a4303ed06b09664661a1b21659997757537e6eca2052eea495058b0dc9fe4d59

Analysis

max time kernel
86s
max time network
115s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
09/07/2024, 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GenshinImpactCloud_install_ua_afd3d53ab951.exe
Size

203.8MB
MD5

9cb92f02f07e3c36c0160857cb974a16
SHA1

17c82e4e64afaf4cf322ca42a17559c21cc73f14
SHA256

a4303ed06b09664661a1b21659997757537e6eca2052eea495058b0dc9fe4d59
SHA512

4e7e506189b8268bea3444aba78445308865e61aca924e86c53cd1ab4033dd5087f3f2a050e3ab03872423b13e68c981ad418ac8ab4cf7fbb3db06cec40fed2f
SSDEEP

6291456:VX6qnQNWA1DrBuZ8z3FCl6TljaeqTTR2:V6qnQNl1vBuZ8TFCDeqTT

Score

7^/10

discovery

Malware Config

Signatures

Unexpected DNS network traffic destination 10 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	223.5.5.5
Destination IP	223.5.5.5
Destination IP	223.5.5.5
Destination IP	223.5.5.5
Destination IP	223.5.5.5
Destination IP	223.5.5.5
Destination IP	223.5.5.5
Destination IP	223.5.5.5
Destination IP	223.5.5.5
Destination IP	223.5.5.5

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 1 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	Genshin Impact · Cloud.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Genshin Impact · Cloud\api-ms-win-crt-stdio-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\D3Dcompiler_47.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\network_detect.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\Qt5QuickWidgets.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\package.ini.lock	GenshinImpactCloud_install_ua_afd3d53ab951.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\resources\HttpServerResources	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\translations\qtwebengine_locales\ro.pak	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\translations\qtwebengine_locales\es.pak	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\translations\qtwebengine_locales\ms.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\api-ms-win-core-file-l2-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\av_engine.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\imageformats\qwbmp.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\msvcr110.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\config\es.json	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\translations\qt_ja.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\api-ms-win-crt-environment-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\imageformats\qwebp.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\rtc_sdk.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\resources\HttpServerResources\font\zh-cn.ttf	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\translations\qtwebengine_locales\hr.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\msvcp110.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\Qt5Positioning.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\package.ini.MoNvBf	GenshinImpactCloud_install_ua_afd3d53ab951.exe
File created	C:\Program Files\Genshin Impact · Cloud\translations\qtwebengine_locales\hi.pak	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\api-ms-win-core-rtlsupport-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\api-ms-win-core-processenvironment-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\api-ms-win-core-synch-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\translations\qtwebengine_locales\bn.pak	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\translations\qtwebengine_locales\ru.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\translations\qtwebengine_locales\en-GB.pak	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\translations\qtwebengine_locales\sr.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\av_engine.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\imageformats\qjpeg.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\bearer	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\config\Region\tr-tr.json	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\api-ms-win-crt-runtime-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\translations\qtwebengine_locales\el.pak	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\translations\qt_sk.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\config\zh-cn.json	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\msvcp100.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\crashreport.exe	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\api-ms-win-core-file-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\Astrolabe.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\resources\qtwebengine_resources_100p.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\api-ms-win-core-errorhandling-l1-1-0.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\iconengines\qsvgicon.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\Qt5Quick.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\Telemetry.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\config\Region\de-de.json	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\resources\qtwebengine_devtools_resources.pak	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\jsoncpp.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\resources\HttpServerResources\font	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\translations\qt_fr.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\libcrypto-3-x64.dll	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\translations\qtwebengine_locales\ko.pak	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\d3dx9_43.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\api-ms-win-core-processthreads-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\translations\qt_es.qm	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\api-ms-win-core-interlocked-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\api-ms-win-crt-string-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\position	7z.exe
File created	C:\Program Files\Genshin Impact · Cloud\api-ms-win-core-handle-l1-1-0.dll	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\config\tr.json	7z.exe
File opened for modification	C:\Program Files\Genshin Impact · Cloud\translations\qtwebengine_locales\gu.pak	7z.exe

Executes dropped EXE 3 IoCs

pid	Process
3340	7z.exe
2828	7z.exe
1428	Genshin Impact · Cloud.exe

Loads dropped DLL 57 IoCs

pid	Process
3340	7z.exe
2828	7z.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GenshinImpactCloud_install_ua_afd3d53ab951.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GenshinImpactCloud_install_ua_afd3d53ab951.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	GenshinImpactCloud_install_ua_afd3d53ab951.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Genshin Impact · Cloud.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	Genshin Impact · Cloud.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GenshinImpactCloud_install_ua_afd3d53ab951.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Genshin Impact · Cloud.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Genshin Impact · Cloud.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Genshin Impact · Cloud.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Genshin Impact · Cloud.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Genshin Impact · Cloud.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	Genshin Impact · Cloud.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	Genshin Impact · Cloud.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
1204	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133649783717772427"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4428	GenshinImpactCloud_install_ua_afd3d53ab951.exe
1428	Genshin Impact · Cloud.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3124	chrome.exe
3124	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4428	GenshinImpactCloud_install_ua_afd3d53ab951.exe
1428	Genshin Impact · Cloud.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeDebugPrivilege	1204	taskkill.exe
Token: SeRestorePrivilege	3340	7z.exe
Token: 35	3340	7z.exe
Token: SeSecurityPrivilege	3340	7z.exe
Token: SeRestorePrivilege	2828	7z.exe
Token: 35	2828	7z.exe
Token: SeSecurityPrivilege	2828	7z.exe
Token: SeSecurityPrivilege	2828	7z.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe
1428	Genshin Impact · Cloud.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4428 wrote to memory of 1204	4428	GenshinImpactCloud_install_ua_afd3d53ab951.exe	83
PID 4428 wrote to memory of 1204	4428	GenshinImpactCloud_install_ua_afd3d53ab951.exe	83
PID 4428 wrote to memory of 3340	4428	GenshinImpactCloud_install_ua_afd3d53ab951.exe	86
PID 4428 wrote to memory of 3340	4428	GenshinImpactCloud_install_ua_afd3d53ab951.exe	86
PID 4428 wrote to memory of 3340	4428	GenshinImpactCloud_install_ua_afd3d53ab951.exe	86
PID 4428 wrote to memory of 2828	4428	GenshinImpactCloud_install_ua_afd3d53ab951.exe	88
PID 4428 wrote to memory of 2828	4428	GenshinImpactCloud_install_ua_afd3d53ab951.exe	88
PID 4428 wrote to memory of 2828	4428	GenshinImpactCloud_install_ua_afd3d53ab951.exe	88
PID 4428 wrote to memory of 1428	4428	GenshinImpactCloud_install_ua_afd3d53ab951.exe	93
PID 4428 wrote to memory of 1428	4428	GenshinImpactCloud_install_ua_afd3d53ab951.exe	93
PID 3124 wrote to memory of 436	3124	chrome.exe	97
PID 3124 wrote to memory of 436	3124	chrome.exe	97
PID 1640 wrote to memory of 3316	1640	chrome.exe	99
PID 1640 wrote to memory of 3316	1640	chrome.exe	99
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 2268	3124	chrome.exe	100
PID 3124 wrote to memory of 5108	3124	chrome.exe	101
PID 3124 wrote to memory of 5108	3124	chrome.exe	101
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102
PID 3124 wrote to memory of 4940	3124	chrome.exe	102

C:\Users\Admin\AppData\Local\Temp\GenshinImpactCloud_install_ua_afd3d53ab951.exe
"C:\Users\Admin\AppData\Local\Temp\GenshinImpactCloud_install_ua_afd3d53ab951.exe"
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:4428
- C:\Windows\SYSTEM32\taskkill.exe
  taskkill /im crashreport.exe /f
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1204
- C:\Users\Admin\AppData\Local\Temp\Genshin Impact · Cloud-cjsCCD\7z.exe
  7z.exe l "C:/Users/Admin/AppData/Local/Temp/Genshin Impact · Cloud-cjsCCD/app.7z"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:3340
- C:\Users\Admin\AppData\Local\Temp\Genshin Impact · Cloud-cjsCCD\7z.exe
  7z.exe x "C:/Users/Admin/AppData/Local/Temp/Genshin Impact · Cloud-cjsCCD/app.7z" "-oC:/Program Files/Genshin Impact · Cloud" -aoa -bsp1
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:2828
- C:\Program Files\Genshin Impact · Cloud\Genshin Impact · Cloud.exe
  "C:\Program Files\Genshin Impact · Cloud\Genshin Impact · Cloud.exe"
  2⤵
  - Checks system information in the registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:3564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7ff9ba64ab58,0x7ff9ba64ab68,0x7ff9ba64ab78
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1772,i,4808527919857152660,2298001303089415590,131072 /prefetch:2
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1772,i,4808527919857152660,2298001303089415590,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1772,i,4808527919857152660,2298001303089415590,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1772,i,4808527919857152660,2298001303089415590,131072 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1772,i,4808527919857152660,2298001303089415590,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3792 --field-trial-handle=1772,i,4808527919857152660,2298001303089415590,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1772,i,4808527919857152660,2298001303089415590,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4184 --field-trial-handle=1772,i,4808527919857152660,2298001303089415590,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1772,i,4808527919857152660,2298001303089415590,131072 /prefetch:8
  2⤵
  PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9ba64ab58,0x7ff9ba64ab68,0x7ff9ba64ab78
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1832,i,4042813857048822265,613009459754822846,131072 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1832,i,4042813857048822265,613009459754822846,131072 /prefetch:8
  2⤵
  PID:3532

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Genshin Impact · Cloud\Astrolabe.dll

Filesize
9.1MB

MD5
d84b65777339085c54ba9b00abf1b624

SHA1
0d256aedb2a12553d35b18d586b780bb08f08a3d

SHA256
a36929c680f06d01ed67782d5e310d9200fd29e5a620c2d28df85851aa3091d2

SHA512
8836f10a2f97521531d5845c29feb83601b3640df499d1c3797ef3881d1f89ce3489b25932b0cca562229e653c56b5dd23ae4ddf7e54344e7e4aad701b249053

Download Submit
C:\Program Files\Genshin Impact · Cloud\Genshin Impact · Cloud.exe

Filesize
40.5MB

MD5
e3ab1a08a0e6191cd6c9ecd5ca1c4963

SHA1
a744be72c163db450baa6960cfa78a4b1bdd6965

SHA256
3db9d65e998286f17ff9f208efa49ab68728c1bfa4886aa771d380eaa902eaa3

SHA512
5110a068089d8729687d7d41fcf5c5cd4271ce7a5acf2db481239a1cd7384745e9858db4fea08b0f1ddfa98dff6416bde2baa4488976e2da96d110dc973df333

Download Submit
C:\Program Files\Genshin Impact · Cloud\Qt5Core.dll

Filesize
5.7MB

MD5
817520432a42efa345b2d97f5c24510e

SHA1
fea7b9c61569d7e76af5effd726b7ff6147961e5

SHA256
8d2ff4ce9096ddccc4f4cd62c2e41fc854cfd1b0d6e8d296645a7f5fd4ae565a

SHA512
8673b26ec5421fce8e23adf720de5690673bb4ce6116cb44ebcc61bbbef12c0ad286dfd675edbed5d8d000efd7609c81aae4533180cf4ec9cd5316e7028f7441

Download Submit
C:\Program Files\Genshin Impact · Cloud\Qt5Gui.dll

Filesize
6.7MB

MD5
47307a1e2e9987ab422f09771d590ff1

SHA1
0dfc3a947e56c749a75f921f4a850a3dcbf04248

SHA256
5e7d2d41b8b92a880e83b8cc0ca173f5da61218604186196787ee1600956be1e

SHA512
21b1c133334c7ca7bbbe4f00a689c580ff80005749da1aa453cceb293f1ad99f459ca954f54e93b249d406aea038ad3d44d667899b73014f884afdbd9c461c14

Download Submit
C:\Program Files\Genshin Impact · Cloud\Qt5Network.dll

Filesize
1.3MB

MD5
3569693d5bae82854de1d88f86c33184

SHA1
1a6084acfd2aa4d32cedfb7d9023f60eb14e1771

SHA256
4ef341ae9302e793878020f0740b09b0f31cb380408a697f75c69fdbd20fc7a1

SHA512
e5eff4a79e1bdae28a6ca0da116245a9919023560750fc4a087cdcd0ab969c2f0eeec63bbec2cd5222d6824a01dd27d2a8e6684a48202ea733f9bb2fab048b32

Download Submit
C:\Program Files\Genshin Impact · Cloud\Qt5Positioning.dll

Filesize
308KB

MD5
714764b987a174a4c03e29187ece86d6

SHA1
70b96b3951702972738bd618324a87257e6157cd

SHA256
8889372b8880e9ab78b86d863cfb1a7c4e22cfaa5360d3761bd03b9de10228bd

SHA512
698e807e4b8aa7aae05ea85f02f51a9f7edc5b74bd97e047d607bb95823b5d1d4e52e749513f2ce4c4bd89c643dee4504847da5f0061f4cd09d7f2ef3e310e7d

Download Submit
C:\Program Files\Genshin Impact · Cloud\Qt5PrintSupport.dll

Filesize
309KB

MD5
61ac08d0e73555352714ff9044130c52

SHA1
f5fee2811236640821a2c18c9e2eaadd509c6e62

SHA256
783d4f1feb8dc0bc00acb8c094d6c1ab39ac6b5858874e60dd3d45677af4307a

SHA512
6abdbfe5ffbd5c1c1204edbfcc47f6b1072aa6a5b229901fe9b22cd2e193e7c963c62b8ac3cabec6467d2440eaddd47214d8f98a06e885822314b98bbcfc2bde

Download Submit
C:\Program Files\Genshin Impact · Cloud\Qt5Qml.dll

Filesize
3.4MB

MD5
d055566b5168d7b1d4e307c41ce47c4b

SHA1
043c0056e9951da79ec94a66a784972532dc18ef

SHA256
30035484c81590976627f8face9507caa8581a7dc7630cccf6a8d6de65cab707

SHA512
4f12d17aa8a3008caa3ddd0e41d3ed713a24f9b5a465ee93b2e4beccf876d5bdf0259aa0d2dd77ad61bb59dc871f78937ffbe4d0f60638014e8ea8a27caf228d

Download Submit
C:\Program Files\Genshin Impact · Cloud\Qt5QmlModels.dll

Filesize
428KB

MD5
2030c4177b499e6118be5b9e5761fce1

SHA1
050d0e67c4aa890c80f46cf615431004f2f4f8fc

SHA256
51e4e5a5e91f78774c44f69b599fae4735277ef2918f7061778615cb5c4f6e81

SHA512
488f7d5d9d8deee9bbb9d63dae346e46efeb62456279f388b323777999b597c2d5aea0ee379bdf94c9cbcfd3367d344fb6b5e90ac40be2ce95efa5bbdd363bcc

Download Submit
C:\Program Files\Genshin Impact · Cloud\Qt5Quick.dll

Filesize
4.0MB

MD5
65f59cfc0c1c060ce20d3b9ceffbaf46

SHA1
cfd56d77506cd8c0671ca559d659dab39e4ad3c2

SHA256
c81ad3c1111544064b1830c6f1aef3c1fd13b401546ab3b852d697c0f4d854b3

SHA512
d6f6dc19f1a0495026cba765b5a2414b6af0dbfc37b5aceed1cd0ae37b3b0f574b759a176d75b01edd74c6ce9a3642d3d29a3fd7f166b53a41c8978f562b4b50

Download Submit
C:\Program Files\Genshin Impact · Cloud\Qt5QuickWidgets.dll

Filesize
80KB

MD5
98ef5971f86fb44ca9b1968189ce6d93

SHA1
3d90381671497ace9aed530e35bb68f4f747acfb

SHA256
d82e8df844ac7b1d0a71a897ce7c93ba8601bfee6413c8a1206b0b7cbf69d02f

SHA512
fbed6e3cb76e5f3919b799d53b955e2b77cdd00aa0e75b26715be4bc4be744a51ed8aa2fd22f21d9865cc8e1940cb7f0fd37da6b804e95a5456d7f0f1331f01d

Download Submit
C:\Program Files\Genshin Impact · Cloud\Qt5WebChannel.dll

Filesize
130KB

MD5
5a3423d138ae3b710f519c84cf8779f8

SHA1
e43a7054fe9f7fb520b55d7994cbec6597e4786c

SHA256
b4779c806f60183899c2027dd919c133062de83f7395aa40c1c32e6c6498de37

SHA512
0e7c42a5c5013899580d3829061d2a01df809456f52b9711ba69ca203fda113605588d45d3a07d34c254dcb415c889bc8563535cece4980a4ac81caed9eb6482

Download Submit
C:\Program Files\Genshin Impact · Cloud\Qt5WebEngineWidgets.dll

Filesize
244KB

MD5
e02c7bc9a4a44d4ac62ab65c56db5da0

SHA1
19e14ea13adca16b8c48609565c255361defe6ee

SHA256
2bd29d50306ac49f1df65c22e736a873f3021a0fb65f950271161a2609056e1f

SHA512
cdc0c82a5044581f70fc45c610b6c8a02c1c76c2912ff3d509a3da08dfd1f6cb4470c2319f7b7b88c596c2f7718779e66cdd12e2fff644c58a62e14e2be0ce4c

Download Submit
C:\Program Files\Genshin Impact · Cloud\Qt5Widgets.dll

Filesize
5.2MB

MD5
4cd1f8fdcd617932db131c3688845ea8

SHA1
b090ed884b07d2d98747141aefd25590b8b254f9

SHA256
3788c669d4b645e5a576de9fc77fca776bf516d43c89143dc2ca28291ba14358

SHA512
7d47d2661bf8fac937f0d168036652b7cfe0d749b571d9773a5446c512c58ee6bb081fec817181a90f4543ebc2367c7f8881ff7f80908aa48a7f6bb261f1d199

Download Submit
C:\Program Files\Genshin Impact · Cloud\VCRUNTIME140_1.dll

Filesize
37KB

MD5
1ac8b88be758c55c6448946c71a0e5fe

SHA1
eaeb1a9d5cd835b0ed278a5d5d9fad47828cdebf

SHA256
8493288d06ab94a97a4e0e162e0554e8056d650721e8a1dd779afa66b30d7d52

SHA512
20ce051a0fce9aed2d2996cbd056eeb11ddfeb665e9ac2e9bb4d0eff894db903462120567a9fca8e75efe8d2715aee6703ee120b8ff63d972a23e29ff51ee219

Download Submit
C:\Program Files\Genshin Impact · Cloud\client_core.dll

Filesize
425KB

MD5
e689682c3c3546b5400215bb0f5adb2e

SHA1
fdf163c5be148664d951a3bfac241c5fd9ed1d7f

SHA256
d9cc60ce098fb5cc38bd3edfb7d47a4b8109691e58508567b19b3b0020302a0c

SHA512
1dc970f4f5b427be2d409795e7c71a38ca015ac9b2c92b58b11159b1292139554734223c61b6f74f3074a409c409e3d5f9ea608692fe5d5e41676884635d68bc

Download Submit
C:\Program Files\Genshin Impact · Cloud\config\Region\id-id.json

Filesize
3KB

MD5
1a1928ee3c7536251cba8742f89a5750

SHA1
a7a9b26c96a3e988148391e0622280e275efeabf

SHA256
dec0742fe54339d9ce99ce6bf8cb92e4cd526fbb5c89efcae8424734102a8036

SHA512
edf59cff8afd989bf7d21f47be71c26495483340dd59fd26b78efa2b37a2920dfe3c52abb08085f4ffc500ef85b12a78da3356726d02e3765b9423a09da8b415

Download Submit
C:\Program Files\Genshin Impact · Cloud\imageformats\qapng.dll

Filesize
160KB

MD5
1aacdf33d30343ae9c4beb05af779c1c

SHA1
af6ed410d3e1f457d9bff511ad97f70956d362a8

SHA256
9d973a814d1fac4c8df83925074e4ff4e55fbf8b9c53da6902e28118a47ae095

SHA512
c55ed41964dc0a75847510588718792d01239f3a0090ea2914adedf7d6dccb4b5c6703ccb1d231872a25424df4b10aa18549aaccf795272d6611c5aeaf7e5cb1

Download Submit
C:\Program Files\Genshin Impact · Cloud\imageformats\qgif.dll

Filesize
38KB

MD5
52fd90e34fe8ded8e197b532bd622ef7

SHA1
834e280e00bae48a9e509a7dc909bea3169bdce2

SHA256
36174dd4c5f37c5f065c7a26e0ac65c4c3a41fdc0416882af856a23a5d03bb9d

SHA512
ef3fb3770808b3690c11a18316b0c1c56c80198c1b1910e8aa198df8281ba4e13dc9a6179bb93a379ad849304f6bb934f23e6bbd3d258b274cc31856de0fc12b

Download Submit
C:\Program Files\Genshin Impact · Cloud\imageformats\qicns.dll

Filesize
43KB

MD5
ad84af4d585643ff94bfa6de672b3284

SHA1
5d2df51028fbeb7f6b52c02add702bc3fa781e08

SHA256
f4a229a082d16f80016f366156a2b951550f1e9df6d4177323bbedd92a429909

SHA512
b68d83a4a1928eb3390deb9340cb27b8a3eb221c2e0be86211ef318b4dd34b37531ca347c73cce79a640c5b06fbd325e10f8c37e0cee2581f22abfbff5cc0d55

Download Submit
C:\Program Files\Genshin Impact · Cloud\imageformats\qico.dll

Filesize
37KB

MD5
a9abd4329ca364d4f430eddcb471be59

SHA1
c00a629419509929507a05aebb706562c837e337

SHA256
1982a635db9652304131c9c6ff9a693e70241600d2ef22b354962aa37997de0b

SHA512
004ea8ae07c1a18b0b461a069409e4061d90401c8555dd23dbf164a08e96732f7126305134bfaf8b65b0406315f218e05b5f0f00bedb840fb993d648ce996756

Download Submit
C:\Program Files\Genshin Impact · Cloud\imageformats\qjpeg.dll

Filesize
411KB

MD5
16abcceb70ba20e73858e8f1912c05cd

SHA1
4b3a32b166ab5bbbee229790fdae9cbc84f936ba

SHA256
fb4e980cb5fafa8a4cd4239329aed93f7c32ed939c94b61fb2df657f3c6ad158

SHA512
3e5c83967bf31c9b7f1720059dd51aa4338e518b076b0461541c781b076135e9cb9cbceb13a8ec9217104517fbcc356bdd3ffaca7956d1c939e43988151f6273

Download Submit
C:\Program Files\Genshin Impact · Cloud\imageformats\qsvg.dll

Filesize
31KB

MD5
c0de135782fa0235a0ea8e97898eaf2a

SHA1
fcf5fd99239bf4e0b17b128b0ebec144c7a17de2

SHA256
b3498f0a10ac4cb42cf7213db4944a34594ff36c78c50a0f249c9085d1b1ff39

SHA512
7bd5f90ccab3cf50c55eaf14f7ef21e05d3c893fa7ac9846c6ca98d6e6d177263ac5eb8a85a34501bcfca0da7f0b6c39769726f4090fca2231ee64869b81cf0b

Download Submit
C:\Program Files\Genshin Impact · Cloud\imageformats\qtga.dll

Filesize
30KB

MD5
a913276fa25d2e6fd999940454c23093

SHA1
785b7bc7110218ec0e659c0e5ace9520aa451615

SHA256
5b641dec81aec1cf7ac0cce9fc067bb642fbd32da138a36e3bdac3bb5b36c37a

SHA512
cebe48e6e6c5cdf8fc339560751813b8de11d2471a3dab7d648df5b313d85735889d4e704e8eec0ad1084ab43be0ebdfbacd038aeac46d7a951efb3a7ce838eb

Download Submit
C:\Program Files\Genshin Impact · Cloud\imageformats\qtiff.dll

Filesize
380KB

MD5
9c0acf12d3d25384868dcd81c787f382

SHA1
c6e877aba3fb3d2f21d86be300e753e23bb0b74e

SHA256
825174429ced6b3dab18115dbc6c9da07bf5248c86ec1bd5c0dcaeca93b4c22d

SHA512
45594fa3c5d7c4f26325927bb8d51b0b88e162e3f5e7b7f39a5d72437606383e9fdc8f83a77f814e45aff254914514ae52c1d840a6c7b98767f362ed3f4fc5bd

Download Submit
C:\Program Files\Genshin Impact · Cloud\imageformats\qwbmp.dll

Filesize
29KB

MD5
68919381e3c64e956d05863339f5c68c

SHA1
ce0a2ad1f1a46b61cb298cec5aa0b25ff2c12992

SHA256
0f05969fb926a62a338782b32446ea3e28e4bfbffc0dbd25ed303fab3404abac

SHA512
6222a3818157f6bcd793291a6c0380ef8c6b93ecea2e0c9a767d9d9163461b541afaf8c6b21c5a020f01c95c6ee9b2b74b358ba18da120f520e87e24b20836aa

Download Submit
C:\Program Files\Genshin Impact · Cloud\libEGL.dll

Filesize
24KB

MD5
bb00ef1dd81296af10fdfa673b4d1397

SHA1
773ffcf4a231b963baac36cbef68079c09b62837

SHA256
32092de077fd57b6ef355705ec46c6d21f6d72fbe3d3a5dd628f2a29185a96fa

SHA512
c87c0868c04852b63a7399afe4e568cd9a65b7b7d5fd63030abea649aac5e9f2293ab5be2b2ce56a57f2b4b1992ae730150a293ada53637fc5cd7be0a727cbd4

Download Submit
C:\Program Files\Genshin Impact · Cloud\libGLESv2.dll

Filesize
3.2MB

MD5
2247ee4356666335df7d72129af8d600

SHA1
f0131c1a67fc17c0e8dcc4a4ca38c9f1780e7182

SHA256
50fad5605b3d57627848b3b84a744dfb6a045609b8236b04124f2234676758d8

SHA512
67f2a7bf169c7b9a516689cf1b16446ca50e57f099b9b742ccb1abb2dcde8867f8f6305ad8842cd96194687fc314715ae04c1942b0e0a4f51b592b028c5b16d3

Download Submit
C:\Program Files\Genshin Impact · Cloud\msvcp140.dll

Filesize
553KB

MD5
859c16dc29a862dbd5595596d136dcc3

SHA1
542116e37cb83cbd2cfe5ecddc94145c0f6828df

SHA256
b832523b9ad9d3b7f33ea1a6fce8be04d171d6a5a09aee7b70872043566a4043

SHA512
480ea998096be185d520e77c70bb4da6d49a6ed01a03fbae3c4a002e1e27ebe8e0716e58e818d972f559c52216e5d3cbf79be7353d960954010a9cd49c7a0638

Download Submit
C:\Program Files\Genshin Impact · Cloud\msvcp140_1.dll

Filesize
24KB

MD5
02310df8d3d240813017f8ed46fbd51b

SHA1
037e7bb52504ebc12b8fd5fe001a7d2966ff5d65

SHA256
0487a361a4b9f350d06daa5ca20214bf7d50ed82c2f7396d07a93522c4e4c331

SHA512
ce991a7e223cb7781501152f755148140ddb0f6f247f6de456e16b5981a41b3b2be6b8ebe415ac402b2438e44634c701a1eaf00e2c03feb6d264560fe44b634d

Download Submit
C:\Program Files\Genshin Impact · Cloud\platforms\qwindows.dll

Filesize
1.4MB

MD5
4931fcd0e86c4d4f83128dc74e01eaad

SHA1
ac1d0242d36896d4dda53b95812f11692e87d8df

SHA256
3333ba244c97264e3bd19db5953efa80a6e47aaced9d337ac3287ec718162b85

SHA512
0396bccda43856950afe4e7b16e0f95d4d48b87473dc90cf029e6ddfd0777e1192c307cfe424eae6fb61c1b479f0ba1ef1e4269a69c843311a37252cf817d84d

Download Submit
C:\Program Files\Genshin Impact · Cloud\styles\qwindowsvistastyle.dll

Filesize
140KB

MD5
53a85f51054b7d58d8ad7c36975acb96

SHA1
893a757ca01472a96fb913d436aa9f8cfb2a297f

SHA256
d9b21182952682fe7ba63af1df24e23ace592c35b3f31eceef9f0eabeb5881b9

SHA512
35957964213b41f1f21b860b03458404fbf11daf03d102fbea8c2b2f249050cefbb348edc3f22d8ecc3cb8abfdc44215c2dc9da029b4f93a7f40197bd0c16960

Download Submit
C:\Program Files\Genshin Impact · Cloud\vcruntime140.dll

Filesize
95KB

MD5
05ebbcdff8217330a6fe40e5de7cb3d8

SHA1
3736d844732aaff618d6fd9073459015d9db2198

SHA256
e7ad097a1fee72299c6ddfc16558a8d435bc0f23436e45f0ce8ace69cb3b38d8

SHA512
3f636bab532b81e43303cafb51658c97e0ffb3097e25dc34778ece22b65e9c0d7206bfc2faf964a9815ec041725b2cecf1e68057d9af0fba42de4cbbe672a341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ccf0c873a03cfd35e9623affd395bc1a

SHA1
2ce3bf03152d68820fc41f6481faf85c89fc89ce

SHA256
5fb8324d5936093ba063662c4d02d5aba3d65c6dd5766fbcb3305ef4e85236db

SHA512
b964fa10cdd2ba7b2d4cf39f1d50b1d5a4e4cc9c9eb913fd153e186a2ab5e55f1b4598257e9884b886055abb8659e17f7b899e93c09c064d6fb70961d007869c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5605b081daf4bf977e07a56aaf39c5d4

SHA1
c4552821abb98435cb94e0feff8e27f5f7118659

SHA256
f11a3d037e0c2105289ebc12c2205bbb8740e729c098abfcc26580e2be873be1

SHA512
58bcb929b0d70c151715af6c63649a8b35c49f03f689a61e443516dae8f8adb769f13d5092a9100c516e18ac9f8046abc8efcf789e054536c7fb8457c1899bd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7a4ee8807959db377731a3c6769f619a

SHA1
d57914048f3a96b4b228549846954fe91351ed30

SHA256
b3d6bf940ae383110196fbea5d6cbfb8d6f7266db6d208b1af5599c0fc124990

SHA512
3e130a54b5a93133760ffd29f52ba990e0d50d163e1995266c1b91b771a7f0f8c140c9393022fac8fc7d531e8b78f8e55ec51f7647b592202b70c8dd27eaf391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b9126ce06e405722160e747bd7a4b559

SHA1
3cd0156dd657d64bf6ef13eeefba52623f61da68

SHA256
fe8d3759e240be6f6066296b5b9efde84c01bb81fee2a4648a7283a5c5830ab0

SHA512
1fcfb3c8ccdff1693b4660b8dd70ea0bf0a66940875b313f4166c23ff4d8c331c729fcfb9d95b52d53d5e6f4a6a51bb3f776aa4b5b6b37a3f7fc165e1df6c638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e9bc5f2e9a72858bff53dc52cc3c590d

SHA1
348dade4ec4c7d3ad3677a1167f89a4981924b9d

SHA256
87382f164ac41e30ef423bc60c64e96349ab7c4a776e8daedbd0f8336d07de4e

SHA512
a3b0c62587e6bc42be4c9980c7c41b141d8939c4281a323a75385b5b15625ca5668038632ceaa5ee606a9bea1efb4f6433224afe10ff8f121118ae6a3f4f3af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
6c0a02b5dbb858c9fa59d752e26b5ae9

SHA1
9bb19cb5c7cf827e9abaadd712032adb3490e218

SHA256
da620eff3d8da33181a4399055ee58cb3336e33ff3b7542fdb66fbc36832d126

SHA512
4daeedf1b544fcea7dc56a1cc60ac50582d4ef0f91020d4fb8f54a5975efbbb901571b028eb14a3a876d0aff544e9e92ab40b60d41b41441262d7024eaae73e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
ffba7abec1fd785855739d51aa11c07f

SHA1
71f409de2386ccfa93c9483d7a1dfbe4c067d8cd

SHA256
4d2ff014a9b110423793045097645926c472c1bbde75e83b66bb46efbc576621

SHA512
40784fe2eb9872ed6de16978417d25a6fdd07c140e38c12ee75798128f4aa039bdc85bceabfed78c6dd81b044978b93c380c257c4aada26b22d55fc67ef32532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\HoYoverse\GenshinImpactCloudGame\CrashDumps\astrolabe\Preferences

Filesize
59B

MD5
c46b43120adc35362aa969416cb91aac

SHA1
e17acc75574ddc880257fb4a422ef1980d7a9bc3

SHA256
05fb74c60426c037c061e2a0cf5a038f40b9dd6914e9aa9ef076cf9a8ba46f8c

SHA512
fe87acdf1893c4f26c5d220fa60d6b95ad3e74e621b54e48dab4969206f74c7b6b86771e56c11c2e67b2674659dc9654826e4b96c731517992401620a82dd47b

Download Submit
C:\Users\Admin\AppData\Local\HoYoverse\GenshinImpactCloudGame\CrashDumps\astrolabe\Preferences~RFe585d8c.TMP

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\HoYoverse\GenshinImpactCloudGame\report\telemetry\Preferences

Filesize
82B

MD5
e3563dee69711d7524ccb0b23a66908d

SHA1
575758e9d0261786a35f2e882d9e00d014fdbc43

SHA256
bd478e890f05e4d1422ddaca1d8e6a4dc0e8a1558560977dda589b332dc031e6

SHA512
fc4468b46794644976fa712ef82024b312394afb56ed7608c6436d1894daa67be3b741c5753481718749fb2e3694590cb16213de5bfbea9b7cd94ccb5a15c4a0

Download Submit
C:\Users\Admin\AppData\Local\HoYoverse\GenshinImpactCloudGame\report\telemetry\Preferences~RFe58a013.TMP

Filesize
61B

MD5
0a4393fe6e08f5dbddd2a65e2ed2bccb

SHA1
0c6de757c2ac96893efa797a1fb1a317eb5b4b6a

SHA256
34d3914958d57fc03efaaaada0af99d613160bcee0dffbb4b19d4ab2911af0c3

SHA512
8bf6f953455a0e1ab19ff487c25391a4d2a33d34e660841ac40e4eba4f6e11e45eba6349c492844a333a8a706a80ffb9d28891ff30fbb964423853a60b992c1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact · Cloud-cjsCCD\7z.dll

Filesize
1.1MB

MD5
e7ae42ea24cff97bdead0c560ef2add1

SHA1
866f380a62622ab1b6c7705ddc116635e6e3cc86

SHA256
db2897eeea65401ee1bd8feeebd0dbae8867a27ff4575f12b0b8a613444a5ef7

SHA512
a4a27b2be70e9102d95ee319ec365b0dc434d4e8cd25589ce8a75b73bbe4f06b071caa907c7a61387b2ce6a35a70873593564499b88598f77a7c25c47448fb0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Genshin Impact · Cloud-cjsCCD\7z.exe

Filesize
286KB

MD5
afc08ce359e79887e45b8460e124d63e

SHA1
e8dcddb302f01d51da3bcbfa6707d025a896aa57

SHA256
a20d93e7dc3711e8b8a8f63bd148ddc70de8c952de882c5495ac121bfedb749f

SHA512
32d3b8d964711a5706f8cf9f87bc6e33670bba2cb3ab88603dec399652ac7fe297a4692f0865a0bdcbd06515d6b0a84e5a96d1b7fda48f556543536889ba387a

Download Submit
memory/1428-551-0x00007FF9BE610000-0x00007FF9BEA08000-memory.dmp

Filesize
4.0MB

Download
memory/1428-546-0x00007FF7A3040000-0x00007FF7A594A000-memory.dmp

Filesize
41.0MB

Download
memory/1428-548-0x00007FF9C0440000-0x00007FF9C0981000-memory.dmp

Filesize
5.3MB

Download
memory/4428-0-0x000002B4629E0000-0x000002B4629F0000-memory.dmp

Filesize
64KB

Download