mhyprot.sys
Earlier Genshin Impact / HoYoverse anti-cheat driver
mhyprot.sys is the earlier miHoYo (HoYoverse) anti-cheat kernel driver, the predecessor to mhyprot2.sys. Same publisher, same install pattern (registered as a kernel service when a HoYoverse game is installed), same reason for being on the LOLDrivers list: kernel-level read, write, and process-termination primitives exposed through its IOCTL interface.
The mhyprot2 successor got the headlines (Trend Micro's 2022 write-up of criminal data-extortion operators using it on machines that never ran Genshin ImpactGameGenshin ImpactOpen plate →). The older mhyprot driver sits on the catalog for the same class of capability.
If either driver is registered on your system, the practical step is the same: check Windows services for entries starting with mhyprot, and remove them if you are not currently playing a HoYoverse title. Uninstalling the game does not always remove the kernel service.
mhyprot.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 2 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.
Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.
Vera Project. “mhyprot.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/mhyprot-sys
