHA256
f1634bfc7d08c588e85b6b6745084dd1b59bd5ece9fb2817243eb3b877601fdb

SHA512
46b457b05168ca2ba4efbbe4fdf3dd094c955a6494e3275508a0f98153d6432263d8cff8a07c557c713ed3005db905279581f4302398f05687655c0639d75995

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
c4d92c5ccf85f577b213b8f93f7db782

SHA1
94958c96a31b716c2a1d3d4f08739d7e95e100fa

SHA256
86fc8c1ed25712db755c21d3d61e597a115d5750261de443ee55a2f8d10ee640

SHA512
3a16f9f9c9def96c090286181b9a6affc8670a1781db7f57c1bfd4ee97ea9e159bc406c561f9e05bea60de41699b5539a36abcdcdffd3a9fb5aef14c9e19b200

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
c3aa45f69ceeedae8799c3c71ce4d64b

SHA1
92b24bedb8782f7b4baa73679b7f43e39dcf3b09

SHA256
4e756b8ab0e0047c838a29bc809e68945e9c10a4d054f33ee3ebd9b79546a23b

SHA512
4249079f1c4fe4b25361b73442ddd60c12651dfe5190b928a8fd97c78ca09f017420c78f714b90d043e11e17b075667617a7f9a9cf0fa8f0342e5f11cb8c2dc2

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-locale-l1-1-0.dll

Filesize
19KB

MD5
8f1bf32b70d388ec06393d04e16eec0a

SHA1
7b2dafe0e97d192e51d7c4bf0c7ab61319740d9e

SHA256
33f5a6d56bee34de3866587fabc5be9040d30d69638b53d0301028f113ed2613

SHA512
a03f9673861f6e42461e102f7ca6d11aac9c23648930fe5f7f6eaffc9bff19aee4ee005d20c272bf6a733ad1030ebf197bf3116ac3b055bba5621188f3f3f6ff

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-math-l1-1-0.dll

Filesize
29KB

MD5
c723f17218f1c0ce46c69b76783bc15a

SHA1
bc0f24d817a8641069a1f92a09ba47bd6618c46f

SHA256
6c38011a0bcf7d46fb2262029466d8fd731cf9ed9d10062c55894df68adfaa22

SHA512
135ee4afcf04793e4141c1a75f28b152a8819d3411d3221670ea160a6a9b6802128528e023cca01f6425dae1dffeccae335f7c4f0e49d04a4d7249995a0731d5

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
23KB

MD5
da9cb6b2a96ca5f3d8ef55ef2f7165ba

SHA1
eccc29dc737032ac602bdb6da1561064dc2aec49

SHA256
057991c1da75cefbe544992d78db72ba476f6861819055aa011875abea3195cc

SHA512
580ed6a8b779b4be7380f159f2cb22b729fe6f6c30e01cd824ef34873816ac9aa4b20c62d4c611aae9e229804407e181f89b146089cabae3e1e86dbf8480ea48

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
5e7bdf944b1c9a987665156393680e01

SHA1
4bb997c4ecc09a76b38005431bbdf5a69b0e8aec

SHA256
daf29d2df289a7794f7e52ad2cf3644f7fdff36efe54e9771cc1a5c7467c93ae

SHA512
22af27df1d05f037e1363a4ae4dd3bd23dff82ff257d6f72acc6bd087f6f8085d2f68b35f68ea37143ec50a14fe15628ad25514a291e5c12b57dcba5a1667cac

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
e27ce56b6565c66171f7fa29b240cf98

SHA1
1c1ae84e7d9d68674f3ca156dbba675dc913b5cd

SHA256
58e11bcc6ce7a7a2cad717340b7e3e31ab017e8c242b7c72cea19a2ba0c664ac

SHA512
afb75f8e8ccc8d790aa32a9a5f821532d4128fb291721b5ac0bc09a542da954cd9e32a47099bc243cdb2471528337686f3f4888ea0f1d3d4605445271121734b

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
ad41d7793e8e931d6edb8fe72d70c190

SHA1
750fdf2dcc52d40be1ac6764bbd96f5ddab6ba20

SHA256
df4524b35b88023f7bc4c8741776e1b4f933fe5ebf241e1ed5230fd10205b133

SHA512
f7e81989944f15cf2e590b54bc53b934683f31f0aceb672541c1138b7654d63cc3703369c39be3ccbc49232f7ffaaf9f51fdcbbe30d77f6238e671261fcf84b5

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-utility-l1-1-0.dll

Filesize
19KB

MD5
371dfcd9218a52fa7a4cf2b187926b47

SHA1
a7e0726383e4caffaa8b7ae87248f5ae5a62ab7e

SHA256
7043b82592d65977d920579a2bcf695d1321515e4733ee9881cdf65ee5dc7818

SHA512
faa3e4cc6a4db7c976d1c14877f3557cafeb83547ba1a3965a292af75731307552ee0e4c3de81c59239e1d5b9ba705cc4faaf4b845232f6e33457de2d5128559

Download Submit
C:\Program Files\Genshin Impact\launcher.exe

Filesize
3.2MB

MD5
9af9b8cbb7f2d2a39c4e39752ed7c32e

SHA1
c7f1f929a2db2bd6bea23183288c2d00f495ddac

SHA256
856b61d3bd6d009fb5835221dd2130a33a297a957abf4b70bca21832c3116369

SHA512
635710930589af9574b3661dbef9554d8f0112edfeaa3522a326c3ae2401ef7aeb4eb25bf10176ca75c5294510fc25eaa678dca0963bcfcd1f8d884b4560b0d7

Download Submit
C:\Program Files\Genshin Impact\launcher.exe

Filesize
3.2MB

MD5
9af9b8cbb7f2d2a39c4e39752ed7c32e

SHA1
c7f1f929a2db2bd6bea23183288c2d00f495ddac

SHA256
856b61d3bd6d009fb5835221dd2130a33a297a957abf4b70bca21832c3116369

SHA512
635710930589af9574b3661dbef9554d8f0112edfeaa3522a326c3ae2401ef7aeb4eb25bf10176ca75c5294510fc25eaa678dca0963bcfcd1f8d884b4560b0d7

Download Submit
C:\Program Files\Genshin Impact\platforms\qwindows.dll

Filesize
1.4MB

MD5
d00e8dba57dde95eac770c2c4e1e0ddc

SHA1
370e15e178052cac31f1a9a904e7b3aaedf367a4

SHA256
413f65f3dc3639564b927c357a733024a8f94a7847c0707694307cc5c3fc2f25

SHA512
d1ec3bd2eab6597012572cda6b61400bb74911a3c6ad6977ccff04e2ea8dce1f0ff11012bdc85dc53b60edf321355923fd99489a51eb5deb9d3b57e4f1b5a8ac

Download Submit
C:\Program Files\Genshin Impact\uninstall.exe

Filesize
20.8MB

MD5
8ac87dc39032475dd4f802e7ba59115b

SHA1
27e92cac7f39532673996b7f887c1fd9c8524cc6

SHA256
8d01717c93c64763fa0aa6c10d7367b3a971d60dfeb7ce9b22558f6d4a8757d0

SHA512
7420b57136aee9b652abb72b15d11b106f4936f72ccf4198283f7d4886556a07a3de12ed97d3be0f1514e1806b925d83c7f27638710f0d92c7f10c1d3975ec05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact-iQZrzp\7z.dll

Filesize
1.1MB

MD5
e7ae42ea24cff97bdead0c560ef2add1

SHA1
866f380a62622ab1b6c7705ddc116635e6e3cc86

SHA256
db2897eeea65401ee1bd8feeebd0dbae8867a27ff4575f12b0b8a613444a5ef7

SHA512
a4a27b2be70e9102d95ee319ec365b0dc434d4e8cd25589ce8a75b73bbe4f06b071caa907c7a61387b2ce6a35a70873593564499b88598f77a7c25c47448fb0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact-iQZrzp\7z.exe

Filesize
286KB

MD5
afc08ce359e79887e45b8460e124d63e

SHA1
e8dcddb302f01d51da3bcbfa6707d025a896aa57

SHA256
a20d93e7dc3711e8b8a8f63bd148ddc70de8c952de882c5495ac121bfedb749f

SHA512
32d3b8d964711a5706f8cf9f87bc6e33670bba2cb3ab88603dec399652ac7fe297a4692f0865a0bdcbd06515d6b0a84e5a96d1b7fda48f556543536889ba387a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact-iQZrzp\7z.exe

Filesize
286KB

MD5
afc08ce359e79887e45b8460e124d63e

SHA1
e8dcddb302f01d51da3bcbfa6707d025a896aa57

SHA256
a20d93e7dc3711e8b8a8f63bd148ddc70de8c952de882c5495ac121bfedb749f

SHA512
32d3b8d964711a5706f8cf9f87bc6e33670bba2cb3ab88603dec399652ac7fe297a4692f0865a0bdcbd06515d6b0a84e5a96d1b7fda48f556543536889ba387a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact-iQZrzp\app.7z

Filesize
93.2MB

MD5
46d0253bff06239dbc19507f3489e836

SHA1
092985d96506b6021a28deeb8eb8c24e29fff260

SHA256
032cd525f566a65541940fcb997cb885cd5ec2c45b409974460bd5d25cdf19aa

SHA512
a8977c2beaf65b49321db736a0609f5a0b4923d6b17865de45754e692656dcb2ca496edc5c66fc538551190cf276c967fea694fe09db1812117e608df6cef0bc

Download Submit
\Program Files\Genshin Impact\MHYQtCommon.dll

Filesize
531KB

MD5
f83da46f16ccf1e3810d5d3e483d1cc4

SHA1
97c6e1c6b00ab7a2aff59d568f820e91f42735fc

SHA256
5da3e13281039a4a7e48b72c58d3a666c0fbe94d6415810900a736c3a8779e1a

SHA512
aa5e8c42d2e74aa59f83d851c5553009a9d34a1b25da553aec7449860a028667b1ccb3b4631d3415fdcb8b793e5d21bcaf23353db979ea39ef0300eda667083b

Download Submit
\Program Files\Genshin Impact\Qt5Core.dll

Filesize
5.9MB

MD5
92d549a235b8210507f833c3e0216815

SHA1
65809e2d079d391c36b1e92afba6d02fe9065cb5

SHA256
82ecd0ea08e6d4842ef51487a8390d7673653c91fb948250294de4d51dfc2cb7

SHA512
b93a4ba1c2f94c31b9cdca63e5e7a07370d66f109bf4d241e6b8977d42e30ef15df9e90b1b58570a91a25fa0675c7b87b8074a98a23345651945a60a114296d8

Download Submit
\Program Files\Genshin Impact\Qt5Gui.dll

Filesize
6.2MB

MD5
93135c19df028abfdac7373a98154eff

SHA1
a3d1f5ad01851e1f0caef4ee54c79e9503adcfe2

SHA256
5dfd057a046d9febaf4c1d79d7dc974821f1d922c9c2637b5df0f20279092c2d

SHA512
d5f4badd0aac50b73e3622e0b7f49c40a0c63be85b4625de5e0bbf6484ecec80724bc56fb57cf895cef1900604ee82487d5a99aa9be3cae8cf1be553ed323936

Download Submit
\Program Files\Genshin Impact\Qt5Network.dll

Filesize
1.3MB

MD5
6cd8227ef4d5152ef97cc56d21888e04

SHA1
54d0dd8f6bdcc4db3629ff6d60f9dbd5b3443edd

SHA256
3711a1054a27813b4d6857692799ff5b746ad50b248fd87e118cc59e89326bff

SHA512
551bb69f54e836571c705eb7d95f6d3e3a035be54815360acebc91dcab084a6dcb0dc99b06549b66186e34170594b25ee8280ee71480e0cb7745d08314110a00

Download Submit
\Program Files\Genshin Impact\Qt5Positioning.dll

Filesize
315KB

MD5
dbd4c8832ff7dd7f405d900ccbca2aa1

SHA1
c8c8d6a0e197d8aa0f0008f153ca736f56587d2c

SHA256
a5ab796ddf911e2df28f927a8663f507544cad7e1c26c6fdb59cb4f316c5196f

SHA512
f70fd48541bd88cdeedb94ea7df6d096eb996a7957ac22342c70ec6c118dcb86dc5d72316e3e10a2645384680ce96e49785ea5a658cdaf67513fb4b6a92fccd4

Download Submit
\Program Files\Genshin Impact\Qt5PrintSupport.dll

Filesize
316KB

MD5
7f0452271f1a6be55185c8ff11b0b77b

SHA1
735516bed5bde962503b12a2fe68a23c4b8d661a

SHA256
e5de0e5018145a3fd4b8c0264770241b329c8102f00eecf8091d6e7c0bb1f951

SHA512
76c7df1bc0b01bb401de7416647129986d20152832d820e5d7b768550a2a7ddc610924422697b71e4477effd56b39604e3bb581939a0eaa6bc4b38c53b210754

Download Submit
\Program Files\Genshin Impact\Qt5Qml.dll

Filesize
3.8MB

MD5
45390fa57bb8c30570d229c1d8d1c73b

SHA1
e183dff1da6dd32e21d9c46ae1d984d78bc33540

SHA256
433f41b93dde8a1b23611d28f7dbbd07cc3039b136b700e2c7fd9e7ef6d9c0dc

SHA512
7b7ff7242697df69107516113edaa35df5a6cc726d425ba9797612c012e3d6939aaf99ceb574fdead8381ec3a8c07fae0892c70c4f5604ec4125c821f342acbf

Download Submit
\Program Files\Genshin Impact\Qt5Quick.dll

Filesize
3.6MB

MD5
004e312a08becb87d25bf15747daeebc

SHA1
f97c1d86f9125eec088d53638a5c2d0951c99487

SHA256
a04a4d293191450879b365d00dc063e129bb4caffe2ccebf6e3079b4c538be91

SHA512
7508f1109f594899c6c269a9478f5ec19f33556ffa30902d14439a4a59d8d0c2211e1f12b575f395edf6d431c3d13692a21ad0028ba739cbbdd225b4bfb72b41

Download Submit
\Program Files\Genshin Impact\Qt5QuickWidgets.dll

Filesize
77KB

MD5
7494d78597a2f683c25a005609cb6453

SHA1
6b651da28cc4c22d86b2af3272e52bff0d2f1eec

SHA256
ae57a0b2e9ae3df31a22a372c7af061e653f72fdec3fb88306449911266ecdcb

SHA512
3107a1c8f91af86f320f14b8fdd4b8d31f9f16ba791f60fa1cfc0822372000e875d630c6cd77cd7b5ee4f16a54a39024a0d6a21226e3b0e35e0f31d90e0399bf

Download Submit
\Program Files\Genshin Impact\Qt5WebChannel.dll

Filesize
120KB

MD5
2bbc222f612e67ad199b2855fec62345

SHA1
3f4dc92bb74777952349e64e83789aad40caf1ab

SHA256
cfba487fc2009119295c5ad05e6c8cf9a3d6a9a72f48cb20ce2beba0bc353400

SHA512
908201b4f945fe5c4c04fa4197c0e718fc7bcddea379bd634946a2a4fbfd0a4e984fd26fd0573d84bd867a0e12a3261b19d9b770f05ff6574c924e9939d887a2

Download Submit
\Program Files\Genshin Impact\Qt5WebEngineCore.dll

Filesize
76.3MB

MD5
83f635ceb96697909e8c3b14b62cf584

SHA1
668abc7b9bb4e44abc14e9ae7b2987431e17f60e

SHA256
23c155b9ab3526c741754f4351fa8ea6b639ab669af2398e4bced0fd73911d6b

SHA512
f28faf554ca9f4c4157c762f20bef7fe8e48d197a7629662ec5d1b7b89927b5e59d9ab9cff4856873c37239a237c528df84179e18afeea5ac948d3be9f785641

Download Submit
\Program Files\Genshin Impact\Qt5WebEngineWidgets.dll

Filesize
226KB

MD5
47223069528384e7e6b40d9116640f27

SHA1
4402b986b9a5d8592b940b74c51b2f30b76fbb9f

SHA256
8af31ae80b25f573136643aeeb97aa5bc2919279915e7a648b7be855f0f61d90

SHA512
cd82f9e1b06c84d4b266912d94b56198eee33070501832ca39205ba78caf440270b92daa51edd9332ca02aacacd52150cff5e52946267ac456cb253a74fb90d2

Download Submit
\Program Files\Genshin Impact\Qt5Widgets.dll

Filesize
5.3MB

MD5
bf377ce7199eb0277133e38ae925812e

SHA1
dae0788bb124fcca274c775b93c8681b4ad0cf83

SHA256
19f8bff8cb5fa92a747f7f81640ddaa4dd8ed547c4051f6a79a2c148cd17131d

SHA512
bbc9f418b1fb826d114f72460ee261dc8c50726b7690e8f904d5431616b131f405bde9501f0757a33ae9d152d9b09fd8e300eb1cd95642c2e9e240d4d356cc70

Download Submit
\Program Files\Genshin Impact\launcher.exe

Filesize
3.2MB

MD5
9af9b8cbb7f2d2a39c4e39752ed7c32e

SHA1
c7f1f929a2db2bd6bea23183288c2d00f495ddac

SHA256
856b61d3bd6d009fb5835221dd2130a33a297a957abf4b70bca21832c3116369

SHA512
635710930589af9574b3661dbef9554d8f0112edfeaa3522a326c3ae2401ef7aeb4eb25bf10176ca75c5294510fc25eaa678dca0963bcfcd1f8d884b4560b0d7

Download Submit
\Program Files\Genshin Impact\launcher.exe

Filesize
3.2MB

MD5
9af9b8cbb7f2d2a39c4e39752ed7c32e

SHA1
c7f1f929a2db2bd6bea23183288c2d00f495ddac

SHA256
856b61d3bd6d009fb5835221dd2130a33a297a957abf4b70bca21832c3116369

SHA512
635710930589af9574b3661dbef9554d8f0112edfeaa3522a326c3ae2401ef7aeb4eb25bf10176ca75c5294510fc25eaa678dca0963bcfcd1f8d884b4560b0d7

Download Submit
\Program Files\Genshin Impact\launcher.exe

Filesize
3.2MB

MD5
9af9b8cbb7f2d2a39c4e39752ed7c32e

SHA1
c7f1f929a2db2bd6bea23183288c2d00f495ddac

SHA256
856b61d3bd6d009fb5835221dd2130a33a297a957abf4b70bca21832c3116369

SHA512
635710930589af9574b3661dbef9554d8f0112edfeaa3522a326c3ae2401ef7aeb4eb25bf10176ca75c5294510fc25eaa678dca0963bcfcd1f8d884b4560b0d7

Download Submit
\Program Files\Genshin Impact\launcher.exe

Filesize
3.2MB

MD5
9af9b8cbb7f2d2a39c4e39752ed7c32e

SHA1
c7f1f929a2db2bd6bea23183288c2d00f495ddac

SHA256
856b61d3bd6d009fb5835221dd2130a33a297a957abf4b70bca21832c3116369

SHA512
635710930589af9574b3661dbef9554d8f0112edfeaa3522a326c3ae2401ef7aeb4eb25bf10176ca75c5294510fc25eaa678dca0963bcfcd1f8d884b4560b0d7

Download Submit
\Program Files\Genshin Impact\msvcp140.dll

Filesize
576KB

MD5
e74caf5d94aa08d046a44ed6ed84a3c5

SHA1
ed9f696fa0902a7c16b257da9b22fb605b72b12e

SHA256
3dedef76c87db736c005d06a8e0d084204b836af361a6bd2ee4651d9c45675e8

SHA512
d3128587bc8d62e4d53f8b5f95eb687bc117a6d5678c08dc6b59b72ea9178a7fd6ae8faa9094d21977c406739d6c38a440134c1c1f6f9a44809e80d162723254

Download Submit
\Program Files\Genshin Impact\platforms\qwindows.dll

Filesize
1.4MB

MD5
d00e8dba57dde95eac770c2c4e1e0ddc

SHA1
370e15e178052cac31f1a9a904e7b3aaedf367a4

SHA256
413f65f3dc3639564b927c357a733024a8f94a7847c0707694307cc5c3fc2f25

SHA512
d1ec3bd2eab6597012572cda6b61400bb74911a3c6ad6977ccff04e2ea8dce1f0ff11012bdc85dc53b60edf321355923fd99489a51eb5deb9d3b57e4f1b5a8ac

Download Submit
\Program Files\Genshin Impact\uninstall.exe

Filesize
20.8MB

MD5
8ac87dc39032475dd4f802e7ba59115b

SHA1
27e92cac7f39532673996b7f887c1fd9c8524cc6

SHA256
8d01717c93c64763fa0aa6c10d7367b3a971d60dfeb7ce9b22558f6d4a8757d0

SHA512
7420b57136aee9b652abb72b15d11b106f4936f72ccf4198283f7d4886556a07a3de12ed97d3be0f1514e1806b925d83c7f27638710f0d92c7f10c1d3975ec05

Download Submit
\Program Files\Genshin Impact\vcruntime140_1.dll

Filesize
43KB

MD5
3b22b2ec303b0721827dd768c87df6ed

SHA1
86f8af095cf7368ccbff2d0fd6d33586145acd2b

SHA256
3b792da47040c3b3e0804cdc5153eef4e802b6975963029d8dc360cb824a7b62

SHA512
79db774980ee132797f7e7dbc0e055b724d8fbf0e4917523b285f918730adfff81022cc6f5e15469b011d55501fd7b085bc070e9ecdfb75c05f4d6622a7f2475

Download Submit
\Users\Admin\AppData\Local\Temp\Genshin Impact-iQZrzp\7z.dll

Filesize
1.1MB

MD5
e7ae42ea24cff97bdead0c560ef2add1

SHA1
866f380a62622ab1b6c7705ddc116635e6e3cc86

SHA256
db2897eeea65401ee1bd8feeebd0dbae8867a27ff4575f12b0b8a613444a5ef7

SHA512
a4a27b2be70e9102d95ee319ec365b0dc434d4e8cd25589ce8a75b73bbe4f06b071caa907c7a61387b2ce6a35a70873593564499b88598f77a7c25c47448fb0a

Download Submit
\Users\Admin\AppData\Local\Temp\Genshin Impact-iQZrzp\7z.dll

Filesize
1.1MB

MD5
e7ae42ea24cff97bdead0c560ef2add1

SHA1
866f380a62622ab1b6c7705ddc116635e6e3cc86

SHA256
db2897eeea65401ee1bd8feeebd0dbae8867a27ff4575f12b0b8a613444a5ef7

SHA512
a4a27b2be70e9102d95ee319ec365b0dc434d4e8cd25589ce8a75b73bbe4f06b071caa907c7a61387b2ce6a35a70873593564499b88598f77a7c25c47448fb0a

Download Submit
memory/1832-105-0x000007FEF5BB0000-0x000007FEF610A000-memory.dmp

Filesize
5.4MB

Download
memory/1832-140-0x0000000000600000-0x000000000060A000-memory.dmp

Filesize
40KB

Download
memory/1832-128-0x00000000004D0000-0x00000000004DA000-memory.dmp

Filesize
40KB

Download
memory/1832-129-0x0000000000600000-0x000000000060A000-memory.dmp

Filesize
40KB

Download
memory/1832-130-0x0000000000600000-0x000000000060A000-memory.dmp

Filesize
40KB

Download
memory/1832-141-0x0000000000600000-0x000000000060A000-memory.dmp

Filesize
40KB

Download
memory/1832-116-0x000007FEF6610000-0x000007FEF69B6000-memory.dmp

Filesize
3.6MB

Download
memory/1832-121-0x000007FEFC2D1000-0x000007FEFC2D3000-memory.dmp

Filesize
8KB

Download
memory/2016-56-0x0000000000180000-0x000000000018A000-memory.dmp

Filesize
40KB

Download
memory/2016-54-0x0000000000180000-0x000000000018A000-memory.dmp

Filesize
40KB

Download
memory/2016-55-0x0000000000180000-0x000000000018A000-memory.dmp

Filesize
40KB

Download
memory/2016-80-0x0000000000180000-0x0000000000186000-memory.dmp

Filesize
24KB

Download