7022e6f38a1e7f7b63f101162cffb82987b345c7c5ff195adfebd05baeb607b0

Analysis

max time kernel
105s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
08-02-2023 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rokpclaunch_gb_lilith_0904_10108.exe
Size

69.8MB
MD5

208786c0a153fc23b9b4851f80ea2254
SHA1

929d574351ec302b489ee60c68c1b40d41d1a351
SHA256

7022e6f38a1e7f7b63f101162cffb82987b345c7c5ff195adfebd05baeb607b0
SHA512

5523d3032e3632d78a83920bdb2429c49793fa19e136901c47c6355f9b1c405d025b144b52d84fbd49ff627801cbd17ba4e102f5e5c0b6a29aba533f8376e2d2
SSDEEP

1572864:uUezcxjZXaEs3eseNLdcSiKoMmarZ/kIpXD+AauyKzuMud:NezcNZX4OTNLdXiKVrZ8IpydkAd

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
456	rokpclaunch_gb_lilith_0904_10108.tmp
4568	launcher.exe
1624	cef_helper.exe
4932	cef_helper.exe

Loads dropped DLL 8 IoCs

pid	Process
456	rokpclaunch_gb_lilith_0904_10108.tmp
456	rokpclaunch_gb_lilith_0904_10108.tmp
456	rokpclaunch_gb_lilith_0904_10108.tmp
456	rokpclaunch_gb_lilith_0904_10108.tmp
4568	launcher.exe
4568	launcher.exe
1624	cef_helper.exe
4932	cef_helper.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\ROKLauncher\cef\locales\is-EI8GJ.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-KVCU1.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File opened for modification	C:\Program Files\ROKLauncher\cef\d3dcompiler_43.dll	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\is-7T944.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-QAPLR.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-PH88M.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-8892E.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\unins\is-67LA2.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File opened for modification	C:\Program Files\ROKLauncher\cef\libGLESv2.dll	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-GU40J.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-0TRKD.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\unins\is-357GR.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File opened for modification	C:\Program Files\ROKLauncher\cef_temp\cef.log	launcher.exe
File created	C:\Program Files\ROKLauncher\cef\locales\is-CSB2E.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-HK8HL.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-RH6RU.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-LMC77.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-AOLJM.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-KEGSO.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef_temp\CefLocalStorage\data_1	launcher.exe
File created	C:\Program Files\ROKLauncher\cef\locales\is-KIKJJ.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-HURJE.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef_temp\CefLocalStorage\Visited Links	launcher.exe
File created	C:\Program Files\ROKLauncher\cef\locales\is-D99NK.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\unins\is-RE9LL.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\unins\is-QC32V.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\update\launcher.exe	launcher.exe
File created	C:\Program Files\ROKLauncher\cef_temp\CefLocalStorage\f_000002	launcher.exe
File created	C:\Program Files\ROKLauncher\cef\is-LS7I6.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\is-JLLDA.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\is-UHK1A.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File opened for modification	C:\Program Files\ROKLauncher\cef_temp\CefLocalStorage\f_000001	launcher.exe
File created	C:\Program Files\ROKLauncher\cef\locales\is-VHCQV.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-PFON2.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-NDB6M.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File opened for modification	C:\Program Files\ROKLauncher\cef_temp\CefLocalStorage\data_2	launcher.exe
File created	C:\Program Files\ROKLauncher\cef\is-59837.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-U4ROJ.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File opened for modification	C:\Program Files\ROKLauncher\unins000.dat	rokpclaunch_gb_lilith_0904_10108.tmp
File opened for modification	C:\Program Files\ROKLauncher\cef_temp\cef.log	cef_helper.exe
File created	C:\Program Files\ROKLauncher\cef_temp\CefLocalStorage\data_0	launcher.exe
File opened for modification	C:\Program Files\ROKLauncher\cef_temp\cef.log	cef_helper.exe
File opened for modification	C:\Program Files\ROKLauncher\cef_temp\CefLocalStorage\ChromeDWriteFontCache	cef_helper.exe
File opened for modification	C:\Program Files\ROKLauncher\launcher.exe	rokpclaunch_gb_lilith_0904_10108.tmp
File opened for modification	C:\Program Files\ROKLauncher\cef\cef_helper.exe	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-T3C5G.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\is-S2I72.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-K008T.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-25R4J.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File opened for modification	C:\Program Files\ROKLauncher\cef\widevinecdmadapter.dll	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\is-NKP14.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\is-48AQD.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\is-UQAEN.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\is-SS7P0.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\is-N9KSO.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-7I6FN.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\tmp_launcher_version_map.txt	launcher.exe
File created	C:\Program Files\ROKLauncher\is-V6U37.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-K6BE3.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\cef\locales\is-J2NO4.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\unins\is-1TOS0.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Program Files\ROKLauncher\is-PHB28.tmp	rokpclaunch_gb_lilith_0904_10108.tmp
File opened for modification	C:\Program Files\ROKLauncher\cef_temp\CefLocalStorage\data_0	launcher.exe
File created	C:\Program Files\ROKLauncher\cef_temp\CefLocalStorage\f_000004	launcher.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\SourceHanSansCNRegular.ttf	rokpclaunch_gb_lilith_0904_10108.tmp
File opened for modification	C:\Windows\Fonts\SourceHanSansCNRegular.ttf	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Windows\Fonts\SourceHanSansCNBold.ttf	rokpclaunch_gb_lilith_0904_10108.tmp
File created	C:\Windows\Fonts\LomaN.ttf	launcher.exe
File created	C:\Windows\Fonts\LomaB.ttf	launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
456	rokpclaunch_gb_lilith_0904_10108.tmp
456	rokpclaunch_gb_lilith_0904_10108.tmp

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
456	rokpclaunch_gb_lilith_0904_10108.tmp
4568	launcher.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4568	launcher.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 456	2100	rokpclaunch_gb_lilith_0904_10108.exe	82
PID 2100 wrote to memory of 456	2100	rokpclaunch_gb_lilith_0904_10108.exe	82
PID 2100 wrote to memory of 456	2100	rokpclaunch_gb_lilith_0904_10108.exe	82
PID 456 wrote to memory of 4568	456	rokpclaunch_gb_lilith_0904_10108.tmp	94
PID 456 wrote to memory of 4568	456	rokpclaunch_gb_lilith_0904_10108.tmp	94
PID 4568 wrote to memory of 1624	4568	launcher.exe	95
PID 4568 wrote to memory of 1624	4568	launcher.exe	95
PID 4568 wrote to memory of 4932	4568	launcher.exe	96
PID 4568 wrote to memory of 4932	4568	launcher.exe	96

C:\Users\Admin\AppData\Local\Temp\rokpclaunch_gb_lilith_0904_10108.exe
"C:\Users\Admin\AppData\Local\Temp\rokpclaunch_gb_lilith_0904_10108.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\is-5MJG7.tmp\rokpclaunch_gb_lilith_0904_10108.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5MJG7.tmp\rokpclaunch_gb_lilith_0904_10108.tmp" /SL5="$10004A,72151014,942080,C:\Users\Admin\AppData\Local\Temp\rokpclaunch_gb_lilith_0904_10108.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:456
- - C:\Program Files\ROKLauncher\launcher.exe
    "C:\Program Files\ROKLauncher\launcher.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4568
  - - C:\Program Files\ROKLauncher\cef\cef_helper.exe
      ".\cef\cef_helper.exe" --type=renderer --disable-gpu-compositing --no-sandbox --enable-begin-frame-scheduling --lang=en-US --lang=en-US --log-file="C:\Program Files\ROKLauncher\cef_temp\cef.log" --ppapi-flash-path="PepperFlash\pepflashplayer.dll" --ppapi-flash-version=20.0.0.228 --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="4568.0.1514893315\745536207" /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      PID:1624
  - - C:\Program Files\ROKLauncher\cef\cef_helper.exe
      ".\cef\cef_helper.exe" --type=utility --channel="4568.1.1752294082\276571841" --lang=en-US --no-sandbox --no-sandbox --lang=en-US --log-file="C:\Program Files\ROKLauncher\cef_temp\cef.log" /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      PID:4932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\ROKLauncher\cef\cef.pak

Filesize
2.2MB

MD5
4d991b6db94e823aac8cef6eb1959662

SHA1
84856f2eba08c5ad2df6a946e0eb7519bc9fb6cc

SHA256
2e07dc909efb9d9316e15452f168581966bdc7ad8fb607d3d3a339aaa8dc0266

SHA512
9842bf88339eaed96f81e82b1f1b15f6fe259449097e44f5d7738cd0aa79786da5e0b777d84b9a6a1c08bf3d0edfcf71c9cb396bd6c78145c5dfd171b8384f1f

Download Submit
C:\Program Files\ROKLauncher\cef\cef_100_percent.pak

Filesize
141KB

MD5
ad2ddfc39c78eedc734af6506a579a8c

SHA1
64e66d48ab3a98503948202dec3ff2f35470cd5b

SHA256
58f7ce00d589aaaebfaf3d0badac45924545e49f2d1531156f282eac7abb11b5

SHA512
7482b0c4c51bf4d3c3389a6ccf9c59307911ba793116bac04077594d9b3d6f54a07e6187764201fba8bb31ede88b9ff65ab6867a2526e0f8e7b16136f7978367

Download Submit
C:\Program Files\ROKLauncher\cef\cef_extensions.pak

Filesize
4.1MB

MD5
6e727928ebeeeb5847c65c15c41802ed

SHA1
d22ba6f8e3160484dd40fd5f4eb685182f404d88

SHA256
221a97daf8263321ceb9ce244452fc97b865b561e399b23d42682fef4785ea7f

SHA512
d39e98d8d2e9afc84f8188e27e412079667df2174da14f93f451396ea1a27fd5abf9fb8218ff02c94b56c60e7e5e59a5819d50d2463ef6f6ad71d29cf1f155a8

Download Submit
C:\Program Files\ROKLauncher\cef\cef_helper.exe

Filesize
413KB

MD5
268c09b97ec97307464edc76e51fae9d

SHA1
82625950cc91acb9de9d942d06173b062cd7ec34

SHA256
de65d9d3437b45e45ab689a9c3ad1bd35f4f97967cacc97bdce9d50cfd4f7a3d

SHA512
58ed50b3df711039693294f5c74edf42eb1ad2382dc1b4a8444013a60354860c7b15c83718c8aea7b38310744afa49fcb599d9ac714de72f625dd762fae15500

Download Submit
C:\Program Files\ROKLauncher\cef\cef_helper.exe

Filesize
413KB

MD5
268c09b97ec97307464edc76e51fae9d

SHA1
82625950cc91acb9de9d942d06173b062cd7ec34

SHA256
de65d9d3437b45e45ab689a9c3ad1bd35f4f97967cacc97bdce9d50cfd4f7a3d

SHA512
58ed50b3df711039693294f5c74edf42eb1ad2382dc1b4a8444013a60354860c7b15c83718c8aea7b38310744afa49fcb599d9ac714de72f625dd762fae15500

Download Submit
C:\Program Files\ROKLauncher\cef\cef_helper.exe

Filesize
413KB

MD5
268c09b97ec97307464edc76e51fae9d

SHA1
82625950cc91acb9de9d942d06173b062cd7ec34

SHA256
de65d9d3437b45e45ab689a9c3ad1bd35f4f97967cacc97bdce9d50cfd4f7a3d

SHA512
58ed50b3df711039693294f5c74edf42eb1ad2382dc1b4a8444013a60354860c7b15c83718c8aea7b38310744afa49fcb599d9ac714de72f625dd762fae15500

Download Submit
C:\Program Files\ROKLauncher\cef\devtools_resources.pak

Filesize
4.4MB

MD5
37936cb4d567ec68a1f22b5f923fd14f

SHA1
d85de3ce443335c6065a248801f56e9fa1ba3736

SHA256
de7fad0fb516c05ba2470d97d31e86ad44f5269c6b4fadaeb6ac955f4dc1a6d7

SHA512
5c08bdff7c6ac3724a277e2287eec2effc12793dae6fe05e99e772c0c0a3aa262e7d13a7569756466aa1c4bd9e1fc2f04c38adc34b38fdab0e5765dec7f1fcc1

Download Submit
C:\Program Files\ROKLauncher\cef\icudtl.dat

Filesize
9.7MB

MD5
d03ad9a1189d190119209072d048e428

SHA1
aa954098e3ae4c00f67bace45b39a7b4a8242c6a

SHA256
2857fbe46d007307b1e204c6eb1b7e4988973b958ec8edb07445988f332c1ab5

SHA512
4f73a2c0ceef525e5947dc6eeb7608db40e535eeadb37d83842bdd638eb4d9114f3654d8094c0b72c66ae4bb0214b0947cd4fe2b56426f778c07f3cac5faea21

Download Submit
C:\Program Files\ROKLauncher\cef\locales\en-US.pak

Filesize
39KB

MD5
ea20f7ef299ca680a72e9163c8ed0093

SHA1
f9ef3b9cc76f34f83142e1fcb67bf5c3f9031953

SHA256
a76263a6b5c969a0b0a2cc90bdb86d35f3adaddef41884fa84832c24b0940192

SHA512
c0d217475e81a629abce4cc3557f1ae3422eefcb27c71a36cdba607036977492eb5c28f31f3b9e9724fbda78661d29f27db816d18b86efc845b015298a6fe53d

Download Submit
C:\Program Files\ROKLauncher\cef\natives_blob.bin

Filesize
402KB

MD5
8f4d6515f4d321313a39a659c3c5ff01

SHA1
f4c95f1abd24c715a3dd4b3e4c9cff5decda7250

SHA256
7d9c0c4d88618bdd16bb0681fdec1dd736e2ed1141ae527a27b22fb93f27848f

SHA512
3c00eb9a8ca8d076140df0071cfa702e1c032edbc20481bb7f7b7a88c1a82c959b8ac901182c2f9d235f55b4528c8e12b1e765119f1e784645c61f66c1c2b007

Download Submit
C:\Program Files\ROKLauncher\cef\nim_libcef.dll

Filesize
62.7MB

MD5
4c52cfc1353e7adfbdb598ca30d4a145

SHA1
348e3f88962a37af93498da33b2e355cac6f2265

SHA256
c59ca22121cb1ce2e9268b79d0221fb5471807a2dbad0ab28759a18387faa318

SHA512
3b4a71528d5a075b145963d26bf94a409dabbe8f3459aac3c75d35dbbc62d7afbe63ea00afe0b7210fb15b334dc09cc739755414aac49c508a0f44f89b663da7

Download Submit
C:\Program Files\ROKLauncher\cef\nim_libcef.dll

Filesize
62.7MB

MD5
4c52cfc1353e7adfbdb598ca30d4a145

SHA1
348e3f88962a37af93498da33b2e355cac6f2265

SHA256
c59ca22121cb1ce2e9268b79d0221fb5471807a2dbad0ab28759a18387faa318

SHA512
3b4a71528d5a075b145963d26bf94a409dabbe8f3459aac3c75d35dbbc62d7afbe63ea00afe0b7210fb15b334dc09cc739755414aac49c508a0f44f89b663da7

Download Submit
C:\Program Files\ROKLauncher\cef\nim_libcef.dll

Filesize
62.7MB

MD5
4c52cfc1353e7adfbdb598ca30d4a145

SHA1
348e3f88962a37af93498da33b2e355cac6f2265

SHA256
c59ca22121cb1ce2e9268b79d0221fb5471807a2dbad0ab28759a18387faa318

SHA512
3b4a71528d5a075b145963d26bf94a409dabbe8f3459aac3c75d35dbbc62d7afbe63ea00afe0b7210fb15b334dc09cc739755414aac49c508a0f44f89b663da7

Download Submit
C:\Program Files\ROKLauncher\cef\nim_libcef.dll

Filesize
62.7MB

MD5
4c52cfc1353e7adfbdb598ca30d4a145

SHA1
348e3f88962a37af93498da33b2e355cac6f2265

SHA256
c59ca22121cb1ce2e9268b79d0221fb5471807a2dbad0ab28759a18387faa318

SHA512
3b4a71528d5a075b145963d26bf94a409dabbe8f3459aac3c75d35dbbc62d7afbe63ea00afe0b7210fb15b334dc09cc739755414aac49c508a0f44f89b663da7

Download Submit
C:\Program Files\ROKLauncher\cef\nim_libcef.dll

Filesize
62.7MB

MD5
4c52cfc1353e7adfbdb598ca30d4a145

SHA1
348e3f88962a37af93498da33b2e355cac6f2265

SHA256
c59ca22121cb1ce2e9268b79d0221fb5471807a2dbad0ab28759a18387faa318

SHA512
3b4a71528d5a075b145963d26bf94a409dabbe8f3459aac3c75d35dbbc62d7afbe63ea00afe0b7210fb15b334dc09cc739755414aac49c508a0f44f89b663da7

Download Submit
C:\Program Files\ROKLauncher\cef\snapshot_blob.bin

Filesize
604KB

MD5
f4f1cb8317868f36ffb3c57978167ae6

SHA1
fcf94677714fef6e1fadc7914c5c2c123f8aed56

SHA256
e32f9e538a286ea29adafa20d0269af7278cfc0f8899ea75281f4037c65ca00f

SHA512
cce41cfaf4a9a9f4600c97dc3882f38a0e55cfe6884f8c4f83d062a0253d035ff5d510805f88edf83e1a97a78c8a1dbf9282d8c24a0d2693e0c4e6cb6aed80dd

Download Submit
C:\Program Files\ROKLauncher\launcher.exe

Filesize
29.0MB

MD5
9145a2104a1f063890d7d766066b98d5

SHA1
947956bbeeaeb29179ffd3cfa15d3c2ac99e57e1

SHA256
f9bffd5164ea96c273021f4868544ad697187de5baef3ba0b944d5370f28f980

SHA512
a811fb69cab565778d74116ae652914b6d33a85f96aa04f2bc5316c24ad2b9f20fb5a8fdf7f638cbc1b6b420677837f845cd60cd111e0cda828752ee3460897e

Download Submit
C:\Program Files\ROKLauncher\launcher.exe

Filesize
29.0MB

MD5
9145a2104a1f063890d7d766066b98d5

SHA1
947956bbeeaeb29179ffd3cfa15d3c2ac99e57e1

SHA256
f9bffd5164ea96c273021f4868544ad697187de5baef3ba0b944d5370f28f980

SHA512
a811fb69cab565778d74116ae652914b6d33a85f96aa04f2bc5316c24ad2b9f20fb5a8fdf7f638cbc1b6b420677837f845cd60cd111e0cda828752ee3460897e

Download Submit
C:\Program Files\ROKLauncher\launcher_version_map.txt

Filesize
7KB

MD5
434bc453ce9ec53f67c4c84ea7b230d4

SHA1
97385a64586a69d441936d503c8634fe87e2e797

SHA256
9ec2dfe501f714196850ebd4a30addab237e9a84d6dd58069b6b3facdd09e7f9

SHA512
263ab00d7287354eb758f7c11c25ef63995d42693c88d4b7bd9ae25e70b515edc6febcdbf9eacfb5d2c9f0e7f224e45165518cda069829a6523d4fcb2544469f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5MJG7.tmp\rokpclaunch_gb_lilith_0904_10108.tmp

Filesize
3.1MB

MD5
830f130684415ed9b477a85888ae0944

SHA1
868d733b4e5664b31acacd4f9902d75848aa3a9c

SHA256
f84858cce7c937e27017e6b4a3aa7a57bc04fdca9403c33963e62179e2af7621

SHA512
ab7bbb33e73e4809a51ce64c14d162b03e7c47bcc475453f146aaaffd924ef0a4ed95a106589837055e4477ead6ba73ae038aba7f5de2c9a0cf530f616318f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5MJG7.tmp\rokpclaunch_gb_lilith_0904_10108.tmp

Filesize
3.1MB

MD5
830f130684415ed9b477a85888ae0944

SHA1
868d733b4e5664b31acacd4f9902d75848aa3a9c

SHA256
f84858cce7c937e27017e6b4a3aa7a57bc04fdca9403c33963e62179e2af7621

SHA512
ab7bbb33e73e4809a51ce64c14d162b03e7c47bcc475453f146aaaffd924ef0a4ed95a106589837055e4477ead6ba73ae038aba7f5de2c9a0cf530f616318f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VIJ17.tmp\botva2.dll

Filesize
41KB

MD5
ef899fa243c07b7b82b3a45f6ec36771

SHA1
4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe

SHA256
da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77

SHA512
3f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VIJ17.tmp\botva2.dll

Filesize
41KB

MD5
ef899fa243c07b7b82b3a45f6ec36771

SHA1
4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe

SHA256
da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77

SHA512
3f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VIJ17.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-VIJ17.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Windows\Fonts\LomaB.ttf

Filesize
81KB

MD5
f3b53823af2f4a8be30951f31e3fdd36

SHA1
7e24f95dea6340eaf372070f3e5787e124b29820

SHA256
d8d7e7b545666f8552e3bbf36b792f532f9bd009c2d6ca8f649ca8b16a42fd66

SHA512
f1084b20ab33ee6db36042a5457571094ebac20538568f66e199f36d35cf27dea27852562778cf13090d73e55d44a3422ef8a1d6ed1e266c5d27e8077b1c3a88

Download Submit
C:\Windows\Fonts\LomaN.ttf

Filesize
83KB

MD5
36ea51b0328fbff71abefe1ae097ad4c

SHA1
5f9debe806520db19ac95097e14f414b71648f99

SHA256
a3083528415b2023c3104b8778d56de293a44d868f595c757b108c4f33144b26

SHA512
71734265dddf27849cee786b037f635ebb67123367b46ad3bbff81a636ae2c665f4c328448de5c6e4cf12b4ed42141e1407fa99fd299aec615c11b7bc0358ac4

Download Submit
C:\Windows\Fonts\SourceHanSansCNBold.ttf

Filesize
10.3MB

MD5
776f617315df79419f8207313cb7e734

SHA1
e1ce31a3898b8569656be5e4ed9c9808b9bf5491

SHA256
6f3e7f02a3195f1407345ab7c9ec735251d501b76279953dac32d62d9ef45cc5

SHA512
a8bd4029e2fee4dbb87874bbc793a943d45b88a251692a7d6e4c6e5b4e805ead1aa8bc1347bafef3a8c349bd4b011a56bc5a3816bb0a72b2cd5797f9166e9a01

Download Submit
C:\Windows\Fonts\SourceHanSansCNRegular.ttf

Filesize
10.3MB

MD5
6d4053d81311bf391df6578f8f456d2b

SHA1
06be20c0aabfd7898b445cb3f2480830d612946d

SHA256
1e1e3d86938b40ca4d7cdf10ec06d9a5ae59457cea98456f66f2a05d20202e34

SHA512
6d052753632bdf0fa57f383a36640cbef8c282d02520524c25d9a74f02c7adc440ceeaa81181316d966dd68f8fdc297d3a2950829bea3fb118f09723a32767b3

Download Submit
memory/456-143-0x0000000005180000-0x0000000005195000-memory.dmp

Filesize
84KB

Download
memory/456-140-0x0000000003600000-0x000000000360F000-memory.dmp

Filesize
60KB

Download
memory/2100-132-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2100-134-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2100-155-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2100-170-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download