cbd06603e2969af667aca05c7eacd89c8206447dac979a2817e5731079731b65

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 04:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GenshinImpact_install_ua_7eff087a034a.exe
Size

141.1MB
MD5

33efe69a2ef40cffef7781c58d09fe24
SHA1

438d407abaf1bae466fd1378cd2fa63e634c7a72
SHA256

cbd06603e2969af667aca05c7eacd89c8206447dac979a2817e5731079731b65
SHA512

12337eb3d14ed55a1323df4936424ab603dc495415ab5a3bd845775937d3009323d3a2680d0fac519aaf5ba20b871ca7a5b3a76838afdaf8118e3af96b247867
SSDEEP

3145728:9lb/uyMBKKU5FQr7HODgH6dmpnVEZuoTj03zMgRdPlgA2c+Z:zXGKfFRo6d2V0TjuMWdPea+Z

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\fa.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\am.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qt_lv.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-core-file-l2-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\imageformats\qico.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\vcruntime140.dll	7z.exe
File created	C:\Program Files\Genshin Impact\7z.dll	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-core-debug-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-crt-runtime-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\position\qtposition_positionpoll.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\imageformats\qsvg.dll	7z.exe
File created	C:\Program Files\Genshin Impact\config.ini.mnVjUJ	launcher.exe
File opened for modification	C:\Program Files\Genshin Impact\languages\ru-ru.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\pl.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\languages\en-us.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\translations\qt_de.qm	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-crt-runtime-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\Qt5Svg.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\languages\th-th.qm	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\bn.pak	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\en-US.pak	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\translations\qt_bg.qm	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-core-timezone-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\platforms\qwindows.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\Qt5Network.dll	7z.exe
File created	C:\Program Files\Genshin Impact\languages\en-us.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\resources\qtwebengine_resources.pak	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\lt.pak	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\translations\qt_da.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\bearer\qgenericbearer.dll	7z.exe
File created	C:\Program Files\Genshin Impact\crashreport.exe	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-crt-multibyte-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\et.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\sw.pak	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qt_gd.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qt_he.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qt_it.qm	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\translations\qt_ca.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-core-console-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\ml.pak	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\zh-TW.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\logs\main_2024-04-27.log	launcher.exe
File created	C:\Program Files\Genshin Impact\config.ini.InTiQF	launcher.exe
File created	C:\Program Files\Genshin Impact\translations\qt_ru.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\id.pak	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\libEGL.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\config.ini.qxLpsB	launcher.exe
File opened for modification	C:\Program Files\Genshin Impact\styles\qwindowsvistastyle.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\styles	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\iconengines	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\ms.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\translations\qt_fr.qm	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\translations\qt_it.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\api-ms-win-core-libraryloader-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\crashreport.exe	7z.exe
File created	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\he.pak	7z.exe
File created	C:\Program Files\Genshin Impact\updateProgram\translations\qt_fi.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\translations\qt_uk.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\libEGL.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\opengl32sw.dll	7z.exe
File created	C:\Program Files\Genshin Impact\api-ms-win-crt-convert-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact\updateProgram\7z.dll	7z.exe
File created	C:\Program Files\Genshin Impact\config.ini.VjxXHR	launcher.exe
File opened for modification	C:\Program Files\Genshin Impact\translations\qtwebengine_locales\ru.pak	7z.exe

Executes dropped EXE 4 IoCs

pid	Process
2976	7z.exe
2232	7z.exe
2108	launcher.exe
3212	QtWebEngineProcess.exe

Loads dropped DLL 49 IoCs

pid	Process
2976	7z.exe
2232	7z.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
3212	QtWebEngineProcess.exe
3212	QtWebEngineProcess.exe
3212	QtWebEngineProcess.exe
3212	QtWebEngineProcess.exe
3212	QtWebEngineProcess.exe
3212	QtWebEngineProcess.exe
3212	QtWebEngineProcess.exe
3212	QtWebEngineProcess.exe
3212	QtWebEngineProcess.exe
3212	QtWebEngineProcess.exe
3212	QtWebEngineProcess.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GenshinImpact_install_ua_7eff087a034a.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	launcher.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GenshinImpact_install_ua_7eff087a034a.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GenshinImpact_install_ua_7eff087a034a.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	GenshinImpact_install_ua_7eff087a034a.exe

Enumerates processes with tasklist 1 TTPs 3 IoCs

Process Discovery

T1057

pid	Process
404	tasklist.exe
4084	tasklist.exe
5012	tasklist.exe

Modifies registry class 49 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\hk4e-global\shell\open\command\ = "\"C:\\Program Files\\Genshin Impact\\launcher.exe\" \"--url=%1\""	GenshinImpact_install_ua_7eff087a034a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 66003100000000009b58e626100047454e5348497e3100004e0009000400efbe9b58ca269b58e6262e000000f43902000000110000000000000000000000000000000356c700470065006e007300680069006e00200049006d007000610063007400000018000000	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\hk4e-global\shell\open\command	GenshinImpact_install_ua_7eff087a034a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c003100000000009b58ca26110050524f4752417e310000740009000400efbe874fdb499b58ce262e0000003f0000000000010000000000000000004a000000000084112700500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "1"	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\hk4e-global	GenshinImpact_install_ua_7eff087a034a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\hk4e-global\UseOriginalUrlEncoding = "1"	GenshinImpact_install_ua_7eff087a034a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\hk4e-global\shell\open	GenshinImpact_install_ua_7eff087a034a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\hk4e-global\URL Protocol = "hk4e-global"	launcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\hk4e-global\shell\open\command\ = "\"C:\\Program Files\\Genshin Impact\\launcher.exe\" \"--url=%1\""	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\hk4e-global\shell	GenshinImpact_install_ua_7eff087a034a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\hk4e-global\URL Protocol = "hk4e-global"	GenshinImpact_install_ua_7eff087a034a.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	launcher.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	launcher.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	launcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\hk4e-global\UseOriginalUrlEncoding = "1"	launcher.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4380	GenshinImpact_install_ua_7eff087a034a.exe
2108	launcher.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3212	QtWebEngineProcess.exe
3212	QtWebEngineProcess.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2108	launcher.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	404	tasklist.exe
Token: SeDebugPrivilege	4084	tasklist.exe
Token: SeDebugPrivilege	5012	tasklist.exe
Token: SeRestorePrivilege	2976	7z.exe
Token: 35	2976	7z.exe
Token: SeSecurityPrivilege	2976	7z.exe
Token: SeRestorePrivilege	2232	7z.exe
Token: 35	2232	7z.exe
Token: SeSecurityPrivilege	2232	7z.exe
Token: SeSecurityPrivilege	2232	7z.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
4380	GenshinImpact_install_ua_7eff087a034a.exe
4380	GenshinImpact_install_ua_7eff087a034a.exe
4380	GenshinImpact_install_ua_7eff087a034a.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe
2108	launcher.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4380 wrote to memory of 404	4380	GenshinImpact_install_ua_7eff087a034a.exe	88
PID 4380 wrote to memory of 404	4380	GenshinImpact_install_ua_7eff087a034a.exe	88
PID 4380 wrote to memory of 4084	4380	GenshinImpact_install_ua_7eff087a034a.exe	91
PID 4380 wrote to memory of 4084	4380	GenshinImpact_install_ua_7eff087a034a.exe	91
PID 4380 wrote to memory of 5012	4380	GenshinImpact_install_ua_7eff087a034a.exe	93
PID 4380 wrote to memory of 5012	4380	GenshinImpact_install_ua_7eff087a034a.exe	93
PID 4380 wrote to memory of 2976	4380	GenshinImpact_install_ua_7eff087a034a.exe	95
PID 4380 wrote to memory of 2976	4380	GenshinImpact_install_ua_7eff087a034a.exe	95
PID 4380 wrote to memory of 2976	4380	GenshinImpact_install_ua_7eff087a034a.exe	95
PID 4380 wrote to memory of 2232	4380	GenshinImpact_install_ua_7eff087a034a.exe	97
PID 4380 wrote to memory of 2232	4380	GenshinImpact_install_ua_7eff087a034a.exe	97
PID 4380 wrote to memory of 2232	4380	GenshinImpact_install_ua_7eff087a034a.exe	97
PID 4380 wrote to memory of 2108	4380	GenshinImpact_install_ua_7eff087a034a.exe	100
PID 4380 wrote to memory of 2108	4380	GenshinImpact_install_ua_7eff087a034a.exe	100
PID 2108 wrote to memory of 3212	2108	launcher.exe	101
PID 2108 wrote to memory of 3212	2108	launcher.exe	101

C:\Users\Admin\AppData\Local\Temp\GenshinImpact_install_ua_7eff087a034a.exe
"C:\Users\Admin\AppData\Local\Temp\GenshinImpact_install_ua_7eff087a034a.exe"
1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4380
- C:\Windows\SYSTEM32\tasklist.exe
  tasklist /FI "imagename eq crashreport.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:404
- C:\Windows\SYSTEM32\tasklist.exe
  tasklist /FI "imagename eq launcher.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:4084
- C:\Windows\SYSTEM32\tasklist.exe
  tasklist /FI "imagename eq QtWebEngineProcess.exe"
  2⤵
  - Enumerates processes with tasklist
  - Suspicious use of AdjustPrivilegeToken
  PID:5012
- C:\Users\Admin\AppData\Local\Temp\Genshin Impact-bdfKiY\7z.exe
  7z.exe l "C:/Users/Admin/AppData/Local/Temp/Genshin Impact-bdfKiY/app.7z"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2976
- C:\Users\Admin\AppData\Local\Temp\Genshin Impact-bdfKiY\7z.exe
  7z.exe x "C:/Users/Admin/AppData/Local/Temp/Genshin Impact-bdfKiY/app.7z" "-oC:\Program Files\Genshin Impact" -aoa -bsp1
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2232
- C:\Program Files\Genshin Impact\launcher.exe
  "C:\Program Files\Genshin Impact\launcher.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2108
- - C:\Program Files\Genshin Impact\QtWebEngineProcess.exe
    "C:\Program Files\Genshin Impact\QtWebEngineProcess.exe" --type=renderer --no-sandbox --disable-gpu-memory-buffer-video-frames --enable-threaded-compositing --enable-features=AllowContentInitiatedDataUrlNavigations --disable-features=MojoVideoCapture,SurfaceSynchronization,UseModernMediaControls,UseVideoCaptureApiForDevToolsSnapshots --disable-gpu-compositing --service-pipe-token=11033100099151843134 --lang=en-US --webengine-schemes=qrc:sLV --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=11033100099151843134 --renderer-client-id=2 --mojo-platform-channel-handle=2532 /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:3212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Genshin Impact\MHYQtCommon.dll

Filesize
3.8MB

MD5
8a417025e06c1375cbeb3883d06e1d8f

SHA1
33b6064eeecc6efeeae691093df08e99467a1e48

SHA256
2febeb6b202a9ed4b74372e4fbe142310993f39a5b76661b862d24d6f3eefc30

SHA512
9b384f54e90aa947b6481979ad2666f4f7a0ff5e9f1353c9219fc287d4147ff19f2de2d40743992114e924add9a954e9ec65032b50fc9ef05e169625704f848b

Download Submit
C:\Program Files\Genshin Impact\Qt5Core.dll

Filesize
5.9MB

MD5
4c3236d3e6f6b3a4864da5b297f9a78b

SHA1
c549527f47e158b1a387a5d552e1437278a7a6df

SHA256
71fa7909f9e384dc86611b47632a0621490bb193369bb8bd82d5c8cc9401a513

SHA512
2c7b670c579d3a1a643648a892eecb77662a13a8cfc415b141d9541d4589a57741b6d6b88147c14c57ddd3f844eabf22f0277f8e8bf8154f795e9261ca356742

Download Submit
C:\Program Files\Genshin Impact\Qt5Gui.dll

Filesize
6.2MB

MD5
7e8f07c380fa4fbe07fb5aadfc0d86b3

SHA1
0fb58c9e46b79aec81c219384d76a8cab5ba94c2

SHA256
e3756056f3df026540a2cb03e2835ad2192e83f2a382e1140c68336343528c46

SHA512
d7df8762302894b0529de438e92405c7c664fd06a6030577424beb180ed483fe8850a3a4fb1cf64d9171fdfd5abcd727c4fb5c721616e679312253daf1530dab

Download Submit
C:\Program Files\Genshin Impact\Qt5Network.dll

Filesize
1.3MB

MD5
cc214788c1659b6589cfe627ae10d348

SHA1
68ff3d326943c5405be5c509415db54e9eeeb287

SHA256
6b9df21f01d278608e3f5376e2cbb6933d9ebc560b3722d39148151840a8237c

SHA512
009dfda81c4b9a29a645593bed3dc52e2eff2063bae6426689bdd1c4bbac4a87e1f1c89dbff27a12fb3007749c1bdd4cd0acf2150a6dda0744e17e62fdea8e0b

Download Submit
C:\Program Files\Genshin Impact\Qt5Positioning.dll

Filesize
330KB

MD5
c3aec825e9dc0fc8abb33ff55ca37663

SHA1
348d11cadb92510e415fc55536f38e0433773ad5

SHA256
55034de66194c4149f2b4009214179f1050a64d7b99788e2eb983905a25534e9

SHA512
88a8738cde54ec6b58523323fb065942f7a7199496a40e5091a54b7f3232e9c8865b8cbf5491d8e1a8c4f15b6f70d296aef587810244e7f7009370d57b5473be

Download Submit
C:\Program Files\Genshin Impact\Qt5PrintSupport.dll

Filesize
331KB

MD5
6bb48bf938f34bae011916d8f91ecc43

SHA1
0d578b6c9556a8355c4932f3c672c1c312764f2b

SHA256
bca34de929ccc4cff0212efef1cbfa1bdc857f4884979d8c6ac3a4646f3457f6

SHA512
bea64e4e30ac955f9ee22e65d2135093bbef0f4ced1242844cb82bebf0a43530a31b7a272ffaa7d7e1f48127950e367e7aa93559d6309ba5c606ede5bd13a4bc

Download Submit
C:\Program Files\Genshin Impact\Qt5Qml.dll

Filesize
3.9MB

MD5
8db374952ca80930b74cf9bcb030ec75

SHA1
2a1f16dcc19fbaa74c3d93338bfbf24116014d82

SHA256
3170509561064ae0f683265e55eeea08ef3bb8b72882017fb70bd97a4f5a61c5

SHA512
ec5b00d6a0258ca1a69860855a87fcb6c91e96982dd4593e0e1bf5c187ed8b135a5a02722d19e8b67690231702c6d36611bcbbb099dc7e9a7ca8c4c36de2ca27

Download Submit
C:\Program Files\Genshin Impact\Qt5Quick.dll

Filesize
3.6MB

MD5
c367be6f99e44f9766c32f41013fe936

SHA1
de6d1f1042ccb939d22ccb597deef20064d48c33

SHA256
0a4346a4dda93309b8c07e30641c158d2d9b8ff0d61a6e7fe873a47c2772db68

SHA512
8b9beef59ccc95a177e029948dec591c2eb300b635349cce8db159445c34df0866c584168fa6c51ca30f597e0df98a37598b4655ccfbda299eddc140b1c00469

Download Submit
C:\Program Files\Genshin Impact\Qt5QuickWidgets.dll

Filesize
92KB

MD5
bff3879b9daf123fcd1200521b23ae9a

SHA1
0758acd6d14d56f25ad2b701247cd644905d2659

SHA256
ca1bfa459f521da61d2f1bb5d20e2f31bcc935149ac317873227c85e28006a32

SHA512
08bf6447c3ddb89b300dfa7504c71e816bd538dbae2f042c44828c694575e268b465f18854f7a4722f80cbf380b84ed1a14c1acc41a54fa7f633b6203c562765

Download Submit
C:\Program Files\Genshin Impact\Qt5WebChannel.dll

Filesize
134KB

MD5
7d09625e4f8ff294f5827a29ffbd882d

SHA1
92dcaf3fff3c44cbe8c168e7609ff2ae5514e419

SHA256
67cf1104d5bcce62b4e8ce0f747ca7c8b3906d69f8d508c277e046fd76de42ac

SHA512
4f0ea8c44bbdc5b16cdb04425f65bad227a37488276ac52300c2690803927c34bee11258163c9911431dab70313fd8d44e248be5efad005875120f90d5d24315

Download Submit
C:\Program Files\Genshin Impact\Qt5WebEngineCore.dll

Filesize
76.3MB

MD5
6c3e89dfd553a91055959f5f21584931

SHA1
70aba4b55db009c9fbfc430960d732104c897912

SHA256
4d79267f17e119a64dd47ca375c709e7311541a0b80b3a6aef1177b855e8b3fc

SHA512
d508326dbc13668ae310a709c914c670437b4da49a947aa678f3c7428b5b0d315f42b66356c2e08f501a43ecfd0f17ea35ff676e7ff6997b398cd9d4d000d0b0

Download Submit
C:\Program Files\Genshin Impact\Qt5WebEngineWidgets.dll

Filesize
241KB

MD5
64ed5b188277a9df79cd0d0caa82fa00

SHA1
fa1b4edca83bff5aea9797ec1b38e9b849394bb1

SHA256
a38d8655ae6f01b03e3b1bc8332ff8296fa579be8c8b05d6a627ac9fb43aa50a

SHA512
62af933f68d1977b63f756c86a5bbc7c7e83f5257be5b9ff5a9dabdc7b1431180ce6b6bb389f9fcc1828e0f795985f195d47ed9e05c440b971f0841ae7cb365f

Download Submit
C:\Program Files\Genshin Impact\Qt5Widgets.dll

Filesize
5.3MB

MD5
28dec8f964162cf2be3cfc61e46b311a

SHA1
334ce37a4ece27815c2be81de237c6105a6ca726

SHA256
cfda408925130bf97bd931ad0b8b7fe94a49a5874160c959d31fd051b02aa917

SHA512
17c0dae78c270aca78baee0173943440eb76fe8f732f922fd75979dcbd2ce180ca9eaf4310b214a87ad058464185b618d9f88610715ff1b4491caddf9bb6e14e

Download Submit
C:\Program Files\Genshin Impact\VCRUNTIME140.dll

Filesize
106KB

MD5
d0df1bac72398d794bec867bffcd0ddf

SHA1
1c6a1f62fd07cccb7461a39178d7afcba4b0eba9

SHA256
70661f44e0f9a2bb17ceaa2b798486b6a05feeb3eb8a41a94919d71720334051

SHA512
584fa39037af9d716c45e228ff7710a7ea61ae449b95a8d7efe5578692555a502be6b2f490a6b161fb42f45af9f30f786390722c29bcac20c28f9348da24157b

Download Submit
C:\Program Files\Genshin Impact\config.ini

Filesize
106B

MD5
f58c3e877948f20b334c87766940ed24

SHA1
5cbf56888e3fc247c09fb4a7baa6100581905ba8

SHA256
001135b303fd225e1b0acab6eeee9ed4caba9cfef9ccec34c4dc15b908c33533

SHA512
b5b9420ae2811ba33c743fbc6534402c7d6808dc6093db6b71ddfda9752f1952a0c55328e2fdae8b19407f13e67b9d003cceaae41a8f1979fe2a83c21390db1d

Download Submit
C:\Program Files\Genshin Impact\config.ini

Filesize
183B

MD5
25938f933c01e821f3e3f6a84687e7d4

SHA1
7ccc7c36c68b2ea439188921efd22bab65771e09

SHA256
c9d85d1b02a139ef5e53171aa869be99573f3001cc678f3377607ae38186f5d2

SHA512
a97a8691224a43d1d8912b8f634af46402089944981ea259c447f071e48b89a61f2ce44882292c9c9b76d391335a2e5dc73a2e77f05099c6723a36f03a2472fa

Download Submit
C:\Program Files\Genshin Impact\config.ini.lock

Filesize
61B

MD5
0c45dca68657fd2f08741a478bcfcbf6

SHA1
fa918b21a2be5ae9944495054f66e49d9ea5beef

SHA256
0b0bf135b9ddaffe44693de8285d72d4acb5ce7b7bcd14f75a11b9ecc2ae4bec

SHA512
1f2d85b8caaa9e853e63a4c54c4d12ee41c48701cda13f26e8d11967e2b7260af9347b9ac9c52f252b8beb828762987fbd239a10fb01fe163a5a26ea48542ba2

Download Submit
C:\Program Files\Genshin Impact\iconengines\qsvgicon.dll

Filesize
54KB

MD5
8a35ff609a9e4885b7953b140cf6723a

SHA1
5fdce3bf9ae36f1d816f4e58d82bff8432996087

SHA256
6c9950ec6f0a0426fcefb582f25621fa6ef3bc34ed6c6bee94770322d122879a

SHA512
90b8eb7ac9608946a56f561c0f005d14fa4b12dd7cf40d3e37aac75b65da73041aed87e2dea7d198bce447f1e351305d17086b055dd97b9409ef8e7afb4b1c1b

Download Submit
C:\Program Files\Genshin Impact\imageformats\qgif.dll

Filesize
51KB

MD5
98c610d255270dfe88294e5cc932d636

SHA1
78ae1077225b415225fe49b8a36718f4c44753db

SHA256
651a739e02dd0c4e3e49e8548dc4569f5f0c748960d0781be73527151449b958

SHA512
856bf9c616e8d1e6f31e561b45813569d55e8991e15e9a90e5335d0219fa6a69ac9c5b1c3c4edd826c33585a885ad03edf63d3b14170df779a813bdf0acc8904

Download Submit
C:\Program Files\Genshin Impact\imageformats\qicns.dll

Filesize
60KB

MD5
6564011eb00a88d5759f4069f90d58f5

SHA1
f4afd06b811c9bd8f0f6173a54ce4a02fec7ebf5

SHA256
2d655e61b669017e4600363e491b0c20b007bb1546a696090d5a199e6676cb98

SHA512
12462328c7a74b24d4524e15fd86811a4d3dbc7b1e9d73ddb3d1bd26c4e95ec488da3f60ed018a667963033206286f409e34986b8b0491dee3ca1b8aba54e74f

Download Submit
C:\Program Files\Genshin Impact\imageformats\qico.dll

Filesize
51KB

MD5
57d13a5e45eb86ef6af041e9b853d64a

SHA1
2ef3e80317328915883993c813441460b1a06b97

SHA256
c8106ae81208cb62d594af33d705a6c02baee06e8aed089e0eafe8d3ac2307c7

SHA512
b01e5622fac4d897c4563566269e5770798dda8bcf6e302aca6e83d7b738e115df1addcc41466e5a6126eebf16dd6c262464f255c6df0f586c5990361f398f9f

Download Submit
C:\Program Files\Genshin Impact\imageformats\qjpeg.dll

Filesize
408KB

MD5
2e45cf9c78c106ebeaa5e0cb80a76bca

SHA1
704692206519590ff5cddfbbff771fd1476c3348

SHA256
af1d0c15c8562ee0ced6097239a73a87ceff3e2ae86bc32231cbf455c87f5901

SHA512
444930ffb07428c30e3483d57e05c1c83fc6c4b0022025f1e12eca5dcfee1fcc36f8caa9d3ea0670f2b6821835211472ed80dfffd57cf6545a8dc7e5eae57142

Download Submit
C:\Program Files\Genshin Impact\imageformats\qsvg.dll

Filesize
45KB

MD5
d665da48bced9f0cd0c5e36f9def0535

SHA1
3078353b5653ae76a143cf231d0c35461614a83b

SHA256
858156d03db0a2692ddca124f6972029fae4eef4de7ec80d8c4eb60ba7a99e62

SHA512
c73162bc10126a597aede881cdaa03eab43c4eec5e763223823c366954fcbda823016a1f913beb58db0c52c9047e8ae6178d28b2168810e7a2a3603c9c6eeb04

Download Submit
C:\Program Files\Genshin Impact\imageformats\qtga.dll

Filesize
44KB

MD5
1a0453d1dadff39ff669f490a4f17919

SHA1
9fa8c782e20d8cd237e772ef16baba661090b73b

SHA256
bbb147c140256b96d78a84af14763792c0496781c6c1546609b66322c2e3b03e

SHA512
2294b3b5628576c12e090224cc2ef72b22b3a9b002f56cf307f24886efd6a21938e195f028077e07516e09ccaef1093301eb524c00a7a4d16ebfdd98f1af24cc

Download Submit
C:\Program Files\Genshin Impact\imageformats\qtiff.dll

Filesize
385KB

MD5
f42824723c3a3a4f25a17c5fe4639422

SHA1
72858b6ba469897d93bcea12a6dd9469b624eac9

SHA256
3ad00ff038a7679c502a62b0e711fca595f549621a7ecb92e85025b6eff3e82a

SHA512
d95aeac243de702528459bf05bec0690cd5015b02342d7ee1c5a12017178f47d07848c9ad5c914c2bf2765dc3c731536b4c21831633762ff913cc39357ee8e03

Download Submit
C:\Program Files\Genshin Impact\imageformats\qwbmp.dll

Filesize
43KB

MD5
a639499139cc4f43a63eca0a818dc490

SHA1
19b89f308da87191ee23a93ec97dd058b5087992

SHA256
22ccbccb699902490e47d8eabc3cc13b34570ccb651d98ac312dd3b37c8d136b

SHA512
9b6e49d227fc561fdeda2b7c72662c19988f8ffcacd77f57bc812abac42857718f44cc2c6a555e44f8f8062275dd113799953454f5fcbfa47690f86909175749

Download Submit
C:\Program Files\Genshin Impact\imageformats\qwebp.dll

Filesize
500KB

MD5
e7ab90afb74df3e4c1329cf07610fe7f

SHA1
309eff5dc654f6ac2112c4c183250a0581307dee

SHA256
6ae16ed9312743fce5730f3030381e4d2b87418dd007dee8497971d71efdf0b2

SHA512
4e531ae0b3b5517b87ab972114c503b11db85f36f3d3b2dc9f227248001079c79cd6ce4d1704145f09b963e0f92847ef949d0a055dcb5ad597bc128d4896f99b

Download Submit
C:\Program Files\Genshin Impact\languages\en-us.qm

Filesize
68KB

MD5
7ed320005a304eea5e0f6f2aa6e39061

SHA1
80b7987edbac86857d619547d04922f1ffcd5398

SHA256
82be3bf2a4a5829559c17cd98f5ea5ecfb0d189d0cd1f92b9976e10f060f6eba

SHA512
609214394244b6cc316fab8a77cc01260739ab0bc6a70bb72a8efa36337ddefa4da58557a8e26454e17740ae267a9e21a86332a5a915a4602914125f6a1c5c4b

Download Submit
C:\Program Files\Genshin Impact\launcher.exe

Filesize
4.5MB

MD5
d70004d74af0a01d82f1521b0d23ae60

SHA1
4b6a23592b1e96bb869c1130dcbc86ff0fdf26f3

SHA256
6babcc36f396892a5d72d17fe1898f6dfb7ae9d0552908301d0c9da28d21a56d

SHA512
18eac6438e1f20c5b79a68f492e48d570dddf900948fc08458c47b8d031411221fe207940987fd0111a5caa74d08d335031833cbe2e2dfa7304943317d17b496

Download Submit
C:\Program Files\Genshin Impact\libEGL.dll

Filesize
38KB

MD5
75785100e4d63ce2e83a05becab33451

SHA1
c87274ddee30ccb962a260723b5e0e99647b3388

SHA256
9cc91b1f35c20f748f015cf7b000b05ef345ee3291fc9d90de7beb206b32f056

SHA512
e91b80bc1e85b996edc0c0f837400f48df68d79ad4b21137a68856a762fbb15faac25b34de03205f382f514f68345af1ef59135dc9869d7c9cec7fdfdaf8832d

Download Submit
C:\Program Files\Genshin Impact\libGLESV2.dll

Filesize
3.4MB

MD5
5085ccdf8619b9780c930226a548fc49

SHA1
d632cd54999f6ce1e8bddce7f9905c85bad155ba

SHA256
97770b933b6a966298cc4b19d6f84f2bff816567b511b69f64e5025375730f75

SHA512
c4beea9cd3959fd416e57e7197008c5dd1cb660c546201b3233a4e59177d9844518e5234b1e038714df12e45af1ca209869a0a64ddc03c53159c5b4d3165dc2e

Download Submit
C:\Program Files\Genshin Impact\msvcp140.dll

Filesize
580KB

MD5
62a538f342ff490ddf5b7c7d354e36bf

SHA1
b166ed0fd43f054b59f1843d4b1af336810f8832

SHA256
1345b1f74cf1dd3677bcf3499462714795788eaaa20b9702cdc7baafa4beaf8d

SHA512
598907ab4e37a0092a1f651215a7581ad0d0281e6511c06408ad0f93af65892876e4075c73063da0772cc962bacf5900d862a805384887ea5daf52490e5ff51a

Download Submit
C:\Program Files\Genshin Impact\platforms\qwindows.dll

Filesize
1.4MB

MD5
d5878a01f8f13b6dc8dd89d40a8f80af

SHA1
6ac8e66d18c2f8260d4e49416d12430ccb5b4275

SHA256
0a11d124673193226533471d96e1065005ace4b02d668459341fa8e2a3df0595

SHA512
0cee796505b22d71022e9771b0973813ed433b28752db79609b1bc4b46b24581d1244a23d51b11725f1c584af684e0a749e1c950fa57ca3feeded44823006618

Download Submit
C:\Program Files\Genshin Impact\styles\qwindowsvistastyle.dll

Filesize
154KB

MD5
295f8abf7f836fb994b0a97344996b6f

SHA1
f1c22e27601a4cd2bfc9b2185893222b77e69bb7

SHA256
0c940d1d6989caad0f18f62202cc36721300fbaba35ef478a580f9f54b2dbec4

SHA512
873013dec180ed55cbfbfb138b0372eb840773882cd3539cf4994b9e4941c7f158915a1e1d8b40ee6d78fc7114319e09755114d56cd7b46335dad6ecf1f48bfd

Download Submit
C:\Program Files\Genshin Impact\uninstall.exe

Filesize
23.6MB

MD5
776030f59f098190a7f42449bc458068

SHA1
3681b433f460eafee73bdfa0a25a6d6f887a429e

SHA256
7cf8238dcbfa2610ec351f9478feb409a5f4f4b979186d001f8ae6407c94da12

SHA512
deb8cd435b939655bd63e3c414ec34869f9c69e1ac5608bac32f10f127fdf4c2ba758c2dc9368584ae9a0791c4763901eebc4d707bc925c7b4515b3ad4210cd6

Download Submit
C:\Program Files\Genshin Impact\vcruntime140_1.dll

Filesize
47KB

MD5
0ae97fbade4c1129b72c5ac5a289c56e

SHA1
98d91cbfb93302a6d7f455086d63ea6d195f1564

SHA256
9f06f592706f6a9382a9949d9d82f151bb8d854aa6d2c1e33f08e1e69716c3e1

SHA512
fffc65cc298d59eafde79221109d76aa3fa21c0d80fc64797bff24a48012774563f6605d15ab0e2408709395357c3e1ab094709e10e5101fead7132e98d93fcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact-bdfKiY\7z.dll

Filesize
1.1MB

MD5
e7ae42ea24cff97bdead0c560ef2add1

SHA1
866f380a62622ab1b6c7705ddc116635e6e3cc86

SHA256
db2897eeea65401ee1bd8feeebd0dbae8867a27ff4575f12b0b8a613444a5ef7

SHA512
a4a27b2be70e9102d95ee319ec365b0dc434d4e8cd25589ce8a75b73bbe4f06b071caa907c7a61387b2ce6a35a70873593564499b88598f77a7c25c47448fb0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact-bdfKiY\7z.exe

Filesize
286KB

MD5
afc08ce359e79887e45b8460e124d63e

SHA1
e8dcddb302f01d51da3bcbfa6707d025a896aa57

SHA256
a20d93e7dc3711e8b8a8f63bd148ddc70de8c952de882c5495ac121bfedb749f

SHA512
32d3b8d964711a5706f8cf9f87bc6e33670bba2cb3ab88603dec399652ac7fe297a4692f0865a0bdcbd06515d6b0a84e5a96d1b7fda48f556543536889ba387a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact-bdfKiY\app.7z

Filesize
115.8MB

MD5
83d7fc67da4bf2602d974319b6714393

SHA1
53ac4ada1f51c759a85d3049a71bc04be8aadb9e

SHA256
9eceb9e599c60f473d6559408dbef841e24c611a050d4a82d89edf50b197660e

SHA512
87853c1947077b8afb1b812c36bd3ee2d6a9fc988348fbf4e3561342e3701cec9845fe000c2be66847d6d0c9b5f108e34581fc800cc1fb2fc2833d97417c8328

Download Submit
memory/2108-617-0x00007FFC19280000-0x00007FFC197DA000-memory.dmp

Filesize
5.4MB

Download
memory/2108-618-0x00007FFC18740000-0x00007FFC18AE6000-memory.dmp

Filesize
3.6MB

Download
memory/3212-681-0x00007FFC18740000-0x00007FFC18AE6000-memory.dmp

Filesize
3.6MB

Download