b5f59e298627a721adc9f9e39d4b25965ab220c750f0c65ba47720bb445d3628

Analysis

max time kernel
134s
max time network
153s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/02/2024, 20:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

GenshinImpact_install_ua_2fb0a675690a.exe
Size

139.8MB
MD5

daa95c7cc745c37af57b01c1c8bfbdda
SHA1

df47bb8ed5c4fa0695da5565fda28b947375240f
SHA256

b5f59e298627a721adc9f9e39d4b25965ab220c750f0c65ba47720bb445d3628
SHA512

a06a6be4664550bd7c0ecc56d15fccf142591b2be4b39f9be0c68e7d468e6bfa8b1c6d434e302506d101154f676c360535d25f0c7ddb10a0b211e43aa709569f
SSDEEP

3145728:GpWLH0rKdc4KKU3e1f2llcZfhCs607D/3uMC9dGo/C9Va/oD:jIrKdrK5CfAQf5607D2O4oD

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Genshin Impact\languages\th-th.qm	7z.exe
File created	C:\Program Files\Genshin Impact\languages\tr-tr.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-core-errorhandling-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\icudtl.dat	7z.exe
File created	C:\Program Files\Genshin Impact\languages\zh-tw.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\translations\qt_zh_TW.qm	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-core-sysinfo-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-crt-stdio-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\libEGL.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\position\qtposition_positionpoll.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\imageformats\qico.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\es-419.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-core-debug-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-core-libraryloader-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\imageformats\qsvg.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\position\qtposition_serialnmea.dll	7z.exe
File created	C:\Program Files\Genshin Impact\Qt5Qml.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\scenegraph\qsgd3d12backend.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\iconengines	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\languages\vi-vn.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-crt-string-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\launcher.exe	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\Qt5Gui.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\styles\qwindowsvistastyle.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\gu.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\msvcp140.dll	7z.exe
File created	C:\Program Files\Genshin Impact\Qt5Svg.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\Qt5Svg.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\imageformats\qsvg.dll	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\zh-CN.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-core-libraryloader-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\libEGL.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\msvcp110.dll	7z.exe
File created	C:\Program Files\Genshin Impact\Qt5Core.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\translations\qt_bg.qm	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-core-synch-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\Astrolabe.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\libcrypto-1_1-x64.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\opengl32sw.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\platforms\qwindows.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\translations\qt_en.qm	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\ru.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\imageformats\qgif.dll	7z.exe
File created	C:\Program Files\Genshin Impact\ssleay32.dll	7z.exe
File created	C:\Program Files\Genshin Impact\vcruntime140.dll	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\da.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\et.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qt_he.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\translations\qt_lv.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\translations\qt_sk.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-core-profile-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\languages\vi-vn.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\QtWebEngineProcess.exe	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\imageformats	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\sk.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qt_en.qm	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\translations\qt_gd.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\7z.dll	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\sw.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qt_pl.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-crt-locale-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\qmltooling\qmldbg_native.dll	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\te.pak	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-crt-string-l1-1-0.dll	7z.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DPX\setupact.log	wusa.exe
File opened for modification	C:\Windows\Logs\DPX\setuperr.log	wusa.exe
File opened for modification	C:\Windows\WindowsUpdate.log	wusa.exe
File created	C:\Windows\wusa.lock	wusa.exe
File opened for modification	C:\Windows\Logs\DPX\setupact.log	wusa.exe
File opened for modification	C:\Windows\Logs\DPX\setuperr.log	wusa.exe
File opened for modification	C:\Windows\WindowsUpdate.log	wusa.exe
File created	C:\Windows\wusa.lock	wusa.exe

Executes dropped EXE 5 IoCs

pid	Process
2648	7z.exe
1528	7z.exe
2456	launcher.exe
1916	QtWebEngineProcess.exe
1296	7z.exe

Loads dropped DLL 61 IoCs

pid	Process
2648	7z.exe
1528	7z.exe
1712	GenshinImpact_install_ua_2fb0a675690a.exe
1372	Process not Found
1372	Process not Found
1372	Process not Found
1372	Process not Found
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
1372	Process not Found
2456	launcher.exe
1916	QtWebEngineProcess.exe
1916	QtWebEngineProcess.exe
1916	QtWebEngineProcess.exe
1916	QtWebEngineProcess.exe
1916	QtWebEngineProcess.exe
1916	QtWebEngineProcess.exe
1916	QtWebEngineProcess.exe
1916	QtWebEngineProcess.exe
1916	QtWebEngineProcess.exe
1916	QtWebEngineProcess.exe
1916	QtWebEngineProcess.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2320	Process not Found
1296	7z.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GenshinImpact_install_ua_2fb0a675690a.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	launcher.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GenshinImpact_install_ua_2fb0a675690a.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GenshinImpact_install_ua_2fb0a675690a.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	GenshinImpact_install_ua_2fb0a675690a.exe

Enumerates processes with tasklist 1 TTPs 3 IoCs

Process Discovery

T1057

pid	Process
2896	tasklist.exe
1584	tasklist.exe
1692	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	launcher.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\hk4e-global\shell\open	GenshinImpact_install_ua_2fb0a675690a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\hk4e-global\URL Protocol = "hk4e-global"	GenshinImpact_install_ua_2fb0a675690a.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\hk4e-global\shell\open\command	GenshinImpact_install_ua_2fb0a675690a.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\hk4e-global\shell	GenshinImpact_install_ua_2fb0a675690a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\hk4e-global\shell\open\command\ = "\"C:\\Program Files\\Genshin Impact\\launcher.exe\" \"--url=%1\""	GenshinImpact_install_ua_2fb0a675690a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\hk4e-global\URL Protocol = "hk4e-global"	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\hk4e-global\UseOriginalUrlEncoding = "1"	launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\hk4e-global\shell\open\command\ = "\"C:\\Program Files\\Genshin Impact\\launcher.exe\" \"--url=%1\""	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\hk4e-global	GenshinImpact_install_ua_2fb0a675690a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_CLASSES\hk4e-global\UseOriginalUrlEncoding = "1"	GenshinImpact_install_ua_2fb0a675690a.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54362000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd90b000000010000001200000044006900670069004300650072007400000014000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd155090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 1900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c543604000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	launcher.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1712	GenshinImpact_install_ua_2fb0a675690a.exe
2456	launcher.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2456	launcher.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1712	GenshinImpact_install_ua_2fb0a675690a.exe
2456	launcher.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: SeDebugPrivilege	2896	tasklist.exe
Token: SeDebugPrivilege	1584	tasklist.exe
Token: SeDebugPrivilege	1692	tasklist.exe
Token: SeRestorePrivilege	2648	7z.exe
Token: 35	2648	7z.exe
Token: SeSecurityPrivilege	2648	7z.exe
Token: SeRestorePrivilege	1528	7z.exe
Token: 35	1528	7z.exe
Token: SeSecurityPrivilege	1528	7z.exe
Token: SeSecurityPrivilege	1528	7z.exe
Token: SeIncreaseQuotaPrivilege	2272	wmic.exe
Token: SeSecurityPrivilege	2272	wmic.exe
Token: SeTakeOwnershipPrivilege	2272	wmic.exe
Token: SeLoadDriverPrivilege	2272	wmic.exe
Token: SeSystemProfilePrivilege	2272	wmic.exe
Token: SeSystemtimePrivilege	2272	wmic.exe
Token: SeProfSingleProcessPrivilege	2272	wmic.exe
Token: SeIncBasePriorityPrivilege	2272	wmic.exe
Token: SeCreatePagefilePrivilege	2272	wmic.exe
Token: SeBackupPrivilege	2272	wmic.exe
Token: SeRestorePrivilege	2272	wmic.exe
Token: SeShutdownPrivilege	2272	wmic.exe
Token: SeDebugPrivilege	2272	wmic.exe
Token: SeSystemEnvironmentPrivilege	2272	wmic.exe
Token: SeRemoteShutdownPrivilege	2272	wmic.exe
Token: SeUndockPrivilege	2272	wmic.exe
Token: SeManageVolumePrivilege	2272	wmic.exe
Token: 33	2272	wmic.exe
Token: 34	2272	wmic.exe
Token: 35	2272	wmic.exe
Token: SeIncreaseQuotaPrivilege	2272	wmic.exe
Token: SeSecurityPrivilege	2272	wmic.exe
Token: SeTakeOwnershipPrivilege	2272	wmic.exe
Token: SeLoadDriverPrivilege	2272	wmic.exe
Token: SeSystemProfilePrivilege	2272	wmic.exe
Token: SeSystemtimePrivilege	2272	wmic.exe
Token: SeProfSingleProcessPrivilege	2272	wmic.exe
Token: SeIncBasePriorityPrivilege	2272	wmic.exe
Token: SeCreatePagefilePrivilege	2272	wmic.exe
Token: SeBackupPrivilege	2272	wmic.exe
Token: SeRestorePrivilege	2272	wmic.exe
Token: SeShutdownPrivilege	2272	wmic.exe
Token: SeDebugPrivilege	2272	wmic.exe
Token: SeSystemEnvironmentPrivilege	2272	wmic.exe
Token: SeRemoteShutdownPrivilege	2272	wmic.exe
Token: SeUndockPrivilege	2272	wmic.exe
Token: SeManageVolumePrivilege	2272	wmic.exe
Token: 33	2272	wmic.exe
Token: 34	2272	wmic.exe
Token: 35	2272	wmic.exe
Token: SeRestorePrivilege	1296	7z.exe
Token: 35	1296	7z.exe
Token: SeSecurityPrivilege	1296	7z.exe
Token: SeSecurityPrivilege	1296	7z.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1712	GenshinImpact_install_ua_2fb0a675690a.exe
1712	GenshinImpact_install_ua_2fb0a675690a.exe
1712	GenshinImpact_install_ua_2fb0a675690a.exe
1712	GenshinImpact_install_ua_2fb0a675690a.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe
2456	launcher.exe

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2896	1712	GenshinImpact_install_ua_2fb0a675690a.exe	30
PID 1712 wrote to memory of 2896	1712	GenshinImpact_install_ua_2fb0a675690a.exe	30
PID 1712 wrote to memory of 2896	1712	GenshinImpact_install_ua_2fb0a675690a.exe	30
PID 1712 wrote to memory of 1584	1712	GenshinImpact_install_ua_2fb0a675690a.exe	33
PID 1712 wrote to memory of 1584	1712	GenshinImpact_install_ua_2fb0a675690a.exe	33
PID 1712 wrote to memory of 1584	1712	GenshinImpact_install_ua_2fb0a675690a.exe	33
PID 1712 wrote to memory of 1692	1712	GenshinImpact_install_ua_2fb0a675690a.exe	35
PID 1712 wrote to memory of 1692	1712	GenshinImpact_install_ua_2fb0a675690a.exe	35
PID 1712 wrote to memory of 1692	1712	GenshinImpact_install_ua_2fb0a675690a.exe	35
PID 1712 wrote to memory of 2648	1712	GenshinImpact_install_ua_2fb0a675690a.exe	37
PID 1712 wrote to memory of 2648	1712	GenshinImpact_install_ua_2fb0a675690a.exe	37
PID 1712 wrote to memory of 2648	1712	GenshinImpact_install_ua_2fb0a675690a.exe	37
PID 1712 wrote to memory of 2648	1712	GenshinImpact_install_ua_2fb0a675690a.exe	37
PID 1712 wrote to memory of 1528	1712	GenshinImpact_install_ua_2fb0a675690a.exe	39
PID 1712 wrote to memory of 1528	1712	GenshinImpact_install_ua_2fb0a675690a.exe	39
PID 1712 wrote to memory of 1528	1712	GenshinImpact_install_ua_2fb0a675690a.exe	39
PID 1712 wrote to memory of 1528	1712	GenshinImpact_install_ua_2fb0a675690a.exe	39
PID 1712 wrote to memory of 2456	1712	GenshinImpact_install_ua_2fb0a675690a.exe	42
PID 1712 wrote to memory of 2456	1712	GenshinImpact_install_ua_2fb0a675690a.exe	42
PID 1712 wrote to memory of 2456	1712	GenshinImpact_install_ua_2fb0a675690a.exe	42
PID 2456 wrote to memory of 2272	2456	launcher.exe	44
PID 2456 wrote to memory of 2272	2456	launcher.exe	44
PID 2456 wrote to memory of 2272	2456	launcher.exe	44
PID 2456 wrote to memory of 1916	2456	launcher.exe	45
PID 2456 wrote to memory of 1916	2456	launcher.exe	45
PID 2456 wrote to memory of 1916	2456	launcher.exe	45
PID 2456 wrote to memory of 1296	2456	launcher.exe	46
PID 2456 wrote to memory of 1296	2456	launcher.exe	46
PID 2456 wrote to memory of 1296	2456	launcher.exe	46
PID 2456 wrote to memory of 2404	2456	launcher.exe	48
PID 2456 wrote to memory of 2404	2456	launcher.exe	48
PID 2456 wrote to memory of 2404	2456	launcher.exe	48
PID 2456 wrote to memory of 2956	2456	launcher.exe	49
PID 2456 wrote to memory of 2956	2456	launcher.exe	49
PID 2456 wrote to memory of 2956	2456	launcher.exe	49

C:\Users\Admin\AppData\Local\Temp\GenshinImpact_install_ua_2fb0a675690a.exe
"C:\Users\Admin\AppData\Local\Temp\GenshinImpact_install_ua_2fb0a675690a.exe"
1⤵
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\system32\tasklist.exe
  tasklist /FI "imagename eq crashreport.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2896
- C:\Windows\system32\tasklist.exe
  tasklist /FI "imagename eq launcher.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1584
- C:\Windows\system32\tasklist.exe
  tasklist /FI "imagename eq QtWebEngineProcess.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:1692
- C:\Users\Admin\AppData\Local\Temp\Genshin Impact-hCzTpN\7z.exe
  7z.exe l "C:/Users/Admin/AppData/Local/Temp/Genshin Impact-hCzTpN/app.7z"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2648
- C:\Users\Admin\AppData\Local\Temp\Genshin Impact-hCzTpN\7z.exe
  7z.exe x "C:/Users/Admin/AppData/Local/Temp/Genshin Impact-hCzTpN/app.7z" "-oC:\Program Files\Genshin Impact" -aoa -bsp1
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1528
- C:\Program Files\Genshin Impact\launcher.exe
  "C:\Program Files\Genshin Impact\launcher.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2456
- - C:\Windows\System32\Wbem\wmic.exe
    wmic qfe get hotfixid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2272
- - C:\Program Files\Genshin Impact\QtWebEngineProcess.exe
    "C:\Program Files\Genshin Impact\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=6513429209691030357 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=6513429209691030357 --renderer-client-id=2 --mojo-platform-channel-handle=1768 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1916
- - C:\Program Files\Genshin Impact\7z.exe
    7z.exe x "C:\Program Files\Genshin Impact\patch\fac986b82c31f75c0820803748a74af4_959244273130049999.zip" "-oC:\Program Files\Genshin Impact\patch" -aoa -bsp1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1296
- - C:\Windows\system32\wusa.exe
    wusa /quiet /norestart "C:/Program Files/Genshin Impact/patch/windows/Windows6.1-KB2921916-x64.msu"
    3⤵
    - Drops file in Windows directory
    PID:2404
- - C:\Windows\system32\wusa.exe
    wusa /quiet /norestart "C:/Program Files/Genshin Impact/patch/windows/Windows6.1-KB3033929-x64.msu"
    3⤵
    - Drops file in Windows directory
    PID:2956
- - C:\Program Files\Genshin Impact\crashreport.exe
    "C:\Program Files\Genshin Impact\crashreport.exe" --ipc_field=eyJjb21tb25fY29uZmlnIjoie1wiYXBwX2lkXCI6XCJwbGF0X1dpbmRvd3NfakVlOEsxblBNdFwiLFwiYXBwX3ZlcnNpb25cIjpcIjIuMzEuMC4wXCIsXCJhcmVhXCI6XCJvc1wiLFwiY2hhbm5lbFwiOlwibGF1bmNoZXJcIixcImNvbXBpbGVfdHlwZVwiOlwicmVsZWFzZVwiLFwiZGV2aWNlX2lkXCI6XCIyMzAwNjM1OGYwNjM0MjYyYWVlNDFkYWI0ZTgzOThcIixcImVuZ2luZV90eXBlXCI6XCJVbml0eVwiLFwibGlmZWN5Y2xlX2lkXCI6XCJlYTBjNjA4NzcxNjFhYWNmMTI0MmM0MTRkZGM0ZWNcIixcInBhY2thZ2VfbmFtZVwiOlwiR2Vuc2hpbiBJbXBhY3RfNmQ4MjlhODQxNzAxMzEzNjA4XCIsXCJyZWdpb25cIjpcIlwiLFwic3ltYm9sX2lkXCI6XCJHZW5zaGluIEltcGFjdF82ZDgyOWE4NDE3MDEzMTM2MDhcIixcInVzZXJfZGV2aWNlX2lkXCI6XCIxMmNjZTAwZTUxMWY0N2U1ODU4ODdkZjY3ODg2ZGE0MjE3MDc2ODIzMzQxODdcIixcInVzZXJfaWRcIjpcIjEyY2NlMDBlNTExZjQ3ZTU4NTg4N2RmNjc4ODZkYTQyMTcwNzY4MjMzNDE4N1wifSIsInJlcG9ydF9tb2RlbCI6IntcImR1bXBfZmlsZV9wYXRoXCI6XCJcIixcImR1bXBfcGF0aFwiOlwiQzovUHJvZ3JhbSBGaWxlcy9HZW5zaGluIEltcGFjdC9kbXBcIixcImxvZ19kZXN0XCI6MCxcImxvZ19sZXZlbFwiOjAsXCJtYXhfcmV0cnlfY291bnRcIjozLFwicGx1Z2luX3ZhbHVlXCI6e1wiQ3Jhc2hUeXBlXCI6XCJcIixcIkZpbGVFeGlzdHNcIjp0cnVlLFwiRnJlZURpc2tTaXplXCI6XCIyMDc0NjQyNDMyMFwiLFwiRnJlZU1lbW9yeVwiOlwiMTQzNzI4MjMwNFwiLFwiTmV0V29ya1wiOlwiXCIsXCJTeW1ib2xJZFwiOlwiR2Vuc2hpbiBJbXBhY3RfNmQ4MjlhODQxNzAxMzEzNjA4XCIsXCJVc2VEdXJhdGlvblNlY29uZHNcIjpcIlwifSxcInJlbWFpbl9maWxlXCI6ZmFsc2UsXCJyZXBvcnRfZW52XCI6XCJyZWxlYXNlXCIsXCJzdWJwcm9jZXNzX2ZpbGVcIjpcIlwifSIsInN0YXJ0X21vZGUiOjEsIndvcmtpbmdfZGlyIjoiQzpcXFByb2dyYW0gRmlsZXNcXEdlbnNoaW4gSW1wYWN0XFxhc3Ryb2xhYmUifQ==
    3⤵
    PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Genshin Impact\MHYQtCommon.dll

Filesize
2.7MB

MD5
dec96d4e6b19c2f012cbe5c4334a550d

SHA1
938bac27465a681b3127679c73b18ff61577ddb6

SHA256
83bd06a9d54fda242548ceed896dd56a42dcaf9c51e30287bca48446dbc481d3

SHA512
a3a5048731a8d09e0d8e96f951e82ef9269de7893b6c28f7d637813001d1e22922fb7a273cb939e5e87eb9272385f22b3bc82d57ff6bb3973f257d7768e4ae87

Download Submit
C:\Program Files\Genshin Impact\Qt5Core.dll

Filesize
2.6MB

MD5
ca97ed978f614defb2793b04fbad0fea

SHA1
b17ed3cc87be46e7c42c0762a67d132e65ad2fd6

SHA256
4075a1677df31843f561c9a940096f30ef57afce78624d0be0da3ad400909d5c

SHA512
2e655f68fcef9ab7792929ecf4d1ae9b71f8bafe174479573f1ca41d72c0384015fab16f4cc9b68efb32af690329049c57da228df418faed5bbbbbdc35a22e3f

Download Submit
C:\Program Files\Genshin Impact\Qt5Gui.dll

Filesize
3.1MB

MD5
4151a7c506a3d57be8f5b9d7ce3226e0

SHA1
a6ff465d1643211dcc1872c52cf563a8179af40b

SHA256
f6189f16c838a53311a0dd8c525fc01abc9085718033772da0246ec8725c5f61

SHA512
dae66a9cfb596f402419a142e28e872a75c03d2e31209bdf48877093c4bb1b04ad39931cc1e3233fabc4a3ed3e7c545c4a823d8c13f3b94838f4148ae8a20e4d

Download Submit
C:\Program Files\Genshin Impact\Qt5Qml.dll

Filesize
2.6MB

MD5
0d06947d948a9ddc6d1613f3d74005f2

SHA1
861a3d1c3725bd808bf6433ede81b701e29c6982

SHA256
df2f3cc3b98150fe3aff05def91bfad1566a364b69f6dc959918c5157404eefb

SHA512
8cb5f471c561b06212884afaed04d9964be543258723959ff62d29b3746e71acf03bac272cec35d573e0155a979e6488c812e0adeb12ecb40b8b47c413dbaa82

Download Submit
C:\Program Files\Genshin Impact\Qt5Quick.dll

Filesize
2.7MB

MD5
c122b923f7ed42012fef450843e7f783

SHA1
0fd5d1d542494c497e52279b827f16b45725e486

SHA256
edae81614237ae760a9ec3715f7b0c4b4aae81b24b40f817ead3a2446a86396c

SHA512
5903ae01abf1039a81796e88222c981674792b830459a5dff10e7b0f23f9a04a468f4fe2db9c43160dd09cf82de68bcd881cf51b1ae5ba4ae8b74d8b750ed7c4

Download Submit
C:\Program Files\Genshin Impact\Qt5WebEngineCore.dll

Filesize
2.7MB

MD5
debb4d365dc93eae3bf40238b9fa0227

SHA1
e283e19d94ec75957c2a5a8529431802a01f3314

SHA256
aaf79735d889e63d2c9e01e4de67d867ba1579a95ba68a0fa733ded6b05c0cf0

SHA512
b79e8367d3c3191bfa2f6197acec81895a5ef6ec397b28236a8a060564b86279c5b4b33ad84031bf9641f27ec993acb62da150342d3e1222e42d0bd1834a2646

Download Submit
C:\Program Files\Genshin Impact\Qt5Widgets.dll

Filesize
3.1MB

MD5
2fb142b18f1060252d35734b2dc43afc

SHA1
78cd535caddb2ed0acf0020b4e8b5f0bd69c2acb

SHA256
befbc3d7897cb32dc6d346bbd9375f5e330f46dadaab702245997d3936ce4fd9

SHA512
04f82d3c2d2490cc2f06ea81b439e5ddbd29b0660f9fe2ada3e051d27216755c8694a0c57d6297822e86c1a2d64cec9171ed611d68f3fc4f40cb59bd44ca9fbd

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-core-file-l1-2-0.dll

Filesize
23KB

MD5
1493097565785d509a8f76a86b125d9a

SHA1
75a887f79ea8daf6dc083cd323fe2c8d25b39963

SHA256
7050bfdaee49df09b391e17e6da064562a9b8a4cabfe1da60d5c8fa537ddd356

SHA512
dea02a8d0641c962d5593407cf47d8018e7df61fbcdc319e63eb9e7e65d38ae19bd0defd4b4f9f8ea11d43fbb0251cd30622e6310c5d203dc9def66011810e39

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-core-file-l2-1-0.dll

Filesize
23KB

MD5
172b00a167503de8ec821bb59566577b

SHA1
daed613926969e36bc35693804e9e1825106e46e

SHA256
3a893a4129ffe675c45e2a7d8d62b1be9fdeb82c3a6199b73f6994b5e5e731b0

SHA512
252dd81ce3d04cafb77b0768738c21dd6db3861363785f128719126282479433ed61f699a6f9f514e183a2fd19913fb9b2bbc35ba85d4ad8f97d33be226cf385

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-core-localization-l1-2-0.dll

Filesize
25KB

MD5
04cdbf9f41779b0e926c30f3a77148c8

SHA1
0d4b6c517d884e69ce72213a8271dd4a9d54dbd4

SHA256
9b4ce7cff11eec9449b292f1c681dee61e2f6fdca70f7d18a99210b6a4df1e58

SHA512
f707612c0f3f60a877301615e286025db29f75912f7c64471b89d28bea085d634f58557c31c6d208d63fd895cb68c31d7b6c35c963a5df8094859125779bd59d

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
23KB

MD5
4e0b1499a1fea74579d3bccafeb4a77f

SHA1
f39feb951cce67a8df8b1749290829558a4bc04b

SHA256
796f868b2528849d278f38188aa4f50bdb4fb458494842556129214a7f8941e4

SHA512
24503fd265cb7d0d4045823ce15528a7f2d5e4124e9c842b344da3375df2a4fbb85c4807dffb5d36714b9d16c09555d058c1322b96a4bc2973b435de431a615c

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-core-synch-l1-2-0.dll

Filesize
23KB

MD5
498c9a4d7faf3efc1a44fc188926bc8f

SHA1
aa5639d3798aecefc3a8802e2693f9bf41e93e7a

SHA256
61b19b16d9d56464497dea71aab9e63e47e58ebe37b7a28a1ed210f82f128d4b

SHA512
a763249fe27da367d2fd9f8f8efc9bafcafbf1981b702b9c8e2db66487335c1a7384dfe2b47f5b1dda77a6b285bef42c1a9f1781502452849c696e98b1051888

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-core-timezone-l1-1-0.dll

Filesize
23KB

MD5
822cbeed6f51026cef485521a7f3ec23

SHA1
12fab3b9c21c110cd20b1c5ff8d7e5301396ecab

SHA256
d103555fc644a70f801a0373e3b766e393a077b1b7beea038e466fe73a94401e

SHA512
26b743ba425a4eac9676a6f946d3fe4b5aa97e8fc4c81bd598a12cc66a3995dc3d59e47d14b64fca71639754afd3e6ddc3e58bdcd1bb3b32f3e7836fd9a7db2c

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-convert-l1-1-0.dll

Filesize
27KB

MD5
779a367696347c59ea9f571de346b8b3

SHA1
0066beb055232dea3eddda876e01a74323efb12d

SHA256
ccdc19d7f57531d41150e46b9ef4f329eb03ce406c950df8f822d47b05c1eacf

SHA512
612f8a678eeb574ca7e3f39446eb8db56d5c735d93e4d3232d763a522cb1fa304e5dcba1b0f5ddea394eff072dbd7666f71d7f76cdb944b2b9cf92801777f47a

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-environment-l1-1-0.dll

Filesize
23KB

MD5
fbe568411910f2ec83150700bcecac63

SHA1
4e033b8f5122273258e99ec757dfbbe7407acb8a

SHA256
3f05881b5403b6a0290eb264e161334271a7816c20d3d8d28db83a02581a80fe

SHA512
bcd4065eea7aa76074cda0b8a58140a8b6132aefd3b3da1500683ba97fa65590ab6eec7f17c69f53c1a8b9123f62afcf5ee34a1eb977e3e035b035ce3a6d9724

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
25KB

MD5
22b679ebd46922f2c0bd5c5b25d8ca63

SHA1
eede862f81382786688b1e078d605afc6391f975

SHA256
3345be6860693d184fedf8379c46fbc8915ff879c90c289568c7635ddf54b1ef

SHA512
64f7114376e54936cff03e4eabb736ec80f9c3a179768255636b0bc207bee43ff1906225d27bcd4fd3e06251c9a10a099466df0e008f029a9956f20797b5570b

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-heap-l1-1-0.dll

Filesize
24KB

MD5
89dc843e2c108d48bb1f5c8a5feaa2dd

SHA1
36416cedfb541352679f154f79243c304cce6f86

SHA256
f5f6efd6a02b88d6fcf326e85cfff1ffb6dde27cc026e67f475f4f5c3e5b9a24

SHA512
5ffa5275bcafa1547dd6880d528decb83129875b8b0accbdf31b612681f4c10f0c3de8e224029fa1dd542a45668829683af53a842d106227776fb735a49a9b67

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-locale-l1-1-0.dll

Filesize
23KB

MD5
7ab1a44675077308362d9b677cc1194e

SHA1
2a2cf178c1ca79a770ee9cfb8ae043831167b3da

SHA256
2a7b5137b43177a282cd15cf64faacbf15980dcc0c61a5a32b5d3ca31ddc02b6

SHA512
37e9c750930cec2035e4a4eee01c204ba2c2e4f7022530eb29b56ff5c9b440743f31c8a2475b0943240eb56f8015356cb9bb6e4cff6c44f3c825693f96a8bd82

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-math-l1-1-0.dll

Filesize
33KB

MD5
9dec77b69e042492a146621b50eadf33

SHA1
30f0d491c0b6fc1fbc180fa4d6d0a5681a95f1ac

SHA256
0daa2f0f28915d1f098598bf2c89e0e520140164e5bed288d0076a22c01e606f

SHA512
c0c7e986bec96aa8163f47aa69b599589d39955a52781d72f0fea12c5db6f84bdfc6f98bd65a5d01e2a973d77876a750b53dc49e2cd85bf934561d3e264c2ca6

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
31KB

MD5
740865ba5b77592623a8d81d3688da50

SHA1
493c1207462eb2036e05bf1bb24008b8ce2e0699

SHA256
d48cb9ef1a6b873d3029d8ab344d14cebe5e79d5b52f7ea594fd790c7528974d

SHA512
9b6c6cef6dbe9c7dcf290c59d64c16faf6eb321bf105af29c4df11fe87f601176192edda047c85257e214e6e2469bad2c9b9745cd750f2f679f3953c17aab781

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
27KB

MD5
5ff6c6b773cd9f7cdbd0af351f5590aa

SHA1
3023cd500363f62b2a6455749826f8dd959755b2

SHA256
b418942358a6b92874aac7deac2fa899a2c023976a6ec75c74a74b850787d8da

SHA512
cfa024417da0eab61a5da4a2f35ed32564ff57fc57d3fac10770d6390fb744184a7b1d6612024661234baa138280fdc0df30ef8ae5df28c3b8ca563ffa10f15a

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
29KB

MD5
f974d15cf89b76436beeb6a7588e87db

SHA1
32f3a64799e0665837abaabaa509ea85de88d183

SHA256
1f46edb97eea8fe47b548292595926c736e761a8de5e749398bb928297ff2b0e

SHA512
7bc9e0dee8f468e616f3661c13ba02532300277eef2c557d0acc94615e459cb950ea7d2c621c118a3b6e3ed14fa95fc3fa5c8dd2f82def02118dbe9a558c0c22

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-string-l1-1-0.dll

Filesize
29KB

MD5
0594fad37643f3227defad5e1fbdc7bb

SHA1
13bf99c42773518fab01b62a26b40b415f47be1d

SHA256
426efe0ef154ec303199a687f73ab36bc65804ff3123c37617d004a559aa71f2

SHA512
e45193655937a12791589b2600b54f71837e4108c1625edf127134c2eb8682e0021d51e6e146e0c7edc9cef8caf44df84d35db40b19a570d0af33bd6afd4ee0d

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-time-l1-1-0.dll

Filesize
25KB

MD5
7b7ba1583d93a11ad21d749b46dd51a1

SHA1
1fce8c9dd944bdf4ceeb7b210158092769f8b8d2

SHA256
28493d32c55ebfa3bdc03796ca0a91a6bcd08b0eb4cd186c30420876b2c972ab

SHA512
c3954f0b1637dcc6dc96ff7eb6f6de7e37956c45be60238ee54e7e4788ca9424115b93090e76319ac535f4b00060436ffebab3beacf8a13e74193f32ead0ebae

Download Submit
C:\Program Files\Genshin Impact\api-ms-win-crt-utility-l1-1-0.dll

Filesize
23KB

MD5
8b044144ff3f17ab2fb7f88f26fad404

SHA1
9460fa957bb8cf675c102561b5ad23683013bdc8

SHA256
4435b8180f0d89dfdb1c140d17321bf673f19f360199176a3b06f91011730d59

SHA512
f49d3e53c146706ed9f3a496853414388217541674af88416d27b916cb142b6b4683162b745f6409eeb22a8a5b3ace2f45171a96a8531e85b311337709418027

Download Submit
C:\Program Files\Genshin Impact\astrolabe\crashreport\a02a5e23-08e4-4d39-ba4e-fa192186d747.tmp

Filesize
34B

MD5
a3e875b4a94923036c6f6c3bdb846135

SHA1
7af9eee8740a83c6880ed1269c4fd0f0c45e1433

SHA256
153b608757afe9413390d8c4139dc95896a12549e6da586b500f56eb170b3c93

SHA512
df6d214d30f380fb6b7cd89f4a2ce853c44de0c09483c40179d804909283b5a95ae6159fe21bdf2413bb668fdc53240d5b1519e15340736daadbefb44e860b7b

Download Submit
C:\Program Files\Genshin Impact\bg\0c629b0c575a3c712d4a75ea6363fe1c_7315529048308418573.png

Filesize
1.4MB

MD5
0c629b0c575a3c712d4a75ea6363fe1c

SHA1
bb827d5b0206d2bf6d648173182222218a4bd29d

SHA256
d47af00e84fce4421c00a7669e67ecc3f34797a148bdd66176049be506c1bf93

SHA512
a376b33fba8c93d1294664b7453a8f88a26bbcc909d051fd2c851d38492fb28f34ff7c5f6a6a05c9590ff5078b9b81b68b0effc7f645a75d91123e78fca4f2e1

Download Submit
C:\Program Files\Genshin Impact\config.ini.cgWdea

Filesize
166B

MD5
a3ef994852993a94b22d788230c18b8b

SHA1
7a25e6cd933659c77a1ec52904be37fa1ae9ae0b

SHA256
f017d1b479a2153e5ed3c0dcdd600a5562a8e9ac4e933ec8f21aab1ae29de96b

SHA512
38025a32fb3ee480aa2bbcc3fb7ba984adb37890a0600c740d4e51f144e6a7fd085b6896fb1deb9371dba76201102899c53d579164c5b52a213566a2129bb287

Download Submit
C:\Program Files\Genshin Impact\config.ini.lock

Filesize
61B

MD5
13a8b378e4a4b0112a09180538f92600

SHA1
0ac4d75caba51ffef59702fa94e6c4094ed5a549

SHA256
9df074230e2029790f90a5c46f4bf46226fa7e09780d5bf3cd5d8c188e8dea7f

SHA512
9b2ceff8064cd753a14da8cc404ec01a60f2e4213f8c9ac1f7adc56ac49e8d6f0971ea8b74d266ba435864a10000acaaecd23a63691ae5082bfcf28e1a1ddc43

Download Submit
C:\Program Files\Genshin Impact\launcher.exe

Filesize
3.4MB

MD5
70106ec5fdd2eb9b28ffdf1f4a409bc2

SHA1
df78a6f6b4b0af8948d5751ed92bd14e487f2613

SHA256
222441930a759e72f5875abe9092ac5b72de5875f027f869c991b1e5f5c12261

SHA512
56fc6d4684ce5fc9ee04212aced84174e0b0817c33017998e09b9d5916d7181e4f130b5161de5590e2847f418afca6a0b1b9786591b92beb3d738110fc35476f

Download Submit
C:\Program Files\Genshin Impact\launcher.exe

Filesize
3.0MB

MD5
859d0027400e4c3f632fd6f99aa9281e

SHA1
a716280906fb93d9a1446eac17b652efe3577d81

SHA256
393f2dea45bb8a8e3f8b0b374594cee8773733702bcc4ee5e8018c875d60bac7

SHA512
ab31af9690f1635296d5892e279daa9267a93b5455597f48087f920cfd9a83ed06b6f28673a52c350b4342ab013ed0bb7e5908aa8f5ef9ac469ceba57349ca2f

Download Submit
C:\Program Files\Genshin Impact\uninstall.exe

Filesize
8.6MB

MD5
242b9bab9fd9f94e012deb91a79f2e98

SHA1
a318e08e56fba5321e0a382962f4f506fe53d0cb

SHA256
4eb252375c32b25de0d71382f0f50ccf804f07f4d550adcccf11084130da23e2

SHA512
80877e2dd9232ae0492105f23d608d139fbe72ee5a7eda443496779026a3cb97cc3eb3176f003e83bc5cf94a303f0c246af070603aa60ff963ccb680952cf39e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8d3a97d8968b9b4099eb350e5e373573

SHA1
24aabcd1b37e2c3c77dcd77f10bfff06a9903677

SHA256
8b32d5a7faa3436714cb6289a410c7b9c1a0283c8aada988e1c437d94a875fb5

SHA512
1afc119f612bb71dc744db7646431e9c3c0af4f9ea8d71454545201689de392eaef397e6bfc65f781a420274ecb43d6631d258c27ad6fed2ce4fa075e7c8e26a

Download Submit
C:\Users\Admin\AppData\Local\HoYoverse\Genshin Impact\QtWebEngine\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\HoYoverse\Genshin Impact\QtWebEngine\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact-hCzTpN\7z.dll

Filesize
1.1MB

MD5
e7ae42ea24cff97bdead0c560ef2add1

SHA1
866f380a62622ab1b6c7705ddc116635e6e3cc86

SHA256
db2897eeea65401ee1bd8feeebd0dbae8867a27ff4575f12b0b8a613444a5ef7

SHA512
a4a27b2be70e9102d95ee319ec365b0dc434d4e8cd25589ce8a75b73bbe4f06b071caa907c7a61387b2ce6a35a70873593564499b88598f77a7c25c47448fb0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact-hCzTpN\7z.exe

Filesize
286KB

MD5
afc08ce359e79887e45b8460e124d63e

SHA1
e8dcddb302f01d51da3bcbfa6707d025a896aa57

SHA256
a20d93e7dc3711e8b8a8f63bd148ddc70de8c952de882c5495ac121bfedb749f

SHA512
32d3b8d964711a5706f8cf9f87bc6e33670bba2cb3ab88603dec399652ac7fe297a4692f0865a0bdcbd06515d6b0a84e5a96d1b7fda48f556543536889ba387a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact-hCzTpN\app.7z

Filesize
9.0MB

MD5
4830ecd094034957bca3179a734a37cb

SHA1
2895b83aa6b1a4e76432291ea6f07cfcdae9da76

SHA256
5e08d0d638d6279f6990e9be4b8b4f1610febd8f1581708dd6a9faa9eee5122c

SHA512
0ba63c1b530e2ded6d833e61d195b78fd238f048954d1e1acf15af7e49612568c8511fa2e3e4adca8c792b5a6f002f30a0a5b744a8585c1f7d5710c59bd35146

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9562.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
\Program Files\Genshin Impact\MHYQtCommon.dll

Filesize
2.8MB

MD5
5d00f10892ce8b88bb0df75f63031f7f

SHA1
7c2c7011b1f07a7ea39743e1c3cc703e079a0b99

SHA256
4a89ce1a6d8e0658de24db198a6400c0a3be619d7495b598922c8c4785d29339

SHA512
f566dc1af850c8f16d860a9196bcf4d4dd2756fd0a4dc178181eaf7825aea1168b8388e1476257d79b49af46823ed4a8f1c240b652c79751a56b3247f1dd49d0

Download Submit
\Program Files\Genshin Impact\Qt5Core.dll

Filesize
2.6MB

MD5
ce81e67eca6df0af692192643a8a3b3b

SHA1
25ca071fbd2052cbc27eb9ae63eaac990268733c

SHA256
dadec5bea3479be947067eaf1dcb3febbd68e0b50a5e3a61ff0ae96aede7f68d

SHA512
43efcc43307361e564dd0300537f66667d4e360cda224e3e64c64c9f2dc807de816ec67b312544628852da3af78290c9634c73f0419af897922c17b82f25746c

Download Submit
\Program Files\Genshin Impact\Qt5Gui.dll

Filesize
2.5MB

MD5
0d1a50f390e398bce07214ba5a1624da

SHA1
4297456fb0fa3e8f79c9b1a6f0957f63d8442134

SHA256
f289ca06f1e16c0b6669bdf5afd56a8660b7bb0e2c1dbd0b6c4b66bc3173c361

SHA512
64de9b8c91f90d3449fda28c49034e165596293d90db563baebfa1ad3862403f6b53510873ca7e8ac1351bbc79b809be8d83e5a9bfacf57bf567cfa777c5c055

Download Submit
\Program Files\Genshin Impact\Qt5Network.dll

Filesize
1.3MB

MD5
cc214788c1659b6589cfe627ae10d348

SHA1
68ff3d326943c5405be5c509415db54e9eeeb287

SHA256
6b9df21f01d278608e3f5376e2cbb6933d9ebc560b3722d39148151840a8237c

SHA512
009dfda81c4b9a29a645593bed3dc52e2eff2063bae6426689bdd1c4bbac4a87e1f1c89dbff27a12fb3007749c1bdd4cd0acf2150a6dda0744e17e62fdea8e0b

Download Submit
\Program Files\Genshin Impact\Qt5Positioning.dll

Filesize
330KB

MD5
c3aec825e9dc0fc8abb33ff55ca37663

SHA1
348d11cadb92510e415fc55536f38e0433773ad5

SHA256
55034de66194c4149f2b4009214179f1050a64d7b99788e2eb983905a25534e9

SHA512
88a8738cde54ec6b58523323fb065942f7a7199496a40e5091a54b7f3232e9c8865b8cbf5491d8e1a8c4f15b6f70d296aef587810244e7f7009370d57b5473be

Download Submit
\Program Files\Genshin Impact\Qt5PrintSupport.dll

Filesize
331KB

MD5
6bb48bf938f34bae011916d8f91ecc43

SHA1
0d578b6c9556a8355c4932f3c672c1c312764f2b

SHA256
bca34de929ccc4cff0212efef1cbfa1bdc857f4884979d8c6ac3a4646f3457f6

SHA512
bea64e4e30ac955f9ee22e65d2135093bbef0f4ced1242844cb82bebf0a43530a31b7a272ffaa7d7e1f48127950e367e7aa93559d6309ba5c606ede5bd13a4bc

Download Submit
\Program Files\Genshin Impact\Qt5Qml.dll

Filesize
2.3MB

MD5
e01e84ba430346cccbe96cb072a187d8

SHA1
2e786d82b3fad7ca5d463604b18721faf3b4524b

SHA256
0769c5590f522494003a390c522c57dbdff27347a3b064d60093924588a8f82a

SHA512
11304c39e01faaa6a05043c233d28b2cc6d4d3f55549bc5241ef1bcf0fadb9cf44e45b698ea17645b1d4401a6857f0aa8657dd36cf3069c249cf391cba5e63d6

Download Submit
\Program Files\Genshin Impact\Qt5Quick.dll

Filesize
2.5MB

MD5
9c6ab7bf1574407da2595d9da2c531de

SHA1
d1fe3e7252ff77d69486c533d82920ec629adf94

SHA256
75a4514b15aac9ef9a15b00b1b2f727f9a6e3b800f8fe9df34eecf91c551ff25

SHA512
8ffcbeb114d4129f5679fccdba040fd18bc01d5a13bbe86d619863fc81ecf8e13fc980fe1a8e3aa8352a92df0ded29da693aec094dec7512253a30f94bc2532c

Download Submit
\Program Files\Genshin Impact\Qt5QuickWidgets.dll

Filesize
92KB

MD5
bff3879b9daf123fcd1200521b23ae9a

SHA1
0758acd6d14d56f25ad2b701247cd644905d2659

SHA256
ca1bfa459f521da61d2f1bb5d20e2f31bcc935149ac317873227c85e28006a32

SHA512
08bf6447c3ddb89b300dfa7504c71e816bd538dbae2f042c44828c694575e268b465f18854f7a4722f80cbf380b84ed1a14c1acc41a54fa7f633b6203c562765

Download Submit
\Program Files\Genshin Impact\Qt5WebChannel.dll

Filesize
134KB

MD5
7d09625e4f8ff294f5827a29ffbd882d

SHA1
92dcaf3fff3c44cbe8c168e7609ff2ae5514e419

SHA256
67cf1104d5bcce62b4e8ce0f747ca7c8b3906d69f8d508c277e046fd76de42ac

SHA512
4f0ea8c44bbdc5b16cdb04425f65bad227a37488276ac52300c2690803927c34bee11258163c9911431dab70313fd8d44e248be5efad005875120f90d5d24315

Download Submit
\Program Files\Genshin Impact\Qt5WebEngineCore.dll

Filesize
3.7MB

MD5
f07ce0c2a931293b2944e1ccaebff682

SHA1
fdff8af4e4ee8ebd975089bc0487148209fffdc5

SHA256
ff64976600d2ba07383e805056c0dc45ce7b583510ca661e69230cd39d505f0a

SHA512
040b49412022347fb7030aa31ed5782c79af3d86b6a67ef565fef1ecca4d3c6a9cae8077b6393b9d94154d4e8e445f42eaf2ba4242e43663408ff418fc1cd80f

Download Submit
\Program Files\Genshin Impact\Qt5WebEngineWidgets.dll

Filesize
241KB

MD5
64ed5b188277a9df79cd0d0caa82fa00

SHA1
fa1b4edca83bff5aea9797ec1b38e9b849394bb1

SHA256
a38d8655ae6f01b03e3b1bc8332ff8296fa579be8c8b05d6a627ac9fb43aa50a

SHA512
62af933f68d1977b63f756c86a5bbc7c7e83f5257be5b9ff5a9dabdc7b1431180ce6b6bb389f9fcc1828e0f795985f195d47ed9e05c440b971f0841ae7cb365f

Download Submit
\Program Files\Genshin Impact\Qt5Widgets.dll

Filesize
2.9MB

MD5
52733bee5f3e409b7a09839c2cd4a9ac

SHA1
cc61a7cad2713b8665863304b9580c1b74a2aaf7

SHA256
270da884324dba2e5617037c7d8105597edcc4b54ab62195da0aa4f69a85b108

SHA512
f2323249a60fdce63085799f9a2f81cc7a4897afcf911cce74bc317394500f8e0d6fc1aa8d0d94e3cfcd790aa86b0f96599bde0fc15380c1b46e1fbe74182865

Download Submit
\Program Files\Genshin Impact\msvcp140.dll

Filesize
580KB

MD5
62a538f342ff490ddf5b7c7d354e36bf

SHA1
b166ed0fd43f054b59f1843d4b1af336810f8832

SHA256
1345b1f74cf1dd3677bcf3499462714795788eaaa20b9702cdc7baafa4beaf8d

SHA512
598907ab4e37a0092a1f651215a7581ad0d0281e6511c06408ad0f93af65892876e4075c73063da0772cc962bacf5900d862a805384887ea5daf52490e5ff51a

Download Submit
\Program Files\Genshin Impact\uninstall.exe

Filesize
9.5MB

MD5
8f5d56e81263405a301fd43499e8f3e2

SHA1
aa736b1e47c47f3c5bac9450e05d3b22e7b8e24a

SHA256
fb65a535de85e6721a0d66f5382cda7504abda0344b94b62959cec90e0ede8f6

SHA512
2843e977fbd9f93130d68ff50b0c684c619c67f7516a5368d0c36a843f682890c41e76fc970955ede62527cffc085353f90e5de39f0d88af436d3b92755c0ca6

Download Submit
\Program Files\Genshin Impact\vcruntime140.dll

Filesize
106KB

MD5
d0df1bac72398d794bec867bffcd0ddf

SHA1
1c6a1f62fd07cccb7461a39178d7afcba4b0eba9

SHA256
70661f44e0f9a2bb17ceaa2b798486b6a05feeb3eb8a41a94919d71720334051

SHA512
584fa39037af9d716c45e228ff7710a7ea61ae449b95a8d7efe5578692555a502be6b2f490a6b161fb42f45af9f30f786390722c29bcac20c28f9348da24157b

Download Submit
\Program Files\Genshin Impact\vcruntime140_1.dll

Filesize
47KB

MD5
0ae97fbade4c1129b72c5ac5a289c56e

SHA1
98d91cbfb93302a6d7f455086d63ea6d195f1564

SHA256
9f06f592706f6a9382a9949d9d82f151bb8d854aa6d2c1e33f08e1e69716c3e1

SHA512
fffc65cc298d59eafde79221109d76aa3fa21c0d80fc64797bff24a48012774563f6605d15ab0e2408709395357c3e1ab094709e10e5101fead7132e98d93fcc

Download Submit
memory/1712-1-0x0000000000110000-0x000000000011A000-memory.dmp

Filesize
40KB

Download
memory/1712-0-0x0000000000110000-0x000000000011A000-memory.dmp

Filesize
40KB

Download
memory/1712-686-0x0000000000110000-0x0000000000112000-memory.dmp

Filesize
8KB

Download
memory/1712-2-0x0000000000110000-0x000000000011A000-memory.dmp

Filesize
40KB

Download
memory/1712-3-0x0000000000110000-0x000000000011A000-memory.dmp

Filesize
40KB

Download
memory/2456-673-0x000007FEF4FC0000-0x000007FEF551A000-memory.dmp

Filesize
5.4MB

Download
memory/2456-695-0x00000000004F0000-0x00000000004FA000-memory.dmp

Filesize
40KB

Download
memory/2456-696-0x00000000004F0000-0x00000000004FA000-memory.dmp

Filesize
40KB

Download
memory/2456-685-0x000007FEF3EB0000-0x000007FEF4256000-memory.dmp

Filesize
3.6MB

Download
memory/2456-703-0x00000000005A0000-0x00000000005AA000-memory.dmp

Filesize
40KB

Download
memory/2456-702-0x00000000005A0000-0x00000000005AA000-memory.dmp

Filesize
40KB

Download
memory/2456-972-0x00000000004F0000-0x00000000004FA000-memory.dmp

Filesize
40KB

Download
memory/2456-973-0x00000000004F0000-0x00000000004FA000-memory.dmp

Filesize
40KB

Download
memory/2456-974-0x00000000005A0000-0x00000000005AA000-memory.dmp

Filesize
40KB

Download
memory/2456-975-0x00000000005A0000-0x00000000005AA000-memory.dmp

Filesize
40KB

Download