b5f59e298627a721adc9f9e39d4b25965ab220c750f0c65ba47720bb445d3628

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11-02-2024 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GenshinImpact_install_ua_2fb0a675690a.exe
Size

139.8MB
MD5

daa95c7cc745c37af57b01c1c8bfbdda
SHA1

df47bb8ed5c4fa0695da5565fda28b947375240f
SHA256

b5f59e298627a721adc9f9e39d4b25965ab220c750f0c65ba47720bb445d3628
SHA512

a06a6be4664550bd7c0ecc56d15fccf142591b2be4b39f9be0c68e7d468e6bfa8b1c6d434e302506d101154f676c360535d25f0c7ddb10a0b211e43aa709569f
SSDEEP

3145728:GpWLH0rKdc4KKU3e1f2llcZfhCs607D/3uMC9dGo/C9Va/oD:jIrKdrK5CfAQf5607D2O4oD

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Genshin Impact\imageformats	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\Qt5PrintSupport.dll	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-core-version-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\imageformats\qtga.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\sophon_downloader.dll	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\hu.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\languages\pt-pt.qm	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\languages\vi-vn.qm	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-core-interlocked-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\Qt5Network.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\config.ini.sifspY	launcher.exe
File created	C:\Program Files\Genshin Impact\languages\ko-kr.qm	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\sv.pak	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\languages\pt-pt.qm	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\imageformats\qtiff.dll	7z.exe
File created	C:\Program Files\Genshin Impact\Qt5WebEngineCore.dll	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\fi.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\it.pak	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qt_ja.qm	7z.exe
File created	C:\Program Files\Genshin Impact\opengl32sw.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\languages\fr-fr.qm	7z.exe
File created	C:\Program Files\Genshin Impact\bearer\qgenericbearer.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\libGLESV2.dll	7z.exe
File created	C:\Program Files\Genshin Impact\Qt5PrintSupport.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\platforms	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\languages	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\es-419.pak	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qt_fr.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\languages\ru-ru.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\translations\qt_lv.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\imageformats\qtiff.dll	7z.exe
File created	C:\Program Files\Genshin Impact\msvcp120.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\qmltooling	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\en-US.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\zh-CN.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\icudtl.dat	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\position\qtposition_winrt.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\7z.dll	7z.exe
File created	C:\Program Files\Genshin Impact\config.ini.SlAYFu	launcher.exe
File opened for modification	C:\Program Files\Genshin Impact\astrolabe\3f2e3c0e-cbbc-446e-b73e-981706ac0bd8.tmp	launcher.exe
File opened for modification	C:\Program Files\Genshin Impact\languages\tr-tr.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\imageformats\qsvg.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\ta.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\vc_redist.x64.exe	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\iconengines	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\ar.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\he.pak	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\ru.pak	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\fa.pak	7z.exe
File created	C:\Program Files\Genshin Impact\libssl-1_1-x64.dll	7z.exe
File created	C:\Program Files\Genshin Impact\Qt5SerialPort.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\languages\th-th.qm	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\translations\qt_es.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\libGLESV2.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\languages\zh-tw.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\sv.pak	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\languages\it-it.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-core-processthreads-l1-1-1.dll	7z.exe
File created	C:\Program Files\Genshin Impact\languages\fr-fr.qm	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\bn.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\telemetry.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\languages\zh-cn.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\MHYQtCommon.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\Qt5Core.dll	7z.exe

Executes dropped EXE 5 IoCs

pid	Process
3052	7z.exe
1548	7z.exe
804	launcher.exe
3044	QtWebEngineProcess.exe
4620	crashreport.exe

Loads dropped DLL 49 IoCs

pid	Process
3052	7z.exe
1548	7z.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe
804	launcher.exe
804	launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	launcher.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GenshinImpact_install_ua_2fb0a675690a.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GenshinImpact_install_ua_2fb0a675690a.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	GenshinImpact_install_ua_2fb0a675690a.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GenshinImpact_install_ua_2fb0a675690a.exe

Enumerates processes with tasklist 1 TTPs 3 IoCs

Process Discovery

T1057

pid	Process
3664	tasklist.exe
4516	tasklist.exe
2484	tasklist.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	crashreport.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	crashreport.exe

Modifies registry class 39 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\hk4e-global	GenshinImpact_install_ua_2fb0a675690a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\hk4e-global\shell\open	GenshinImpact_install_ua_2fb0a675690a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\hk4e-global\URL Protocol = "hk4e-global"	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 66003100000000004b58d5a1100047454e5348497e3100004e0009000400efbe4b58b7a14b58d5a12e0000001b070000000003000000000000000000000000000000a86ff900470065006e007300680069006e00200049006d007000610063007400000018000000	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 70003100000000004b58d5a1100047454e5348497e310000580009000400efbe4b58d5a14b58d5a12e0000004b330200000007000000000000000000000000000000497dfc00470065006e007300680069006e00200049006d0070006100630074002000670061006d006500000018000000	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\hk4e-global\UseOriginalUrlEncoding = "1"	GenshinImpact_install_ua_2fb0a675690a.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\hk4e-global\URL Protocol = "hk4e-global"	GenshinImpact_install_ua_2fb0a675690a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\hk4e-global\shell\open\command\ = "\"C:\\Program Files\\Genshin Impact\\launcher.exe\" \"--url=%1\""	GenshinImpact_install_ua_2fb0a675690a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = ffffffff	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\hk4e-global\UseOriginalUrlEncoding = "1"	launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\hk4e-global\shell\open\command\ = "\"C:\\Program Files\\Genshin Impact\\launcher.exe\" \"--url=%1\""	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c003100000000004b58b7a1110050524f4752417e310000740009000400efbe874fdb494b58b9a12e0000003f0000000000010000000000000000004a0000000000990c0001500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\NodeSlot = "1"	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\hk4e-global\shell	GenshinImpact_install_ua_2fb0a675690a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\hk4e-global\shell\open\command	GenshinImpact_install_ua_2fb0a675690a.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	launcher.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	launcher.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4616	GenshinImpact_install_ua_2fb0a675690a.exe
804	launcher.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3044	QtWebEngineProcess.exe
3044	QtWebEngineProcess.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4616	GenshinImpact_install_ua_2fb0a675690a.exe
804	launcher.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	2484	tasklist.exe
Token: SeDebugPrivilege	3664	tasklist.exe
Token: SeDebugPrivilege	4516	tasklist.exe
Token: SeRestorePrivilege	3052	7z.exe
Token: 35	3052	7z.exe
Token: SeSecurityPrivilege	3052	7z.exe
Token: SeRestorePrivilege	1548	7z.exe
Token: 35	1548	7z.exe
Token: SeSecurityPrivilege	1548	7z.exe
Token: SeSecurityPrivilege	1548	7z.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4616	GenshinImpact_install_ua_2fb0a675690a.exe
4616	GenshinImpact_install_ua_2fb0a675690a.exe
4616	GenshinImpact_install_ua_2fb0a675690a.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe
804	launcher.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 2484	4616	GenshinImpact_install_ua_2fb0a675690a.exe	94
PID 4616 wrote to memory of 2484	4616	GenshinImpact_install_ua_2fb0a675690a.exe	94
PID 4616 wrote to memory of 3664	4616	GenshinImpact_install_ua_2fb0a675690a.exe	96
PID 4616 wrote to memory of 3664	4616	GenshinImpact_install_ua_2fb0a675690a.exe	96
PID 4616 wrote to memory of 4516	4616	GenshinImpact_install_ua_2fb0a675690a.exe	98
PID 4616 wrote to memory of 4516	4616	GenshinImpact_install_ua_2fb0a675690a.exe	98
PID 4616 wrote to memory of 3052	4616	GenshinImpact_install_ua_2fb0a675690a.exe	100
PID 4616 wrote to memory of 3052	4616	GenshinImpact_install_ua_2fb0a675690a.exe	100
PID 4616 wrote to memory of 3052	4616	GenshinImpact_install_ua_2fb0a675690a.exe	100
PID 4616 wrote to memory of 1548	4616	GenshinImpact_install_ua_2fb0a675690a.exe	102
PID 4616 wrote to memory of 1548	4616	GenshinImpact_install_ua_2fb0a675690a.exe	102
PID 4616 wrote to memory of 1548	4616	GenshinImpact_install_ua_2fb0a675690a.exe	102
PID 4616 wrote to memory of 804	4616	GenshinImpact_install_ua_2fb0a675690a.exe	105
PID 4616 wrote to memory of 804	4616	GenshinImpact_install_ua_2fb0a675690a.exe	105
PID 804 wrote to memory of 3044	804	launcher.exe	106
PID 804 wrote to memory of 3044	804	launcher.exe	106
PID 804 wrote to memory of 4620	804	launcher.exe	107
PID 804 wrote to memory of 4620	804	launcher.exe	107

C:\Users\Admin\AppData\Local\Temp\GenshinImpact_install_ua_2fb0a675690a.exe
"C:\Users\Admin\AppData\Local\Temp\GenshinImpact_install_ua_2fb0a675690a.exe"
1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Windows\SYSTEM32\tasklist.exe
  tasklist /FI "imagename eq crashreport.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:2484
- C:\Windows\SYSTEM32\tasklist.exe
  tasklist /FI "imagename eq launcher.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:3664
- C:\Windows\SYSTEM32\tasklist.exe
  tasklist /FI "imagename eq QtWebEngineProcess.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4516
- C:\Users\Admin\AppData\Local\Temp\Genshin Impact-pboyza\7z.exe
  7z.exe l "C:/Users/Admin/AppData/Local/Temp/Genshin Impact-pboyza/app.7z"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:3052
- C:\Users\Admin\AppData\Local\Temp\Genshin Impact-pboyza\7z.exe
  7z.exe x "C:/Users/Admin/AppData/Local/Temp/Genshin Impact-pboyza/app.7z" "-oC:\Program Files\Genshin Impact" -aoa -bsp1
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1548
- C:\Program Files\Genshin Impact\launcher.exe
  "C:\Program Files\Genshin Impact\launcher.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:804
- - C:\Program Files\Genshin Impact\QtWebEngineProcess.exe
    "C:\Program Files\Genshin Impact\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=5850699363050833192 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=5850699363050833192 --renderer-client-id=2 --mojo-platform-channel-handle=2540 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:3044
- - C:\Program Files\Genshin Impact\crashreport.exe
    "C:\Program Files\Genshin Impact\crashreport.exe" --ipc_field=eyJjb21tb25fY29uZmlnIjoie1wiYXBwX2lkXCI6XCJwbGF0X1dpbmRvd3NfakVlOEsxblBNdFwiLFwiYXBwX3ZlcnNpb25cIjpcIjIuMzEuMC4wXCIsXCJhcmVhXCI6XCJvc1wiLFwiY2hhbm5lbFwiOlwibGF1bmNoZXJcIixcImNvbXBpbGVfdHlwZVwiOlwicmVsZWFzZVwiLFwiZGV2aWNlX2lkXCI6XCJmZDM5MWVjNjk4NjEwZmYyYjAzZTBhM2E0MzU1ZDFcIixcImVuZ2luZV90eXBlXCI6XCJVbml0eVwiLFwibGlmZWN5Y2xlX2lkXCI6XCJjMzBkMjRkZmNkNWY3NTViOTE2ZDY3M2Q3NTEzMThcIixcInBhY2thZ2VfbmFtZVwiOlwiR2Vuc2hpbiBJbXBhY3RfNmQ4MjlhODQxNzAxMzEzNjA4XCIsXCJyZWdpb25cIjpcIlwiLFwic3ltYm9sX2lkXCI6XCJHZW5zaGluIEltcGFjdF82ZDgyOWE4NDE3MDEzMTM2MDhcIixcInVzZXJfZGV2aWNlX2lkXCI6XCI1NDAxNWMzM2RmYjA0NmM0ODZjOTc1YTRjMTI1NDVjMTE3MDc2ODIzMzQ2MjdcIixcInVzZXJfaWRcIjpcIjU0MDE1YzMzZGZiMDQ2YzQ4NmM5NzVhNGMxMjU0NWMxMTcwNzY4MjMzNDYyN1wifSIsInJlcG9ydF9tb2RlbCI6IntcImR1bXBfZmlsZV9wYXRoXCI6XCJcIixcImR1bXBfcGF0aFwiOlwiQzovUHJvZ3JhbSBGaWxlcy9HZW5zaGluIEltcGFjdC9kbXBcIixcImxvZ19kZXN0XCI6MCxcImxvZ19sZXZlbFwiOjAsXCJtYXhfcmV0cnlfY291bnRcIjozLFwicGx1Z2luX3ZhbHVlXCI6e1wiQ3Jhc2hUeXBlXCI6XCJcIixcIkZpbGVFeGlzdHNcIjp0cnVlLFwiRnJlZURpc2tTaXplXCI6XCIyMTA3OTQyNTAyNFwiLFwiRnJlZU1lbW9yeVwiOlwiMzAyOTQzMDI3MlwiLFwiTmV0V29ya1wiOlwiXCIsXCJTeW1ib2xJZFwiOlwiR2Vuc2hpbiBJbXBhY3RfNmQ4MjlhODQxNzAxMzEzNjA4XCIsXCJVc2VEdXJhdGlvblNlY29uZHNcIjpcIlwifSxcInJlbWFpbl9maWxlXCI6ZmFsc2UsXCJyZXBvcnRfZW52XCI6XCJyZWxlYXNlXCIsXCJzdWJwcm9jZXNzX2ZpbGVcIjpcIlwifSIsInN0YXJ0X21vZGUiOjEsIndvcmtpbmdfZGlyIjoiQzpcXFByb2dyYW0gRmlsZXNcXEdlbnNoaW4gSW1wYWN0XFxhc3Ryb2xhYmUifQ==
    3⤵
    - Executes dropped EXE
    - Enumerates system info in registry
    PID:4620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Genshin Impact\MHYQtCommon.dll

Filesize
3.6MB

MD5
1a16006a90fdbf33924947a5829ccf0c

SHA1
14326b8947bbc7c8297db02524413952013d3377

SHA256
3a5db2167f884f2241ce887496feeaf95a1c252987e4a9e10c779d567941653a

SHA512
83fabd4b5cf0bff6715fc89ab874b8f62560b66ab1b91879d1257314d74ff15c124f6df83d4ab9940814c3587dd81cd492053a8ba3adfeac8549e714f5eb9637

Download Submit
C:\Program Files\Genshin Impact\MHYQtCommon.dll

Filesize
384KB

MD5
644435446cb0adf9abdfa5167745302e

SHA1
4425e2789be5535ec16f7d968a0fa965424df643

SHA256
6473234ee6668a6d33769510ce04b284b57f85fabdec7f62fd6f2bf46813901d

SHA512
7187748831687ed38032ea03ad77e6138c084e3f2315e0c2797c014789a51c64666386864bc7f3901db11b81d0ca88cabdc755dffb8a85a60ada67c5ce708ba6

Download Submit
C:\Program Files\Genshin Impact\Qt5Core.dll

Filesize
2.8MB

MD5
0e0dc37792cccfb831092d9069f1846e

SHA1
d59a0a30d6cf2cc676560dcb120c7ebc9b58a1a4

SHA256
9e73f8e95205f88bd581e1c9d1fc6df2c176d00ebf5dd9df460328e5a1ad2051

SHA512
cb2c483322f6aff0cc3927a8363828fc298e58be09fae16b3df0664bfc2537889eeb7825018ce5ef15d6fb6470d240e4968b1e7bb74ada96f50821b824a725fb

Download Submit
C:\Program Files\Genshin Impact\Qt5Core.dll

Filesize
3.3MB

MD5
d31e93f0d3f1713dc37383e5a03d5002

SHA1
8035617e378bc59b18aa05c014c13cd3e631eece

SHA256
aa116f2e800b7f61c0bf55edc2131288d1ed9c0a13df7f3be01f51401133936c

SHA512
ba994deefab668c39eb8f2ef342fe1adb7aeb50e05da0736aa69ea68f59203e55e99a827ccf70e18e7a9fcaf873b460aa4aee6925044e38343bab61ae8bafa06

Download Submit
C:\Program Files\Genshin Impact\Qt5Gui.dll

Filesize
3.2MB

MD5
9a8a67983a70ac3714e66b1f85e02f11

SHA1
af8c93727769fb17afc8d7c2967f3b6fb49ae7d2

SHA256
eac69bcd83987f02a26172ed66bc20b7be2378ef3ae8e32df671eafdbcb398df

SHA512
4bad065f0321fc6a8238f034b0c932872859d64bdd6e8bf29b40c5ade1ea53708eba1952273240119cad862745f483fe9252f4a02b962139215084a8a1df610c

Download Submit
C:\Program Files\Genshin Impact\Qt5Gui.dll

Filesize
3.4MB

MD5
0c0ba3c9500c90991d85a8f9657bb604

SHA1
3715789225a74f27dbeb971a88418aeba128b133

SHA256
8cc1c289f1842dec83b865461ffbd592c06353657f4534c234909752809a78f9

SHA512
b831cf9acb8eac6fd67ca11af9f817b038478b88d31874ea9dbfe0054f81c03f79551c9ff02e31664a84936fc43398ae179e3cca25b05625b3a9d4a9380eed62

Download Submit
C:\Program Files\Genshin Impact\Qt5Network.dll

Filesize
1.3MB

MD5
cc214788c1659b6589cfe627ae10d348

SHA1
68ff3d326943c5405be5c509415db54e9eeeb287

SHA256
6b9df21f01d278608e3f5376e2cbb6933d9ebc560b3722d39148151840a8237c

SHA512
009dfda81c4b9a29a645593bed3dc52e2eff2063bae6426689bdd1c4bbac4a87e1f1c89dbff27a12fb3007749c1bdd4cd0acf2150a6dda0744e17e62fdea8e0b

Download Submit
C:\Program Files\Genshin Impact\Qt5Positioning.dll

Filesize
330KB

MD5
c3aec825e9dc0fc8abb33ff55ca37663

SHA1
348d11cadb92510e415fc55536f38e0433773ad5

SHA256
55034de66194c4149f2b4009214179f1050a64d7b99788e2eb983905a25534e9

SHA512
88a8738cde54ec6b58523323fb065942f7a7199496a40e5091a54b7f3232e9c8865b8cbf5491d8e1a8c4f15b6f70d296aef587810244e7f7009370d57b5473be

Download Submit
C:\Program Files\Genshin Impact\Qt5PrintSupport.dll

Filesize
331KB

MD5
6bb48bf938f34bae011916d8f91ecc43

SHA1
0d578b6c9556a8355c4932f3c672c1c312764f2b

SHA256
bca34de929ccc4cff0212efef1cbfa1bdc857f4884979d8c6ac3a4646f3457f6

SHA512
bea64e4e30ac955f9ee22e65d2135093bbef0f4ced1242844cb82bebf0a43530a31b7a272ffaa7d7e1f48127950e367e7aa93559d6309ba5c606ede5bd13a4bc

Download Submit
C:\Program Files\Genshin Impact\Qt5Qml.dll

Filesize
448KB

MD5
0bed014c4cf481275533ec89c334d6d1

SHA1
73f526c44cb05103d1c30c4b64e8c119e3f2b727

SHA256
03416a7d800bb68eb33fa200056a860a20285492426690dffdeededc5c73a80f

SHA512
1cb319f2bb9ac87fbc8b0fcdefb150cc040d813b347259028b17f04a3efab7f0fbb1f4bc71553c5a6474e0b09ed8c25244ee786f428875a37fb922bb83494d89

Download Submit
C:\Program Files\Genshin Impact\Qt5Quick.dll

Filesize
3.6MB

MD5
c367be6f99e44f9766c32f41013fe936

SHA1
de6d1f1042ccb939d22ccb597deef20064d48c33

SHA256
0a4346a4dda93309b8c07e30641c158d2d9b8ff0d61a6e7fe873a47c2772db68

SHA512
8b9beef59ccc95a177e029948dec591c2eb300b635349cce8db159445c34df0866c584168fa6c51ca30f597e0df98a37598b4655ccfbda299eddc140b1c00469

Download Submit
C:\Program Files\Genshin Impact\Qt5QuickWidgets.dll

Filesize
92KB

MD5
bff3879b9daf123fcd1200521b23ae9a

SHA1
0758acd6d14d56f25ad2b701247cd644905d2659

SHA256
ca1bfa459f521da61d2f1bb5d20e2f31bcc935149ac317873227c85e28006a32

SHA512
08bf6447c3ddb89b300dfa7504c71e816bd538dbae2f042c44828c694575e268b465f18854f7a4722f80cbf380b84ed1a14c1acc41a54fa7f633b6203c562765

Download Submit
C:\Program Files\Genshin Impact\Qt5WebChannel.dll

Filesize
134KB

MD5
7d09625e4f8ff294f5827a29ffbd882d

SHA1
92dcaf3fff3c44cbe8c168e7609ff2ae5514e419

SHA256
67cf1104d5bcce62b4e8ce0f747ca7c8b3906d69f8d508c277e046fd76de42ac

SHA512
4f0ea8c44bbdc5b16cdb04425f65bad227a37488276ac52300c2690803927c34bee11258163c9911431dab70313fd8d44e248be5efad005875120f90d5d24315

Download Submit
C:\Program Files\Genshin Impact\Qt5WebEngineCore.dll

Filesize
3.5MB

MD5
eae6b530564e6c6d17d6b1c1bf46a1ad

SHA1
d7250c38aafc3e94d55ec32be5127b66db66a092

SHA256
3b3778fca06d7e18c090dd8b308cfb8577a6b870ff29c8dde4bd149f7927387a

SHA512
199578b2a3e1826f9b2cf27a252d0298a769ec62f91f7fbd4d70061bfa8630ad1e915e8b0f2bc3e47069c3ed63be113166a212aadd19d7305dd7ce23ea6406ff

Download Submit
C:\Program Files\Genshin Impact\Qt5WebEngineCore.dll

Filesize
3.0MB

MD5
43a9afb399bf19cbfc1680aafbaee15b

SHA1
62eb974b354cf72159112c690304159dbffe9b7d

SHA256
7f1ef479e949baa79b835589e403a11220066d90fccc60e313ef15defa6e20c9

SHA512
0bddc71e1d4d84bc9c35da55a6f721169f55903313c4897851f7d1240f8615b372bfe938333a21bbf3c77c971a53404683f92a28b1202302a7830e91c0b78727

Download Submit
C:\Program Files\Genshin Impact\Qt5WebEngineWidgets.dll

Filesize
241KB

MD5
64ed5b188277a9df79cd0d0caa82fa00

SHA1
fa1b4edca83bff5aea9797ec1b38e9b849394bb1

SHA256
a38d8655ae6f01b03e3b1bc8332ff8296fa579be8c8b05d6a627ac9fb43aa50a

SHA512
62af933f68d1977b63f756c86a5bbc7c7e83f5257be5b9ff5a9dabdc7b1431180ce6b6bb389f9fcc1828e0f795985f195d47ed9e05c440b971f0841ae7cb365f

Download Submit
C:\Program Files\Genshin Impact\Qt5Widgets.dll

Filesize
3.7MB

MD5
cc8ad345f1b7a15ab40feb23aae9c527

SHA1
7d263aa2e66490bd73ca3954f10434397cdccf97

SHA256
004692e0aed98452745f91c8741866a1a1a68a7a93a45636ebdf568d95af8c66

SHA512
87ed644bd508f794be8314ec50eb825a74fac3090ef01acc4ac437231592f3d0a2a409468d71e7f1ff92751e55fe9b89a394c5a946769fb8bbd4766bf610b1b6

Download Submit
C:\Program Files\Genshin Impact\Qt5Widgets.dll

Filesize
3.4MB

MD5
7eb2ced86f15a5e200b45edc8da3e904

SHA1
62dd172d506371c3b32926534881db12acdb973f

SHA256
edd65f9572ffff4cea1c17c18e39d803d8b3325ba197dab7342b9f543af4936c

SHA512
c65fbf3a5a98a9f8ce24b438ebb5898393bde6a9cf431dc395a6081eef1408f2d7492b0bb681f19abb19a244241819e457f63431e20c74ba0a582168854628c1

Download Submit
C:\Program Files\Genshin Impact\astrolabe\Preferences

Filesize
83B

MD5
7ce4a202daf436d1c2f8b39528c5306f

SHA1
732c9b09fa451055b4bbe131506515fb789f95be

SHA256
95a0c5cfd5b0365a3230374de90bdca36354dc7ae65e30860451ba8d5c73c30c

SHA512
472ef11144444213d0d6af5108487828160aa601cdc7819b6db951768c3c69f2a5814723d015d3f31553cef1915bc0c4e35fa17a67c862797aaf6e3d8fad6249

Download Submit
C:\Program Files\Genshin Impact\astrolabe\Preferences~RFe593d4d.TMP

Filesize
34B

MD5
a3e875b4a94923036c6f6c3bdb846135

SHA1
7af9eee8740a83c6880ed1269c4fd0f0c45e1433

SHA256
153b608757afe9413390d8c4139dc95896a12549e6da586b500f56eb170b3c93

SHA512
df6d214d30f380fb6b7cd89f4a2ce853c44de0c09483c40179d804909283b5a95ae6159fe21bdf2413bb668fdc53240d5b1519e15340736daadbefb44e860b7b

Download Submit
C:\Program Files\Genshin Impact\bg\0c629b0c575a3c712d4a75ea6363fe1c_7315529048308418573.png

Filesize
170KB

MD5
7ea509c26c708200cfd75a8a736bc5fe

SHA1
3f238a36b4bd13bbb2d2ffc25488488651781409

SHA256
74ed36bef66b5071e955a299bc2f4d7bfc06d41cca3e13fac8ef598e86670573

SHA512
ec186ab18dc617573c5a1400c50bdfc5d7e3ffda1711048e4d1ba8f55d9c6f02b9a6b82c6977e89b255a7e62413f05477759d3498032ac046a14227a74b84aa4

Download Submit
C:\Program Files\Genshin Impact\config.ini

Filesize
226B

MD5
808fca6694593fd08e94abbf3f4100a0

SHA1
9375fd8057af15cea212d0e3f1af3ff7cf194ccc

SHA256
6323318fe97c2db2709ae394aeea48c3c45c85061a300936e4374300261bff69

SHA512
d704b485235fdc4c13a0356f34fb65212ca866eb242afe668b3946a719428c510972ef1f549eecf552227b45a8062e755b41eb979bf794b220de56d1360b78fb

Download Submit
C:\Program Files\Genshin Impact\config.ini.lock

Filesize
60B

MD5
ff8b757fe335bd189fa70f25ab003e8e

SHA1
c12dd24e4476fdb0eec9d6fc222979b4b8fb22f5

SHA256
4f93315e575c9cbf205293820178030a58844c62a4ff2e4668e903fe7332506a

SHA512
1bbf69f391ed9ec179cdb08c1045009d62c5e8e84ec1c204086e970dbaf32d35c5fbf81a1f05d986bdde104795356a51b9e9a7ac9eaa0c6e121e3bc6095c1d4f

Download Submit
C:\Program Files\Genshin Impact\iconengines\qsvgicon.dll

Filesize
54KB

MD5
8a35ff609a9e4885b7953b140cf6723a

SHA1
5fdce3bf9ae36f1d816f4e58d82bff8432996087

SHA256
6c9950ec6f0a0426fcefb582f25621fa6ef3bc34ed6c6bee94770322d122879a

SHA512
90b8eb7ac9608946a56f561c0f005d14fa4b12dd7cf40d3e37aac75b65da73041aed87e2dea7d198bce447f1e351305d17086b055dd97b9409ef8e7afb4b1c1b

Download Submit
C:\Program Files\Genshin Impact\imageformats\qgif.dll

Filesize
51KB

MD5
98c610d255270dfe88294e5cc932d636

SHA1
78ae1077225b415225fe49b8a36718f4c44753db

SHA256
651a739e02dd0c4e3e49e8548dc4569f5f0c748960d0781be73527151449b958

SHA512
856bf9c616e8d1e6f31e561b45813569d55e8991e15e9a90e5335d0219fa6a69ac9c5b1c3c4edd826c33585a885ad03edf63d3b14170df779a813bdf0acc8904

Download Submit
C:\Program Files\Genshin Impact\imageformats\qicns.dll

Filesize
60KB

MD5
6564011eb00a88d5759f4069f90d58f5

SHA1
f4afd06b811c9bd8f0f6173a54ce4a02fec7ebf5

SHA256
2d655e61b669017e4600363e491b0c20b007bb1546a696090d5a199e6676cb98

SHA512
12462328c7a74b24d4524e15fd86811a4d3dbc7b1e9d73ddb3d1bd26c4e95ec488da3f60ed018a667963033206286f409e34986b8b0491dee3ca1b8aba54e74f

Download Submit
C:\Program Files\Genshin Impact\imageformats\qico.dll

Filesize
51KB

MD5
57d13a5e45eb86ef6af041e9b853d64a

SHA1
2ef3e80317328915883993c813441460b1a06b97

SHA256
c8106ae81208cb62d594af33d705a6c02baee06e8aed089e0eafe8d3ac2307c7

SHA512
b01e5622fac4d897c4563566269e5770798dda8bcf6e302aca6e83d7b738e115df1addcc41466e5a6126eebf16dd6c262464f255c6df0f586c5990361f398f9f

Download Submit
C:\Program Files\Genshin Impact\imageformats\qjpeg.dll

Filesize
408KB

MD5
2e45cf9c78c106ebeaa5e0cb80a76bca

SHA1
704692206519590ff5cddfbbff771fd1476c3348

SHA256
af1d0c15c8562ee0ced6097239a73a87ceff3e2ae86bc32231cbf455c87f5901

SHA512
444930ffb07428c30e3483d57e05c1c83fc6c4b0022025f1e12eca5dcfee1fcc36f8caa9d3ea0670f2b6821835211472ed80dfffd57cf6545a8dc7e5eae57142

Download Submit
C:\Program Files\Genshin Impact\imageformats\qsvg.dll

Filesize
45KB

MD5
d665da48bced9f0cd0c5e36f9def0535

SHA1
3078353b5653ae76a143cf231d0c35461614a83b

SHA256
858156d03db0a2692ddca124f6972029fae4eef4de7ec80d8c4eb60ba7a99e62

SHA512
c73162bc10126a597aede881cdaa03eab43c4eec5e763223823c366954fcbda823016a1f913beb58db0c52c9047e8ae6178d28b2168810e7a2a3603c9c6eeb04

Download Submit
C:\Program Files\Genshin Impact\imageformats\qtga.dll

Filesize
44KB

MD5
1a0453d1dadff39ff669f490a4f17919

SHA1
9fa8c782e20d8cd237e772ef16baba661090b73b

SHA256
bbb147c140256b96d78a84af14763792c0496781c6c1546609b66322c2e3b03e

SHA512
2294b3b5628576c12e090224cc2ef72b22b3a9b002f56cf307f24886efd6a21938e195f028077e07516e09ccaef1093301eb524c00a7a4d16ebfdd98f1af24cc

Download Submit
C:\Program Files\Genshin Impact\imageformats\qtiff.dll

Filesize
385KB

MD5
f42824723c3a3a4f25a17c5fe4639422

SHA1
72858b6ba469897d93bcea12a6dd9469b624eac9

SHA256
3ad00ff038a7679c502a62b0e711fca595f549621a7ecb92e85025b6eff3e82a

SHA512
d95aeac243de702528459bf05bec0690cd5015b02342d7ee1c5a12017178f47d07848c9ad5c914c2bf2765dc3c731536b4c21831633762ff913cc39357ee8e03

Download Submit
C:\Program Files\Genshin Impact\imageformats\qwbmp.dll

Filesize
43KB

MD5
a639499139cc4f43a63eca0a818dc490

SHA1
19b89f308da87191ee23a93ec97dd058b5087992

SHA256
22ccbccb699902490e47d8eabc3cc13b34570ccb651d98ac312dd3b37c8d136b

SHA512
9b6e49d227fc561fdeda2b7c72662c19988f8ffcacd77f57bc812abac42857718f44cc2c6a555e44f8f8062275dd113799953454f5fcbfa47690f86909175749

Download Submit
C:\Program Files\Genshin Impact\imageformats\qwebp.dll

Filesize
500KB

MD5
e7ab90afb74df3e4c1329cf07610fe7f

SHA1
309eff5dc654f6ac2112c4c183250a0581307dee

SHA256
6ae16ed9312743fce5730f3030381e4d2b87418dd007dee8497971d71efdf0b2

SHA512
4e531ae0b3b5517b87ab972114c503b11db85f36f3d3b2dc9f227248001079c79cd6ce4d1704145f09b963e0f92847ef949d0a055dcb5ad597bc128d4896f99b

Download Submit
C:\Program Files\Genshin Impact\languages\en-us.qm

Filesize
43KB

MD5
f0d85955f8b2ab1960344009208e7b37

SHA1
13daa980c8ac5126af5c643a6467be0211fdb8a9

SHA256
5797a351aab97f78fbd0bc8f23f72441bfd33303f825e00cbccb8a3e0582dbba

SHA512
93abc93256241022e9b2ea6d40decae349222f2c2f3fc18b43fff0773002d25460fab4d9fef29704b4bf8aa35682b85977d4ffc242c8ccb4e2091ef856189cc9

Download Submit
C:\Program Files\Genshin Impact\launcher.exe

Filesize
3.4MB

MD5
70106ec5fdd2eb9b28ffdf1f4a409bc2

SHA1
df78a6f6b4b0af8948d5751ed92bd14e487f2613

SHA256
222441930a759e72f5875abe9092ac5b72de5875f027f869c991b1e5f5c12261

SHA512
56fc6d4684ce5fc9ee04212aced84174e0b0817c33017998e09b9d5916d7181e4f130b5161de5590e2847f418afca6a0b1b9786591b92beb3d738110fc35476f

Download Submit
C:\Program Files\Genshin Impact\launcher.exe

Filesize
704KB

MD5
fa1d84df34b5d6b4a8dd7e4154b6e372

SHA1
792a5e7360bde35f013ce24d3a12eea4cc99df5e

SHA256
775e99f98aa5188fa5a22a88c1514595496e0ae996268d5f832224688ac904d4

SHA512
8559da9e1299ad1f3674e00004aadc5aa4e911967f6d332cc693b8dcdd8472c3bf89befa99d09c2f7092c5d34f42565cf435ac1084382e452fae3dc8c01730a7

Download Submit
C:\Program Files\Genshin Impact\libEGL.dll

Filesize
38KB

MD5
75785100e4d63ce2e83a05becab33451

SHA1
c87274ddee30ccb962a260723b5e0e99647b3388

SHA256
9cc91b1f35c20f748f015cf7b000b05ef345ee3291fc9d90de7beb206b32f056

SHA512
e91b80bc1e85b996edc0c0f837400f48df68d79ad4b21137a68856a762fbb15faac25b34de03205f382f514f68345af1ef59135dc9869d7c9cec7fdfdaf8832d

Download Submit
C:\Program Files\Genshin Impact\libGLESV2.dll

Filesize
2.2MB

MD5
5eaf825e518eb16f95665331df80e6dd

SHA1
1bb14da7f50615039b5403b13f16e6aff27f5b6e

SHA256
45ceeea2b1a1fd651016e316afd0fae714e761acccf00fe744cbe1038bb7cfd3

SHA512
86d57709b861e0030ab5b48dea6f4a00b1005fcf2b7c8b27fb0a716dafd91ee770a76cdad3ccf70678e148dab6d8dac2754f6049c14aa4926841c9f763540dfd

Download Submit
C:\Program Files\Genshin Impact\libGLESv2.dll

Filesize
3.1MB

MD5
a69ba69f9d535da95ac960cb32f157e9

SHA1
bb46521cd18ccc03d785804ae50c1fb84cb15878

SHA256
ada5501d911ef9555ae0cd3dcd05b6ce541c991712b8a7a6af4d2f8e94a35c3f

SHA512
3edc6093da6de48a1c95df63162cba5f0a4070df391dc9c3dd81d409356e44cd18f97848cf98fdba20eb4b18c9a7f62c06c3275cc44d2ee775966e2419916e84

Download Submit
C:\Program Files\Genshin Impact\msvcp140.dll

Filesize
580KB

MD5
62a538f342ff490ddf5b7c7d354e36bf

SHA1
b166ed0fd43f054b59f1843d4b1af336810f8832

SHA256
1345b1f74cf1dd3677bcf3499462714795788eaaa20b9702cdc7baafa4beaf8d

SHA512
598907ab4e37a0092a1f651215a7581ad0d0281e6511c06408ad0f93af65892876e4075c73063da0772cc962bacf5900d862a805384887ea5daf52490e5ff51a

Download Submit
C:\Program Files\Genshin Impact\platforms\qwindows.dll

Filesize
1.4MB

MD5
d5878a01f8f13b6dc8dd89d40a8f80af

SHA1
6ac8e66d18c2f8260d4e49416d12430ccb5b4275

SHA256
0a11d124673193226533471d96e1065005ace4b02d668459341fa8e2a3df0595

SHA512
0cee796505b22d71022e9771b0973813ed433b28752db79609b1bc4b46b24581d1244a23d51b11725f1c584af684e0a749e1c950fa57ca3feeded44823006618

Download Submit
C:\Program Files\Genshin Impact\styles\qwindowsvistastyle.dll

Filesize
154KB

MD5
295f8abf7f836fb994b0a97344996b6f

SHA1
f1c22e27601a4cd2bfc9b2185893222b77e69bb7

SHA256
0c940d1d6989caad0f18f62202cc36721300fbaba35ef478a580f9f54b2dbec4

SHA512
873013dec180ed55cbfbfb138b0372eb840773882cd3539cf4994b9e4941c7f158915a1e1d8b40ee6d78fc7114319e09755114d56cd7b46335dad6ecf1f48bfd

Download Submit
C:\Program Files\Genshin Impact\telemetry\telemetry\Preferences

Filesize
82B

MD5
3f27d1f61c69b50bbffa9cd549b1d9ca

SHA1
3754e292884628165c606057e11aa4de40afd703

SHA256
5a6b66be660a63b2179451bdea7bbb6e6b0bfda3d752d17f5961fd03c1f63e38

SHA512
617b3590f0fa4ccd6eac4e603a10ca7996c6b7fd4c775c967282e3956aa94a06bdfc11ef471446ba8652f3ed4857e027e77c6341e9a86877495bbc8788da83dd

Download Submit
C:\Program Files\Genshin Impact\telemetry\telemetry\Preferences~RFe59646d.TMP

Filesize
61B

MD5
191859a40c2ff9a954cc9fe0f60058e9

SHA1
9d42f352e5c4d3009ff6e1dad470cfe9dd16f899

SHA256
6dd660a287ce96c4504535b1e7bbf80f449caa81bb57c55d966a5f1ffa3b11a3

SHA512
24f9d2e282cc66222b558d102ff5584c55a8ee1b7333c0b07cc6219f6a744c6bd4f5e2f1fe2c430184a8cc83ac93f7de5d0f66fa8cf602c206b6b6908946781a

Download Submit
C:\Program Files\Genshin Impact\uninstall.exe

Filesize
20.8MB

MD5
abb43dcd56c6eeb25313c1710f42ccf2

SHA1
25c3e9545616767b92f9ce1b53fcfe1d89ee05cf

SHA256
76a6674206f72e47e7a9ea56441e11b3d73b0a85f251b19032a8a1910a3786e0

SHA512
bc2643f457ad721afe78eec692991ca5e2062220db5e06adb0b4c0437d4d61da0be0a49decd7ab48cb8935424ca19bfedf414fd752decb7056972ac4fc776ede

Download Submit
C:\Program Files\Genshin Impact\vcruntime140.dll

Filesize
106KB

MD5
d0df1bac72398d794bec867bffcd0ddf

SHA1
1c6a1f62fd07cccb7461a39178d7afcba4b0eba9

SHA256
70661f44e0f9a2bb17ceaa2b798486b6a05feeb3eb8a41a94919d71720334051

SHA512
584fa39037af9d716c45e228ff7710a7ea61ae449b95a8d7efe5578692555a502be6b2f490a6b161fb42f45af9f30f786390722c29bcac20c28f9348da24157b

Download Submit
C:\Program Files\Genshin Impact\vcruntime140_1.dll

Filesize
47KB

MD5
0ae97fbade4c1129b72c5ac5a289c56e

SHA1
98d91cbfb93302a6d7f455086d63ea6d195f1564

SHA256
9f06f592706f6a9382a9949d9d82f151bb8d854aa6d2c1e33f08e1e69716c3e1

SHA512
fffc65cc298d59eafde79221109d76aa3fa21c0d80fc64797bff24a48012774563f6605d15ab0e2408709395357c3e1ab094709e10e5101fead7132e98d93fcc

Download Submit
C:\Users\Admin\AppData\Local\HoYoverse\Genshin Impact\QtWebEngine\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\HoYoverse\Genshin Impact\QtWebEngine\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\HoYoverse\Genshin Impact\QtWebEngine\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
59d1236c3885e47a15a7715ed324db3f

SHA1
5191083efb851277c45e9646bc08d31b659aec86

SHA256
2e06762105d2ef5f1c37473143ec83fb1c211b7343e543c84e3ae5e59360f7e2

SHA512
83677ed11085f12de5558e8c3675051da850deefd3def42e620a08e13353dd66d0cd190ea37a8471498e251d97c4795a3c25f998e2ea18193e21d897fcc0c97e

Download Submit
C:\Users\Admin\AppData\Local\HoYoverse\Genshin Impact\QtWebEngine\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598f27.TMP

Filesize
48B

MD5
194fbc7c586d8a83722c216a369ca5a5

SHA1
f03982c91d7a50adb6f146780dde9bec36bbd11d

SHA256
b533a45adf24a6f2202432752fe7e8f66e67e83fc5b0b06ab2bbe926d6f76b16

SHA512
6751af518e61c65c382e2b49357f50c97da095cf1311af395506909f3ccebf25b3a5b4d4c350cd92337707dd5cab0a90ce791796860ec0066bc102c8abeee3b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact-pboyza\7z.dll

Filesize
1.1MB

MD5
e7ae42ea24cff97bdead0c560ef2add1

SHA1
866f380a62622ab1b6c7705ddc116635e6e3cc86

SHA256
db2897eeea65401ee1bd8feeebd0dbae8867a27ff4575f12b0b8a613444a5ef7

SHA512
a4a27b2be70e9102d95ee319ec365b0dc434d4e8cd25589ce8a75b73bbe4f06b071caa907c7a61387b2ce6a35a70873593564499b88598f77a7c25c47448fb0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact-pboyza\7z.exe

Filesize
286KB

MD5
afc08ce359e79887e45b8460e124d63e

SHA1
e8dcddb302f01d51da3bcbfa6707d025a896aa57

SHA256
a20d93e7dc3711e8b8a8f63bd148ddc70de8c952de882c5495ac121bfedb749f

SHA512
32d3b8d964711a5706f8cf9f87bc6e33670bba2cb3ab88603dec399652ac7fe297a4692f0865a0bdcbd06515d6b0a84e5a96d1b7fda48f556543536889ba387a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact-pboyza\app.7z

Filesize
26.8MB

MD5
94ab7fc0bc6a6a3335b66d99e983d2ae

SHA1
422a4344b5566c637a7b7061f31f4cd67af3ea1f

SHA256
6ddd4c3accd766444b5091c5db4b7c2133f418d59f9924b864300f4031af6c12

SHA512
711a465446bb3e8956f16a2fee410db7d8a5fd24ed881ea52d529ab5808a2afed945ce27e2012f10edbfbc2e9d2d006e58f0f6f8b3d2c53b614620ab6b196d0b

Download Submit
memory/804-616-0x00007FFC35250000-0x00007FFC357AA000-memory.dmp

Filesize
5.4MB

Download
memory/804-617-0x00007FFC3A530000-0x00007FFC3A8D6000-memory.dmp

Filesize
3.6MB

Download
memory/804-772-0x000002BF971D0000-0x000002BF971E0000-memory.dmp

Filesize
64KB

Download
memory/3044-652-0x00007FFC3A530000-0x00007FFC3A8D6000-memory.dmp

Filesize
3.6MB

Download