74c99f123bf8dda3e7e1945b927dd1edbfe59a142a36b7dc30f88fb3326f3141

Analysis

max time kernel
530s
max time network
551s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TofMiniLoader_official.wg.intl.exe
Size

29.1MB
MD5

addb88fe13f1ec6217588fe9614b7f84
SHA1

c1614865afa2e07c1edf0094a1f36e80d19b01e6
SHA256

74c99f123bf8dda3e7e1945b927dd1edbfe59a142a36b7dc30f88fb3326f3141
SHA512

715f65d800f81f5d46918aeeac4b7189e686dfa811351dcc5cb45ef6c0516d0d26f53342e5726b1168b51f71916d43ef21a26d7cfd68dfa97c90a3a9c2625f97
SSDEEP

786432:fkflX9VD8eQHYaVliYF9uF7b6mPqHMcjUtLPVjZTbO07MJ:q1PoYaVli89YqscjkBhOhJ

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

tofminiloader.exetbs_browser.exetbs_browser.exetbs_browser.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	tofminiloader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	tbs_browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	tbs_browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	tbs_browser.exe

Executes dropped EXE 11 IoCs

Processes:

tofminiloader.exeVersionService.exetof_launcher.exeintl_service.exetbs_browser.exetbs_browser.exetbs_browser.exetbs_browser.exetbs_browser.exetbs_browser.exetbs_browser.exe

pid	process
5052	tofminiloader.exe
4816	VersionService.exe
1680	tof_launcher.exe
3932	intl_service.exe
3268	tbs_browser.exe
688	tbs_browser.exe
3244	tbs_browser.exe
2908	tbs_browser.exe
4452	tbs_browser.exe
1192	tbs_browser.exe
2176	tbs_browser.exe

Loads dropped DLL 45 IoCs

Processes:

TofMiniLoader_official.wg.intl.exetofminiloader.exetof_launcher.exeintl_service.exetbs_browser.exetbs_browser.exetbs_browser.exetbs_browser.exetbs_browser.exetbs_browser.exetbs_browser.exe

pid	process
4416	TofMiniLoader_official.wg.intl.exe
5052	tofminiloader.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
3932	intl_service.exe
1680	tof_launcher.exe
3932	intl_service.exe
3932	intl_service.exe
3932	intl_service.exe
3932	intl_service.exe
3932	intl_service.exe
3268	tbs_browser.exe
3268	tbs_browser.exe
688	tbs_browser.exe
3244	tbs_browser.exe
688	tbs_browser.exe
3244	tbs_browser.exe
2908	tbs_browser.exe
2908	tbs_browser.exe
688	tbs_browser.exe
688	tbs_browser.exe
688	tbs_browser.exe
688	tbs_browser.exe
688	tbs_browser.exe
4452	tbs_browser.exe
4452	tbs_browser.exe
1192	tbs_browser.exe
1192	tbs_browser.exe
2176	tbs_browser.exe
2176	tbs_browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 18 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

tofminiloader.exe

description	ioc	process
File opened (read-only)	\??\P:	tofminiloader.exe
File opened (read-only)	\??\R:	tofminiloader.exe
File opened (read-only)	\??\S:	tofminiloader.exe
File opened (read-only)	\??\T:	tofminiloader.exe
File opened (read-only)	\??\F:	tofminiloader.exe
File opened (read-only)	\??\G:	tofminiloader.exe
File opened (read-only)	\??\H:	tofminiloader.exe
File opened (read-only)	\??\O:	tofminiloader.exe
File opened (read-only)	\??\V:	tofminiloader.exe
File opened (read-only)	\??\E:	tofminiloader.exe
File opened (read-only)	\??\M:	tofminiloader.exe
File opened (read-only)	\??\N:	tofminiloader.exe
File opened (read-only)	\??\U:	tofminiloader.exe
File opened (read-only)	\??\Q:	tofminiloader.exe
File opened (read-only)	\??\I:	tofminiloader.exe
File opened (read-only)	\??\J:	tofminiloader.exe
File opened (read-only)	\??\K:	tofminiloader.exe
File opened (read-only)	\??\L:	tofminiloader.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

tof_launcher.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	tof_launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	tof_launcher.exe

Modifies registry class 29 IoCs

Processes:

regedit.exeregedit.exeOpenWith.exeregedit.exetbs_browser.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\ = "tof_launcherProtocol"	regedit.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\Shell\Open\Command\ = "\"C:\\Tower Of Fantasy\\Launcher\\tof_launcher.exe\" \"%1\""	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\DefaultIcon	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\Shell	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\DefaultIcon	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\URL Protocol	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\Shell\Open	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\Shell\Open\Command	regedit.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\ = "tof_launcherProtocol"	regedit.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\URL Protocol	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher	regedit.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\URL Protocol	regedit.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\DefaultIcon\ = "C:\\Tower Of Fantasy\\Launcher\\tof_launcher.exe"	regedit.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\Shell\Open\Command\ = "\"C:\\Tower Of Fantasy\\Launcher\\tof_launcher.exe\" \"%1\""	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\Shell\Open	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\Shell\Open\Command	regedit.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\Shell\Open\Command\ = "\"C:\\Tower Of Fantasy\\Launcher\\tof_launcher.exe\" \"%1\""	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\Shell\Open	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\DefaultIcon	regedit.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\DefaultIcon\ = "C:\\Tower Of Fantasy\\Launcher\\tof_launcher.exe"	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\Shell	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher	regedit.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-144354903-2550862337-1367551827-1000\{AA36C00C-6194-4B96-96D1-6D597B55DA7B}	tbs_browser.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher	regedit.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\DefaultIcon\ = "C:\\Tower Of Fantasy\\Launcher\\tof_launcher.exe"	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\Shell	regedit.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\ = "tof_launcherProtocol"	regedit.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\toflauncher\Shell\Open\Command	regedit.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

tbs_browser.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	tbs_browser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	tbs_browser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	tbs_browser.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

notepad.exe

pid process

4716 notepad.exe
Runs .reg file with regedit 3 IoCs

Processes:

regedit.exeregedit.exeregedit.exe

pid process

4520 regedit.exe
3944 regedit.exe
1800 regedit.exe

pid	process
4716	notepad.exe

pid	process
4520	regedit.exe
3944	regedit.exe
1800	regedit.exe

Suspicious behavior: EnumeratesProcesses 46 IoCs

Processes:

tofminiloader.exeVersionService.exetof_launcher.exetbs_browser.exetbs_browser.exetbs_browser.exeintl_service.exetbs_browser.exetbs_browser.exetbs_browser.exe

pid	process
5052	tofminiloader.exe
5052	tofminiloader.exe
4816	VersionService.exe
4816	VersionService.exe
4816	VersionService.exe
4816	VersionService.exe
4816	VersionService.exe
4816	VersionService.exe
4816	VersionService.exe
4816	VersionService.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
3244	tbs_browser.exe
3244	tbs_browser.exe
688	tbs_browser.exe
688	tbs_browser.exe
2908	tbs_browser.exe
2908	tbs_browser.exe
3932	intl_service.exe
3932	intl_service.exe
4452	tbs_browser.exe
4452	tbs_browser.exe
1192	tbs_browser.exe
1192	tbs_browser.exe
2176	tbs_browser.exe
2176	tbs_browser.exe
1680	tof_launcher.exe
1680	tof_launcher.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

tofminiloader.exe

description pid process

Token: SeCreateGlobalPrivilege 5052 tofminiloader.exe

description	pid	process
Token: SeCreateGlobalPrivilege	5052	tofminiloader.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

tofminiloader.exetof_launcher.exe

pid	process
5052	tofminiloader.exe
5052	tofminiloader.exe
5052	tofminiloader.exe
5052	tofminiloader.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe

Suspicious use of SendNotifyMessage 8 IoCs

Processes:

tofminiloader.exetof_launcher.exe

pid	process
5052	tofminiloader.exe
5052	tofminiloader.exe
5052	tofminiloader.exe
5052	tofminiloader.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe
1680	tof_launcher.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

tofminiloader.exeVersionService.exetof_launcher.exeintl_service.exetbs_browser.exetbs_browser.exetbs_browser.exetbs_browser.exetbs_browser.exetbs_browser.exetbs_browser.exeOpenWith.exe

pid	process
5052	tofminiloader.exe
4816	VersionService.exe
1680	tof_launcher.exe
3932	intl_service.exe
3268	tbs_browser.exe
688	tbs_browser.exe
3244	tbs_browser.exe
2908	tbs_browser.exe
4452	tbs_browser.exe
1192	tbs_browser.exe
2176	tbs_browser.exe
2472	OpenWith.exe

Suspicious use of WriteProcessMemory 28 IoCs

Processes:

TofMiniLoader_official.wg.intl.exetofminiloader.exetof_launcher.exetbs_browser.exe

description	pid	process	target process
PID 4416 wrote to memory of 5052	4416	TofMiniLoader_official.wg.intl.exe	tofminiloader.exe
PID 4416 wrote to memory of 5052	4416	TofMiniLoader_official.wg.intl.exe	tofminiloader.exe
PID 4416 wrote to memory of 5052	4416	TofMiniLoader_official.wg.intl.exe	tofminiloader.exe
PID 5052 wrote to memory of 4816	5052	tofminiloader.exe	VersionService.exe
PID 5052 wrote to memory of 4816	5052	tofminiloader.exe	VersionService.exe
PID 5052 wrote to memory of 4816	5052	tofminiloader.exe	VersionService.exe
PID 5052 wrote to memory of 3944	5052	tofminiloader.exe	regedit.exe
PID 5052 wrote to memory of 3944	5052	tofminiloader.exe	regedit.exe
PID 5052 wrote to memory of 3944	5052	tofminiloader.exe	regedit.exe
PID 5052 wrote to memory of 1680	5052	tofminiloader.exe	tof_launcher.exe
PID 5052 wrote to memory of 1680	5052	tofminiloader.exe	tof_launcher.exe
PID 5052 wrote to memory of 1680	5052	tofminiloader.exe	tof_launcher.exe
PID 1680 wrote to memory of 3932	1680	tof_launcher.exe	intl_service.exe
PID 1680 wrote to memory of 3932	1680	tof_launcher.exe	intl_service.exe
PID 1680 wrote to memory of 3268	1680	tof_launcher.exe	tbs_browser.exe
PID 1680 wrote to memory of 3268	1680	tof_launcher.exe	tbs_browser.exe
PID 3268 wrote to memory of 688	3268	tbs_browser.exe	tbs_browser.exe
PID 3268 wrote to memory of 688	3268	tbs_browser.exe	tbs_browser.exe
PID 3268 wrote to memory of 3244	3268	tbs_browser.exe	tbs_browser.exe
PID 3268 wrote to memory of 3244	3268	tbs_browser.exe	tbs_browser.exe
PID 3268 wrote to memory of 2908	3268	tbs_browser.exe	tbs_browser.exe
PID 3268 wrote to memory of 2908	3268	tbs_browser.exe	tbs_browser.exe
PID 3268 wrote to memory of 1192	3268	tbs_browser.exe	tbs_browser.exe
PID 3268 wrote to memory of 1192	3268	tbs_browser.exe	tbs_browser.exe
PID 3268 wrote to memory of 4452	3268	tbs_browser.exe	tbs_browser.exe
PID 3268 wrote to memory of 4452	3268	tbs_browser.exe	tbs_browser.exe
PID 3268 wrote to memory of 2176	3268	tbs_browser.exe	tbs_browser.exe
PID 3268 wrote to memory of 2176	3268	tbs_browser.exe	tbs_browser.exe

C:\Users\Admin\AppData\Local\Temp\TofMiniLoader_official.wg.intl.exe
"C:\Users\Admin\AppData\Local\Temp\TofMiniLoader_official.wg.intl.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4416

C:\Users\Admin\AppData\Local\tofminiloader\tofminiloader.exe
"C:\Users\Admin\AppData\Local\tofminiloader\tofminiloader.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5052

C:\Users\Admin\AppData\Local\tofminiloader\tiny_dl\VersionService.exe
"C:\Users\Admin\AppData\Local\tofminiloader\tiny_dl\VersionService.exe" session=1
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4816

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe" /s "C:\Users\Admin\AppData\Roaming\tof_launcher.reg"
3⤵
- Modifies registry class
- Runs .reg file with regedit
PID:3944

C:\Tower Of Fantasy\Launcher\tof_launcher.exe
"C:\Tower Of Fantasy\Launcher\tof_launcher.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1680

C:\Tower Of Fantasy\Launcher\intl_service\intl_service.exe
--LauncherPID=1680 --ParentName=tof_launcher
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3932

C:\Tower Of Fantasy\Launcher\intl_service\tbs_browser.exe
--ProductName=tof_launcher --ParentPid=1680, --ParentHwnd=655622 --IPCHwnd=458840 --Rect=0,0,510,800 --Url=
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3268

C:\Tower Of Fantasy\Launcher\intl_service\tbs_browser.exe
"C:\Tower Of Fantasy\Launcher\intl_service\tbs_browser.exe" --type=gpu-process --field-trial-handle=1660,14058156931668182869,7679804483202634777,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --disable-databases --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Tower Of Fantasy\Launcher\intl_service\debug.log" --mojo-platform-channel-handle=1676 /prefetch:2
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:688

C:\Tower Of Fantasy\Launcher\intl_service\tbs_browser.exe
"C:\Tower Of Fantasy\Launcher\intl_service\tbs_browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1660,14058156931668182869,7679804483202634777,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --disable-databases --log-file="C:\Tower Of Fantasy\Launcher\intl_service\debug.log" --mojo-platform-channel-handle=1972 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Tower Of Fantasy\Launcher\intl_service\tbs_browser.exe
"C:\Tower Of Fantasy\Launcher\intl_service\tbs_browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1660,14058156931668182869,7679804483202634777,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=utility --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --disable-databases --log-file="C:\Tower Of Fantasy\Launcher\intl_service\debug.log" --mojo-platform-channel-handle=1872 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3244

C:\Tower Of Fantasy\Launcher\intl_service\tbs_browser.exe
"C:\Tower Of Fantasy\Launcher\intl_service\tbs_browser.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --disable-databases --no-sandbox --log-file="C:\Tower Of Fantasy\Launcher\intl_service\debug.log" --field-trial-handle=1660,14058156931668182869,7679804483202634777,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
5⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4452

C:\Tower Of Fantasy\Launcher\intl_service\tbs_browser.exe
"C:\Tower Of Fantasy\Launcher\intl_service\tbs_browser.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --disable-databases --no-sandbox --log-file="C:\Tower Of Fantasy\Launcher\intl_service\debug.log" --field-trial-handle=1660,14058156931668182869,7679804483202634777,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1
5⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1192

C:\Tower Of Fantasy\Launcher\intl_service\tbs_browser.exe
"C:\Tower Of Fantasy\Launcher\intl_service\tbs_browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1660,14058156931668182869,7679804483202634777,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=audio --no-sandbox --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --disable-databases --log-file="C:\Tower Of Fantasy\Launcher\intl_service\debug.log" --mojo-platform-channel-handle=3108 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2896

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\AppData\Roaming\tof_launcher.reg"
1⤵
- Modifies registry class
- Runs .reg file with regedit
PID:1800

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\AppData\Roaming\tof_launcher.reg"
1⤵
- Modifies registry class
- Runs .reg file with regedit
PID:4520

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe" "C:\Users\Admin\AppData\Roaming\tof_launcher.reg"
1⤵
- Opens file in notepad (likely ransom note)
PID:4716

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Tower Of Fantasy\Launcher\.tiny_cache\Game_7000005.local
Filesize
234KB

MD5
624191e1ff6f1ef2a5f82408e2a0c6d5

SHA1
db7299649763626f73b5f2a96b79442d254bd5c5

SHA256
c81f93e18a1c03d5dc15cd9b1823613b98ee38514a3f2e3c140c197a474dbe88

SHA512
14b0d5d6f01fed0fe937c86ea2e9c9904569124067912bc91be1bcbe021953e8286ff33c232263486671d23f405016c4a90316f03842ff8903b42436d7ac7324

Download Submit
C:\Tower Of Fantasy\Launcher\GCloud.dll
Filesize
13.5MB

MD5
b4e95b02507adc67c939eb46e78b3f9c

SHA1
134827112e0a9e29d16ddba6d48169e743bbca1c

SHA256
abb0d8fef2393f6994a4cb178b54de81c714c258a98c566da76ab5d2827064f4

SHA512
4f6fa48dfe68a523eccccbfeee925681309b25ffeba2dc56e85d448a98c3ee96d6f3502ef31091719aed2b9269d167632b959a78a8052ef07b255af4a594e590

Download Submit
C:\Tower Of Fantasy\Launcher\GCloud.dll
Filesize
13.5MB

MD5
b4e95b02507adc67c939eb46e78b3f9c

SHA1
134827112e0a9e29d16ddba6d48169e743bbca1c

SHA256
abb0d8fef2393f6994a4cb178b54de81c714c258a98c566da76ab5d2827064f4

SHA512
4f6fa48dfe68a523eccccbfeee925681309b25ffeba2dc56e85d448a98c3ee96d6f3502ef31091719aed2b9269d167632b959a78a8052ef07b255af4a594e590

Download Submit
C:\Tower Of Fantasy\Launcher\GCloudCore.dll
Filesize
2.0MB

MD5
f7410c6e749b6f896e2a06bcf9b6ef85

SHA1
22712f3893526b8f224b85cbe4256ea8e0b1bf54

SHA256
cb2b2e81f33de4d79eca0f8ab60373a2cb3a7e0b046c56ecd23570c15bd1234c

SHA512
3fab84cf4f86a0eb354b55055f95e9cc9d41002091b65a51c20746fed05b84a3806d5da9c521311d76eb22d87e4ac2014195d0975fa7f0b8f9c04f99f6da1b1e

Download Submit
C:\Tower Of Fantasy\Launcher\GCloudCore.dll
Filesize
2.0MB

MD5
f7410c6e749b6f896e2a06bcf9b6ef85

SHA1
22712f3893526b8f224b85cbe4256ea8e0b1bf54

SHA256
cb2b2e81f33de4d79eca0f8ab60373a2cb3a7e0b046c56ecd23570c15bd1234c

SHA512
3fab84cf4f86a0eb354b55055f95e9cc9d41002091b65a51c20746fed05b84a3806d5da9c521311d76eb22d87e4ac2014195d0975fa7f0b8f9c04f99f6da1b1e

Download Submit
C:\Tower Of Fantasy\Launcher\GameBabyConfig.dat
Filesize
300B

MD5
3cda55565b215480d41b53188153374f

SHA1
001914ba93cc355d4d70f6e8d7f8d260b9e79a78

SHA256
bdb3963159c263e4b28f8fb17d108f6e45d98aeb4ce51fd9a7d393708fd19df0

SHA512
d7d4d08fed4c4cd99fd0daf543b00cde57db563868a3399b5405b37aa61acde8ad6ca6eff3745ca60464c2e79a49d4f420bab49c51db7d5d1d81becaa1b9d3fe

Download Submit
C:\Tower Of Fantasy\Launcher\GameBabyConfig.dat
Filesize
300B

MD5
3cda55565b215480d41b53188153374f

SHA1
001914ba93cc355d4d70f6e8d7f8d260b9e79a78

SHA256
bdb3963159c263e4b28f8fb17d108f6e45d98aeb4ce51fd9a7d393708fd19df0

SHA512
d7d4d08fed4c4cd99fd0daf543b00cde57db563868a3399b5405b37aa61acde8ad6ca6eff3745ca60464c2e79a49d4f420bab49c51db7d5d1d81becaa1b9d3fe

Download Submit
C:\Tower Of Fantasy\Launcher\GbSpy.dll
Filesize
2.6MB

MD5
60bc0ddb3689e6d3498b716f1c1c236b

SHA1
6b8cb689397dcdf3118fc8b620394cb2f5ac681c

SHA256
a81b1a9003c58126b332ac44d7c96b912ef7284c0bdcb5de11bf7a4d5305e4bc

SHA512
4fb907b3561a9171b05e92b5ca55c05ebc2df13f5b19108d1009a9d921d00f14a74f09ab90017d06084035f434e12c8e749e9f4dcd68ead623c2d1c3ad5c7492

Download Submit
C:\Tower Of Fantasy\Launcher\GbSpy.dll
Filesize
2.6MB

MD5
60bc0ddb3689e6d3498b716f1c1c236b

SHA1
6b8cb689397dcdf3118fc8b620394cb2f5ac681c

SHA256
a81b1a9003c58126b332ac44d7c96b912ef7284c0bdcb5de11bf7a4d5305e4bc

SHA512
4fb907b3561a9171b05e92b5ca55c05ebc2df13f5b19108d1009a9d921d00f14a74f09ab90017d06084035f434e12c8e749e9f4dcd68ead623c2d1c3ad5c7492

Download Submit
C:\Tower Of Fantasy\Launcher\Icon_Image_TPF
Filesize
145KB

MD5
6b21a2de335430ef39816a880183fd62

SHA1
0777acf6efbcdf828755f35bc4af1f06f1f74b97

SHA256
3ccecf52e5115e2510a17c9ad88dc95505190ba170ccb55e8bffa971ccacc99e

SHA512
6367037c2662a7f1bf7f28bc82752ef2fb6af7fa20e9e771104eaed2fd5d8178319cf8ea8a84f64f81ac84acda7316693a17b048531950cee64de79228f32f75

Download Submit
C:\Tower Of Fantasy\Launcher\Lua51.dll
Filesize
557KB

MD5
f5cf2cede753b68d8b9943bf3bf6be51

SHA1
299c0ce51fd7519126cdad7e8f3b8984018ce1b1

SHA256
56817d8a4b27f79e13f7ee8c25500ea413b7e37ac8eecb0a2b8240b858d3377a

SHA512
ffb5bc4f36cca2ef907716f0d8ae4a648fd45fd8f326e6e2ac0653c846726cc2897e6564264673fa8218f08827a520e140d641ee17d5fa82287772c5d0d93cc0

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio.ini
Filesize
582B

MD5
8cae3deaacac0a2511058e6d025c4f99

SHA1
439ea38796cb189554c9fd49d713700deebb48fe

SHA256
ac8cd54e900143bff45439691e4b16616a4a34a31c59d9fd4889e912c0a7bbdb

SHA512
ff15bae63ddaa79d04b005029ba75e603b4aab1d10d7c5219e6b9d2db8fefe73c17bafabbe39edac3e3e9c1c377e2327fe9269f9a7737c93219d93272dd2e18c

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\June.dll
Filesize
1.1MB

MD5
2d8284b80a334c09096fb383218a5ac0

SHA1
0be01cefacee473a727fef9d0c3fb132fd443087

SHA256
26e388f49a253b6be16c6cd8f90ceac1ab97a3c8c35a3c08466e136c4b5ba69a

SHA512
e34e3fffe4d889a1fe3fd941c363b97af55f9e0a7d00e2e9195827230c249e28fda78f9b5f69a143e5175aed454937b8e03ffc10129596ce91f566dda712abd2

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\June.dll
Filesize
1.1MB

MD5
2d8284b80a334c09096fb383218a5ac0

SHA1
0be01cefacee473a727fef9d0c3fb132fd443087

SHA256
26e388f49a253b6be16c6cd8f90ceac1ab97a3c8c35a3c08466e136c4b5ba69a

SHA512
e34e3fffe4d889a1fe3fd941c363b97af55f9e0a7d00e2e9195827230c249e28fda78f9b5f69a143e5175aed454937b8e03ffc10129596ce91f566dda712abd2

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\ScriptManager.dll
Filesize
351KB

MD5
0ab66f4b7fded0585150a6f1d8c0f842

SHA1
d10997657fb5399186812c71161a7a2c33cbb59d

SHA256
beccfb652c258e3f523da307031a9adfd4529ab670c5b08bcd9a8845c268be34

SHA512
389306ad50f1b6baf6feaf4a226e96c193a574c243b2db511481fb9753e590440078f5336b4c8b9679645b20fd363d6da80263027ab7e85421fa86f48d7f2b17

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\ScriptManager.dll
Filesize
351KB

MD5
0ab66f4b7fded0585150a6f1d8c0f842

SHA1
d10997657fb5399186812c71161a7a2c33cbb59d

SHA256
beccfb652c258e3f523da307031a9adfd4529ab670c5b08bcd9a8845c268be34

SHA512
389306ad50f1b6baf6feaf4a226e96c193a574c243b2db511481fb9753e590440078f5336b4c8b9679645b20fd363d6da80263027ab7e85421fa86f48d7f2b17

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\TPFCustom.dll
Filesize
3.2MB

MD5
e05b35498a95d8836706ecc50bbc2ee5

SHA1
1c5707a8d1909fadb6153bf06d5a77a26263c2d7

SHA256
95baa9ef2efa81d1031330259f1e20671ddd7f5046fdee8b576bb6ee996f8614

SHA512
0741738b452dbaf4be044906af4320e6328339e67da3b0b684328cd4c9f045ddf0c4e3d9ec63f13094e7a5293c38194c1e1e1c9b49c8e12b0962c7970d6d3d37

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\TPFCustom.dll
Filesize
3.2MB

MD5
e05b35498a95d8836706ecc50bbc2ee5

SHA1
1c5707a8d1909fadb6153bf06d5a77a26263c2d7

SHA256
95baa9ef2efa81d1031330259f1e20671ddd7f5046fdee8b576bb6ee996f8614

SHA512
0741738b452dbaf4be044906af4320e6328339e67da3b0b684328cd4c9f045ddf0c4e3d9ec63f13094e7a5293c38194c1e1e1c9b49c8e12b0962c7970d6d3d37

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\TenFact.dll
Filesize
395KB

MD5
4c37091f7910fdebb48d29e152084d24

SHA1
3a1ba3ece993aec1568c6c2f3a5a5ab070337c77

SHA256
050b57f8179fd2878261dbe3c4d18e3f9f7e36798879b136c663b804720660b4

SHA512
2757a41161718bfe68612ca1424772937a204e5c4d84fbdced57eb1dc018a2e257e4e45aba3e632566522431b186b75a9d78bf8ae144b348cdf36cc9bb4ded63

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\TenFact.dll
Filesize
395KB

MD5
4c37091f7910fdebb48d29e152084d24

SHA1
3a1ba3ece993aec1568c6c2f3a5a5ab070337c77

SHA256
050b57f8179fd2878261dbe3c4d18e3f9f7e36798879b136c663b804720660b4

SHA512
2757a41161718bfe68612ca1424772937a204e5c4d84fbdced57eb1dc018a2e257e4e45aba3e632566522431b186b75a9d78bf8ae144b348cdf36cc9bb4ded63

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\TenioTPF.dll
Filesize
4.4MB

MD5
e7e01df81112898bcd15ba0236d776cd

SHA1
33565049a730f4b8616b4d7003efb2c934982f8e

SHA256
96f462ab9b89dba888aebe7838c6bcc199fa783996c50da60548b2b9fbd77904

SHA512
f58a574c85440c8f5a326a59a5378853508f343cfa48b18e914594b914651287f6ca96e162d0a0509a53396e957fe2bd5fb5ff49ab7eabb23bb61dbff101ca67

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\TenioTPF.dll
Filesize
4.4MB

MD5
e7e01df81112898bcd15ba0236d776cd

SHA1
33565049a730f4b8616b4d7003efb2c934982f8e

SHA256
96f462ab9b89dba888aebe7838c6bcc199fa783996c50da60548b2b9fbd77904

SHA512
f58a574c85440c8f5a326a59a5378853508f343cfa48b18e914594b914651287f6ca96e162d0a0509a53396e957fe2bd5fb5ff49ab7eabb23bb61dbff101ca67

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\TinyXml.dll
Filesize
146KB

MD5
20d3b1da53c4613be1b3efc831ff9c6e

SHA1
87a6c86342ffc1d9608d46aa44764ae81f94c8f1

SHA256
74bf2abd774669fe2bd11ebc05bb30e8b5374cf64f9f011c289260bc3376b65f

SHA512
ecc42d3ec67b878c1c17cca6f397fe239ec956925c910eb3df2e268e21462a38678e00e6a31335c6a59eee2264879d7b90a57e4a4a562d2a720acd3380b9938f

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\TinyXml.dll
Filesize
146KB

MD5
20d3b1da53c4613be1b3efc831ff9c6e

SHA1
87a6c86342ffc1d9608d46aa44764ae81f94c8f1

SHA256
74bf2abd774669fe2bd11ebc05bb30e8b5374cf64f9f011c289260bc3376b65f

SHA512
ecc42d3ec67b878c1c17cca6f397fe239ec956925c910eb3df2e268e21462a38678e00e6a31335c6a59eee2264879d7b90a57e4a4a562d2a720acd3380b9938f

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\xRender.dll
Filesize
224KB

MD5
628c714e6739b7ca9bfa5bcffa73e2da

SHA1
db7eb7d6ca66538c8e5fbbebc1d33844f4ce2eb5

SHA256
79db531b4f1054ebe419456d3696108c0d00c14e357a600ce44450ba94f5d5b3

SHA512
2e84a38fbfc862915d5a776f3ca37dc8668ed51935b6b58da1c4f56473d9b5f3d53762f008ae0d41d7fb4005a8a37b8df815b28523eeda66c95e682ebb772ac7

Download Submit
C:\Tower Of Fantasy\Launcher\Tenio\xRender.dll
Filesize
224KB

MD5
628c714e6739b7ca9bfa5bcffa73e2da

SHA1
db7eb7d6ca66538c8e5fbbebc1d33844f4ce2eb5

SHA256
79db531b4f1054ebe419456d3696108c0d00c14e357a600ce44450ba94f5d5b3

SHA512
2e84a38fbfc862915d5a776f3ca37dc8668ed51935b6b58da1c4f56473d9b5f3d53762f008ae0d41d7fb4005a8a37b8df815b28523eeda66c95e682ebb772ac7

Download Submit
C:\Tower Of Fantasy\Launcher\VersionServiceProxy.dll
Filesize
1.8MB

MD5
e39a5e8d2b1f6619663bcb1760e89f72

SHA1
361050910a3b94366fbdc05eaf019a0ef5b56ddf

SHA256
c510c6572c183681be02a9b1f54245ffbbb6e68b001599a20969012804aa0bbd

SHA512
9167d1e576475ecd76ae8dd33dc14141ce1994256300c47d58f01a0799609d969b478cd70b2c2332c2468aab1fabb63374e2aae53bdc0794991a1529ec63c659

Download Submit
C:\Tower Of Fantasy\Launcher\VersionServiceProxy.dll
Filesize
1.8MB

MD5
e39a5e8d2b1f6619663bcb1760e89f72

SHA1
361050910a3b94366fbdc05eaf019a0ef5b56ddf

SHA256
c510c6572c183681be02a9b1f54245ffbbb6e68b001599a20969012804aa0bbd

SHA512
9167d1e576475ecd76ae8dd33dc14141ce1994256300c47d58f01a0799609d969b478cd70b2c2332c2468aab1fabb63374e2aae53bdc0794991a1529ec63c659

Download Submit
C:\Tower Of Fantasy\Launcher\base.dll
Filesize
915KB

MD5
296ce166e41ab1b765465aeb6cf90e4b

SHA1
f7d71fc473556eada9a6ebab38c4e8ebc80da0a2

SHA256
d089b942f20dfc9fc7172c541e3c2449899c8edfcc8c81d043dd41036fb3c6dc

SHA512
6399f056b12cb597c4b5278af5bdb93ba8bd30d44510e15a95a3275a82a0dcd4fd0d14462e1dcb4446808a0128522a16990827d38bc710b2b45aafd2ea88f027

Download Submit
C:\Tower Of Fantasy\Launcher\base.dll
Filesize
915KB

MD5
296ce166e41ab1b765465aeb6cf90e4b

SHA1
f7d71fc473556eada9a6ebab38c4e8ebc80da0a2

SHA256
d089b942f20dfc9fc7172c541e3c2449899c8edfcc8c81d043dd41036fb3c6dc

SHA512
6399f056b12cb597c4b5278af5bdb93ba8bd30d44510e15a95a3275a82a0dcd4fd0d14462e1dcb4446808a0128522a16990827d38bc710b2b45aafd2ea88f027

Download Submit
C:\Tower Of Fantasy\Launcher\beacon_sdk.dll
Filesize
2.0MB

MD5
f34b3edcddf7389825c295bee3b06bb8

SHA1
7249204aa7a1941f0f37d7d697b7ca674ce6eb1f

SHA256
9af66e636316529f261e78ce0387372056474771edee96e31a853d95c82e099b

SHA512
81acc8c9ba85dd1d5ee5fab02e22faa71f059ccf5f63ec8a49493682461785ee6f1ebd235d80aa37ce620787ae4b36d849c5183a8f2332c4ec6ad9e82f661c33

Download Submit
C:\Tower Of Fantasy\Launcher\beacon_sdk.dll
Filesize
2.0MB

MD5
f34b3edcddf7389825c295bee3b06bb8

SHA1
7249204aa7a1941f0f37d7d697b7ca674ce6eb1f

SHA256
9af66e636316529f261e78ce0387372056474771edee96e31a853d95c82e099b

SHA512
81acc8c9ba85dd1d5ee5fab02e22faa71f059ccf5f63ec8a49493682461785ee6f1ebd235d80aa37ce620787ae4b36d849c5183a8f2332c4ec6ad9e82f661c33

Download Submit
C:\Tower Of Fantasy\Launcher\cfg.ini
Filesize
1KB

MD5
7a64f02d0e3dc7650cb9613d6e361a47

SHA1
ad4637536f84957c4e76df173b96a2ba7bcd167e

SHA256
0ac81ee1421f93cc747cfd1204ea453986b1453dbdc2d28282c69edf7adfff1b

SHA512
8cb94c523adc1f760d57c09885da92e42288457fb2fdb10c9053b71c580370075eb612c23fc3c5681157bb7d7fe1ef9c3231a2e60376081dccd40576c7b479f4

Download Submit
C:\Tower Of Fantasy\Launcher\cjson.dll
Filesize
165KB

MD5
9060a5e5e39b0d1fc613ff560cbb3973

SHA1
87eadcee43d6aa03ec63872ef5014bdd5fd9108a

SHA256
7cca264100797b919efe2410ca3c752b7b9f6e1a116f9742510e5cb74add9536

SHA512
bb0def784570903c3e2a977ff9a3463c19f266345e411d3870eba12c7d43f3034d397e74720b5662fe741da84600cd6f656282fed0bf15c79389d2855632c61a

Download Submit
C:\Tower Of Fantasy\Launcher\cjson.dll
Filesize
165KB

MD5
9060a5e5e39b0d1fc613ff560cbb3973

SHA1
87eadcee43d6aa03ec63872ef5014bdd5fd9108a

SHA256
7cca264100797b919efe2410ca3c752b7b9f6e1a116f9742510e5cb74add9536

SHA512
bb0def784570903c3e2a977ff9a3463c19f266345e411d3870eba12c7d43f3034d397e74720b5662fe741da84600cd6f656282fed0bf15c79389d2855632c61a

Download Submit
C:\Tower Of Fantasy\Launcher\config\name2id.xml
Filesize
2KB

MD5
e98d3f8fb6121cb98bb6437d036ccc04

SHA1
0c632aaa01ed56da811f85543d887d96b153d005

SHA256
0d661ceeb82ad67e4e69c2457d41bf3e055ef73f0e52113940189d26920b0d5a

SHA512
961294c075b92a07cd9be499cd54471153b139efea94c1548d1e2e9b3ece39f51f69bfdb9a033de35321ba4dd9a75fd721d736dd6f0d28d1f6543e0913dd189f

Download Submit
C:\Tower Of Fantasy\Launcher\config\uiconfig.xml
Filesize
2KB

MD5
c9e3a7ca2a2181f932917440309b3e97

SHA1
2956fff308d1c9842cf9da66c413f6daa1ddc7bb

SHA256
24e33d5d6e9cef7d8f2f2680ceb879296b6dfaf96862548ce4064ba7c9673b1f

SHA512
f8f7c359ed5b6e97502a2f04938c4dcfe491b553816a3006747a855da0856ae9c417451824cc8a191ccde7fa9a58a65196d3863e83c679b63c96aaaaa1f21060

Download Submit
C:\Tower Of Fantasy\Launcher\intl_service\base.dll
Filesize
1.2MB

MD5
f0ce3cdedee0d5dad0a97d19b4bf94f2

SHA1
3a2402b187f67fb5b4bead5b8c8c027dc66a8b3d

SHA256
ecf6b84995f9eef3a4d6b4208c37c2e344e53b2708da6614ca93f39c8577069b

SHA512
f05db310ffc1c47a3879bdd4823da97f88f3738c6a870339a0873a2e809e5f572d04570860acae00cd6241b99b4b0971e27f155a06b97ad5b93f6b44abcbbe84

Download Submit
C:\Tower Of Fantasy\Launcher\intl_service\base.dll
Filesize
1.2MB

MD5
f0ce3cdedee0d5dad0a97d19b4bf94f2

SHA1
3a2402b187f67fb5b4bead5b8c8c027dc66a8b3d

SHA256
ecf6b84995f9eef3a4d6b4208c37c2e344e53b2708da6614ca93f39c8577069b

SHA512
f05db310ffc1c47a3879bdd4823da97f88f3738c6a870339a0873a2e809e5f572d04570860acae00cd6241b99b4b0971e27f155a06b97ad5b93f6b44abcbbe84

Download Submit
C:\Tower Of Fantasy\Launcher\intl_service\intl_service.exe
Filesize
534KB

MD5
59a987b86dc0313993c25318da7cbea2

SHA1
092f732d02f8a06029f303fe8bf3952ab579afa6

SHA256
0a63ccc8d418fccf839cc83a539b6d557bc26f1c09d1e436796c01459d337a89

SHA512
8a8e8c1bb9c4006a8cca2b465c455f5280a2a8735a08ebb77a5ac22d8ee217d2bacf4c336b740c0d1f620dfd992c019714f4989b6115e396f38ed95e66dbaa32

Download Submit
C:\Tower Of Fantasy\Launcher\intl_service\intl_service.exe
Filesize
534KB

MD5
59a987b86dc0313993c25318da7cbea2

SHA1
092f732d02f8a06029f303fe8bf3952ab579afa6

SHA256
0a63ccc8d418fccf839cc83a539b6d557bc26f1c09d1e436796c01459d337a89

SHA512
8a8e8c1bb9c4006a8cca2b465c455f5280a2a8735a08ebb77a5ac22d8ee217d2bacf4c336b740c0d1f620dfd992c019714f4989b6115e396f38ed95e66dbaa32

Download Submit
C:\Tower Of Fantasy\Launcher\intl_service\locales\ar.pak.info
Filesize
446KB

MD5
e68d3dd02914f0bb9522d35bdf12f1f5

SHA1
97145f56c8a133d6d3d7f8f658f4f9ffddc9f48f

SHA256
b9ecf53b8d6675c56c34d6dd23d9d0f4ae3e757c32430c4f8eb2d009e80fde23

SHA512
d51c7c1a5178e280c37b8d8881400a06ee3b3065a9cc08663d5d4561570cdbaf200904c67a31d8a38a69641c6e6a4b56f1892ee55c0e7c26eb4a9e01a86816ff

Download Submit
C:\Tower Of Fantasy\Launcher\intl_service\qbcore.dll
Filesize
154.2MB

MD5
0cd8d023fafcd209a03be60a0728808e

SHA1
c6de3c6e6b4108ff88ca26381d591a07e25bc557

SHA256
17c1abac21c8e62171127043b16c1ef3a4333a1aea11d615682691b94ac2b5b8

SHA512
c5e59b35edd31a3d1bb1b33c2357c63e7e8e853be56b2afeb7aefac21390d317836be2c917cd07d33ee1336a1cf5dc59d7c274f34451bdb5ca599fbd71c1153a

Download Submit
C:\Tower Of Fantasy\Launcher\lua51.dll
Filesize
557KB

MD5
f5cf2cede753b68d8b9943bf3bf6be51

SHA1
299c0ce51fd7519126cdad7e8f3b8984018ce1b1

SHA256
56817d8a4b27f79e13f7ee8c25500ea413b7e37ac8eecb0a2b8240b858d3377a

SHA512
ffb5bc4f36cca2ef907716f0d8ae4a648fd45fd8f326e6e2ac0653c846726cc2897e6564264673fa8218f08827a520e140d641ee17d5fa82287772c5d0d93cc0

Download Submit
C:\Tower Of Fantasy\Launcher\qblink\redirecturl.ini
Filesize
421B

MD5
9ba49a8e1c0724d8efb65854e320c293

SHA1
11bd40d7d749a694c9bbde83a8e450763ad6ad33

SHA256
d4881e0816d0e599809dd62e7e6d96a0df739080fffce33cfefc66b81d52108c

SHA512
f5fd6b0a430f1b93e723f5d5e910600d26d404552a52b68f54b31469c52746b7884c818e88c07ea00c6ebe066c5172ce8a9a17cedc5bca006f308dc97a82a656

Download Submit
C:\Tower Of Fantasy\Launcher\sail_api_platform.dll
Filesize
2.9MB

MD5
e237fc7d9f27fa2663d1edcedbde44ad

SHA1
f1ccc22f6b4b0d4c69808ec8de0667b6c1806ed6

SHA256
4454191bd9dd691a58ae85fe88be4289d1b79badf4fc603f2d5f6b54750bb5f1

SHA512
4a2a55565cc81e748a9db29c1eadb103132ee4a8ae1260b66badf59475c3e0111462e38c867decbfbed73ca4093ab2d0d0119567a2317596265395b61312c6e8

Download Submit
C:\Tower Of Fantasy\Launcher\sail_api_platform.dll
Filesize
2.9MB

MD5
e237fc7d9f27fa2663d1edcedbde44ad

SHA1
f1ccc22f6b4b0d4c69808ec8de0667b6c1806ed6

SHA256
4454191bd9dd691a58ae85fe88be4289d1b79badf4fc603f2d5f6b54750bb5f1

SHA512
4a2a55565cc81e748a9db29c1eadb103132ee4a8ae1260b66badf59475c3e0111462e38c867decbfbed73ca4093ab2d0d0119567a2317596265395b61312c6e8

Download Submit
C:\Tower Of Fantasy\Launcher\service_core.dll
Filesize
5.2MB

MD5
e3ef49c72a3442093642f9eb0526267b

SHA1
cf521bc26265943f4aa4abe44d1cdf554ce4d0d9

SHA256
dcbd4dcd6b2922cf72aecd2201b6727e448bfe50c676b6c6831f0077eedbba70

SHA512
3bc510cf62c385d76c76b6864e6ccadf7f4d184f00a34cc26af0d4f9043d0eff5baae7ddb931731e1110b82a371e946c5b99ff418b5eb74d1ac43e53fb6d8acc

Download Submit
C:\Tower Of Fantasy\Launcher\service_core.dll
Filesize
5.2MB

MD5
e3ef49c72a3442093642f9eb0526267b

SHA1
cf521bc26265943f4aa4abe44d1cdf554ce4d0d9

SHA256
dcbd4dcd6b2922cf72aecd2201b6727e448bfe50c676b6c6831f0077eedbba70

SHA512
3bc510cf62c385d76c76b6864e6ccadf7f4d184f00a34cc26af0d4f9043d0eff5baae7ddb931731e1110b82a371e946c5b99ff418b5eb74d1ac43e53fb6d8acc

Download Submit
C:\Tower Of Fantasy\Launcher\tinyget.dll
Filesize
3.8MB

MD5
fa7412f1c0fb8f34d1178af6c7387415

SHA1
cc6e15f5c7f3d3489f0bcb2d8d0874328e68aac7

SHA256
e23904de22d2ebd404e4117cd726162d4116210493011e365dc73a136d88c28c

SHA512
2629c83b4c185de972587bc3f7f57ae7e0fa16f583d106417692b7d4665782245d4bf76b8dcb3c21bf1eb34e3a621032756be1813b7ad0242beaca045e54d33e

Download Submit
C:\Tower Of Fantasy\Launcher\tinyget.dll
Filesize
3.8MB

MD5
fa7412f1c0fb8f34d1178af6c7387415

SHA1
cc6e15f5c7f3d3489f0bcb2d8d0874328e68aac7

SHA256
e23904de22d2ebd404e4117cd726162d4116210493011e365dc73a136d88c28c

SHA512
2629c83b4c185de972587bc3f7f57ae7e0fa16f583d106417692b7d4665782245d4bf76b8dcb3c21bf1eb34e3a621032756be1813b7ad0242beaca045e54d33e

Download Submit
C:\Tower Of Fantasy\Launcher\tof_launcher.exe
Filesize
889KB

MD5
3be5e3a1b07522e976519a48bd576678

SHA1
1c5f4ea2e1adbe3e18669c9e98226258316b78d1

SHA256
5f671928064b04561dd24607bc12c7b29f925a7a191d5359c73e73a978661507

SHA512
926fc8122f7b74e3661c2683008092cde91be22429b10195c59a380d554c0c7900328e1ef5f5e35e41a4b8a146e60edb5bee533eda10ef84b93dca75ecde398d

Download Submit
C:\Tower Of Fantasy\Launcher\tof_launcher.exe
Filesize
889KB

MD5
3be5e3a1b07522e976519a48bd576678

SHA1
1c5f4ea2e1adbe3e18669c9e98226258316b78d1

SHA256
5f671928064b04561dd24607bc12c7b29f925a7a191d5359c73e73a978661507

SHA512
926fc8122f7b74e3661c2683008092cde91be22429b10195c59a380d554c0c7900328e1ef5f5e35e41a4b8a146e60edb5bee533eda10ef84b93dca75ecde398d

Download Submit
C:\Tower Of Fantasy\Launcher\tof_launcher.exe
Filesize
889KB

MD5
3be5e3a1b07522e976519a48bd576678

SHA1
1c5f4ea2e1adbe3e18669c9e98226258316b78d1

SHA256
5f671928064b04561dd24607bc12c7b29f925a7a191d5359c73e73a978661507

SHA512
926fc8122f7b74e3661c2683008092cde91be22429b10195c59a380d554c0c7900328e1ef5f5e35e41a4b8a146e60edb5bee533eda10ef84b93dca75ecde398d

Download Submit
C:\Tower Of Fantasy\Launcher\tpf_ui.vfs
Filesize
111KB

MD5
f7da033f7d5012e6b2c1c0e5c13cf21d

SHA1
c7639355c8d6038660e1185181a1298f138adc8d

SHA256
42a629751a9dc3457abb035ea5e265d07845a2d501f629745c33b2a4900cab96

SHA512
ba52dab96d34e21781662dec60e7e6c66e7bdab21741b4a0f6c6e69575096383ca77617c8908ebb3b313d2b1c1420f441a0e0ec8eda1fc765d89cb6e79367fcf

Download Submit
C:\Tower Of Fantasy\Launcher\tpf_ui\res\app_icon.ico
Filesize
145KB

MD5
6b21a2de335430ef39816a880183fd62

SHA1
0777acf6efbcdf828755f35bc4af1f06f1f74b97

SHA256
3ccecf52e5115e2510a17c9ad88dc95505190ba170ccb55e8bffa971ccacc99e

SHA512
6367037c2662a7f1bf7f28bc82752ef2fb6af7fa20e9e771104eaed2fd5d8178319cf8ea8a84f64f81ac84acda7316693a17b048531950cee64de79228f32f75

Download Submit
C:\Tower Of Fantasy\Launcher\tpf_ui\res\common\background\black_bg.cfg
Filesize
550B

MD5
57eee679118a9b415b02d6e902c187df

SHA1
7254666787a52253e359bc5992e04dda3518d8b0

SHA256
e1e178e04f2df1339806ddc892d7f1a3ffa8f0cdfc276b98373482c34c0b939c

SHA512
d3465b6377bd24edc8341177feb66cdf0c0faae826d59023bd5449b7942328bb2beb5964e1caf08495170093de33a1265869123f99db14b90b1823691bebdbdd

Download Submit
C:\Tower Of Fantasy\Launcher\tpf_ui\res\common\background\panel_bg.png
Filesize
1KB

MD5
7b751f3b0a95eba66bd7888ec79d2970

SHA1
49404fcbfd09281997f2da3d16f66ba60364dcc6

SHA256
384014a67ee7b31caeb36eccaa39b1a47c7e5fae5d6a8571715f61c1bf96950a

SHA512
030fad253eb5e6332924e98182b39f44e04d69f7c8339d3466c9c116d6c6d7cccf9d16afdcf7d3d2c131b169ff825c563a361bee8d290b122b639d1a1cc14160

Download Submit
C:\Tower Of Fantasy\Launcher\tpf_ui\res\common\background\white_bg.png
Filesize
1KB

MD5
8eeb872b4b3e1f6b1a318abc37233295

SHA1
d669df84cbd797686ff805506c2f8cc5905703cc

SHA256
86c5ce7172097d2b9ad98293c391fc18cadb2e2d56db08835aec29d65f9afe18

SHA512
7855ffdb75325b39420266d21638ce9e6b8afe2b6649a01cd64be19a6710ab58dddda8f5161e1e41dddcbba8640e998152aa0ecc9144eb7177723211982c3976

Download Submit
C:\Tower Of Fantasy\Launcher\tpf_ui\res\common\checkbox_hover.png
Filesize
161B

MD5
20f0daa511a05069829b0762d74320bb

SHA1
d9ca566ab62ef5e217012c9ab4106bbff0d7673e

SHA256
ab13f6de4e8a4ec62f12088af8b9d24dab7f735a7ffc9a57fbdcdff055884203

SHA512
e85ed797e369d8bedf0157ec741bb07a2dc72cde36fae46712b28da59e6aee089cb588b7f45328b3e5bb9a287188b0773fc7d3f791f8372d3834237c6e5f75ee

Download Submit
C:\Tower Of Fantasy\Launcher\tpf_ui\res\common\checkbox_normal.png
Filesize
165B

MD5
3c2252d069e54d352a637b6aa973f9f7

SHA1
60685a4d6ffc343e99f93f2824aff5ac6b76e5e5

SHA256
19c17dcde371f003afe06bb26efb53c36c7c84d935a0cd7a79466572aef39c87

SHA512
e46b8b87a2cfbbbbcde47c74d49029d33e9ee78bbe1adeb354d47325a8ef66dd4d437e0b7f7de26a8baf6714a5e2d853831677cf1a37c8c36703e8037e910b34

Download Submit
C:\Tower Of Fantasy\Launcher\tpf_ui\res\common\checkbox_sel_hover.png
Filesize
249B

MD5
992b4bc50c46076b450d9362496adb15

SHA1
b20a8f5b8c4e406ad2273472bce69f6174b348a3

SHA256
25175fcfdcd12309a750fee2f4d9ab3793744ea5a9f309ef639a724705ae7baa

SHA512
dda7c4e1a888352ea33484a05e319068ffae6b383c411d98042addd98bf8005c5d5261f1a021fa4c0cef746ef8be7fb5ce94e58bbfebd8d914ba828aa7614e4d

Download Submit
C:\Tower Of Fantasy\Launcher\tpf_ui\res\common\checkbox_sel_normal_ndw.png
Filesize
254B

MD5
06e5475c787a39ab41a963c06be7d346

SHA1
f892272dea568a270d8726d553ac7939fef05a49

SHA256
2a7bf250efcef7d1ab9f3beb2df1239349f1851a216e3cea1adf0f06c4abd919

SHA512
278e64f0ab217355968e4723dfac6635f5aba24aabf3c89614e54eddbd15e32d3087e013b5567709f356bd98bbefcead4b2f650b95bc1e6b073ff499b7442731

Download Submit
C:\Tower Of Fantasy\Launcher\tpf_ui\res\common\frame_bg_hover.cfg
Filesize
479B

MD5
fc3fba741038dfddd2be6cca15112fbd

SHA1
235d684335c058a73ea934ace4148f2dfc422574

SHA256
1ac776d516e62ddf4d805e7ab549a47e008346d877b1130ea4f492a85d5ead8c

SHA512
5197b4f8b54810851f4d19446dafe76efd9eb577fff299d36aa1fae598d06a753c363f15f55a5bf56a9002416006509191ede7fcec266f539145ce67bd551bb2

Download Submit
C:\Tower Of Fantasy\Launcher\tpf_ui\res\frame_top\head_circle.png
Filesize
675B

MD5
eaf25813a5b56d69c56394c1b2496289

SHA1
d4678a5c6a1d3b35f7f268449761f57d87d1ac5b

SHA256
e05fd2692ed9210aeeeb77259c4d79406b0825ce637fbd33d35098473061e314

SHA512
07da1ccccd84bda819d7845f5410d9e934dd3f1fb1bc1d9672a2e13b4641d166ca344d2d6f68f532cca37505436c4c2c6ed7eb87c59cc76a0d2a324900ece756

Download Submit
C:\Tower Of Fantasy\Launcher\uninst.exe
Filesize
418KB

MD5
4b6b36ac384ede49e8b29e205cf09d82

SHA1
1cf3e5155c7b3373d0f3ede6e91730f91bedd727

SHA256
1f7a680ff8ab98c65f8dbc42436cf15e6a4ca16bebd3d7436d37544af581636b

SHA512
88e289525ed0d7265633cace35f134b163a1f98c5b7a84fe650a7039b27d5e5db7e487dd598a6bc0451dc96fa2f47b885bb7679736390d1a859261ba4624a4e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslBEA3.tmp\NSISPlugin.dll
Filesize
1.0MB

MD5
7c1b00e82c60c4850fcb098d48c40410

SHA1
4430e0632c75ca4a8ef5093a70b6e82ec7d3de3f

SHA256
1b9a09720ab5f6fed43d366cdf1d314b15e29e4eeabefdc528bf4053a0c1b0ef

SHA512
8a089435e5e4291526041362d3247ab46c95d2c2669ef1530a8029b6c898e8ee23fa5af9dd43bbdb27e1c51f74ce588068611db52954dd750219169d2f7e97c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslBEA3.tmp\NSISPlugin.dll
Filesize
1.0MB

MD5
7c1b00e82c60c4850fcb098d48c40410

SHA1
4430e0632c75ca4a8ef5093a70b6e82ec7d3de3f

SHA256
1b9a09720ab5f6fed43d366cdf1d314b15e29e4eeabefdc528bf4053a0c1b0ef

SHA512
8a089435e5e4291526041362d3247ab46c95d2c2669ef1530a8029b6c898e8ee23fa5af9dd43bbdb27e1c51f74ce588068611db52954dd750219169d2f7e97c8

Download Submit
C:\Users\Admin\AppData\Local\tofminiloader\LogConfig.ini
Filesize
119B

MD5
d964fa19360cab52e1192c890f5d5c6f

SHA1
bd39d8cbe9ddf9e5601f28c53683f01ee134d22c

SHA256
dd6589e9649d503fabd58da196df3b675e377ea3059fcff83f48f162fe67ccbb

SHA512
17a5c0a012346b14a12687f16cf9c473f35722d4957c5c22e389ee7af15a8799a8f13ad7e353383bfb1b67513132839124c5ede376254c3271b5fc9bc1bfacc1

Download Submit
C:\Users\Admin\AppData\Local\tofminiloader\Minidown.xml
Filesize
2KB

MD5
5066c88205afe8455c677aa1fbc2ece1

SHA1
f67c8e635c785a5019193d20ecf4442a6675cc1a

SHA256
55b74796fef769f9a2b027208b3ae8e1a62cc636d18fa4866eb499901b520953

SHA512
5c24aa5e2f433456127e40996fb1585bf328e5fbaf5a855eb967b334f644c57b8e6506e8a57f08915c349aa20dac85cab415cfd19e22071a5435d04218fe529a

Download Submit
C:\Users\Admin\AppData\Local\tofminiloader\error_code.json
Filesize
293KB

MD5
0b64477305d0896b211165aa475fd453

SHA1
b9511dc8ff7796a62832a79e249834450e8d6472

SHA256
2628602315093ef7b84a9cb4a3f08fc7e60aec40cc9c4bcb6958c61b17ce854b

SHA512
aa036ea88134c19372ea3f92fa3002638dfc3f8b0aa317080e2179d5a1722ff72e315b41464b77e513314b24ac26935171295325c8fa81ec0a7b4a8ae1852740

Download Submit
C:\Users\Admin\AppData\Local\tofminiloader\icon.ico
Filesize
347KB

MD5
62bf838494d7cfd6f4c75dab2059a6a8

SHA1
2369e8f9b7f426f8e4dba13afa5747d424fec2be

SHA256
e27ca05ea25c7205265e6c98b8e06eb4a2fb83471f49abfbc67c5b28d9b98a85

SHA512
73cdccaa5ba1666de47ed33b7eb8efc5940ffb0015ebc75b6607ca65243cc64efe8124f1473622e928516c9307bdc0b21639feaec7e6568fd305214c99f3ea5f

Download Submit
C:\Users\Admin\AppData\Local\tofminiloader\install_script.dat
Filesize
2KB

MD5
a7d8a55f69e9034e3263d7160d5d8414

SHA1
ee621c0fca8d4860251ff9db0f6fca8dfca6972e

SHA256
0f47ac4a1dd6721b772f5ea2b5870db5c380c4578ec675fe913b6f585fe8491c

SHA512
ee21e366c41daa2bf1ac9b3cf5c200a6041ae82738516dcff6e317d6780d211b18ac4ae914566d9039195a22c084e61917d95709efa21db03ef7110acb30f1c1

Download Submit
C:\Users\Admin\AppData\Local\tofminiloader\res.zip
Filesize
22.8MB

MD5
696cff6eba1c4a07b1b0fa0c6951778e

SHA1
2e7eb97629368ef700a2ef7631e9a4604a28eec0

SHA256
eb0a2d0e88ccb9737301910c90ad8713fbc5bef27fc98e72c69c40684ad5ce4d

SHA512
fbe056cc9fbad0c47dbd3a2e079488ef539c7d1b7e5c51a3bc4612cd574d7cd714a010b10f85b018fd8c36c8c40b9d7a639a04d99da9fa4a761009495dd583f0

Download Submit
C:\Users\Admin\AppData\Local\tofminiloader\tiny_dl\VersionService.exe
Filesize
10.3MB

MD5
049658fef6a48e9bf02f07055d7565a6

SHA1
f102a9c9bdeb50ba6e147d165e4b23b64ceca481

SHA256
f9143fcb1911ea48bfef859dbd2e3af4f8a71fbf71a39707676853ef2062462b

SHA512
4a5dd0eec46c5777cae8ee616d1aa8ced1a2518e5e625a08443c5ab20b4cb899edcf723d53796dcb7d7495a7ea2d5446a91be3f4f13ebf351347a8c57869d3e6

Download Submit
C:\Users\Admin\AppData\Local\tofminiloader\tiny_dl\VersionService.exe
Filesize
10.3MB

MD5
049658fef6a48e9bf02f07055d7565a6

SHA1
f102a9c9bdeb50ba6e147d165e4b23b64ceca481

SHA256
f9143fcb1911ea48bfef859dbd2e3af4f8a71fbf71a39707676853ef2062462b

SHA512
4a5dd0eec46c5777cae8ee616d1aa8ced1a2518e5e625a08443c5ab20b4cb899edcf723d53796dcb7d7495a7ea2d5446a91be3f4f13ebf351347a8c57869d3e6

Download Submit
C:\Users\Admin\AppData\Local\tofminiloader\tiny_dl\VersionServiceProxy.dll
Filesize
1.8MB

MD5
0bd2d0ecba439a1b180f44811bd2488b

SHA1
06e8db807b84309a18bce6757a2f20e7b982b5dd

SHA256
d62178771812c5943a32aad5826a1ede49b9b1ac13257c22abe6b676a7a33be6

SHA512
88a2ad8c758fc5887b3c15bb899fdb891283ab43d34f2da79aa7b4caa72c776985a92e60017a7b60860334db68e847574cede0256f6b6c8d8a2f0ffa134b3230

Download Submit
C:\Users\Admin\AppData\Local\tofminiloader\tiny_dl\VersionServiceProxy.dll
Filesize
1.8MB

MD5
0bd2d0ecba439a1b180f44811bd2488b

SHA1
06e8db807b84309a18bce6757a2f20e7b982b5dd

SHA256
d62178771812c5943a32aad5826a1ede49b9b1ac13257c22abe6b676a7a33be6

SHA512
88a2ad8c758fc5887b3c15bb899fdb891283ab43d34f2da79aa7b4caa72c776985a92e60017a7b60860334db68e847574cede0256f6b6c8d8a2f0ffa134b3230

Download Submit
C:\Users\Admin\AppData\Local\tofminiloader\tofminiloader.exe
Filesize
5.1MB

MD5
98fb49ed9eceb2dbc2db7185c55ed6b9

SHA1
6d11cb6ec533882a65dc945c316c51336170682f

SHA256
334eedb9e402541475c1da17fea1bcf245a01f68f40701ed47fc4fcd8de264d0

SHA512
e1d97680fc5aed4505b77d8f636d8f2b5bf0241ea78addff2630c3e68c280faeeb3ab86ac20f51702a537e079d23085a8a41a2b4d4a477b61cc4d9ead7915895

Download Submit
C:\Users\Admin\AppData\Local\tofminiloader\tofminiloader.exe
Filesize
5.1MB

MD5
98fb49ed9eceb2dbc2db7185c55ed6b9

SHA1
6d11cb6ec533882a65dc945c316c51336170682f

SHA256
334eedb9e402541475c1da17fea1bcf245a01f68f40701ed47fc4fcd8de264d0

SHA512
e1d97680fc5aed4505b77d8f636d8f2b5bf0241ea78addff2630c3e68c280faeeb3ab86ac20f51702a537e079d23085a8a41a2b4d4a477b61cc4d9ead7915895

Download Submit
C:\Users\Admin\AppData\Roaming\tof_launcher.reg
Filesize
1004B

MD5
9ce7f34416921cd4201011b301ef51b4

SHA1
f4f4e5eb71939d8fc5bad6251b578d4b434ee1db

SHA256
5125bbd8d7a359d9f768a7c407750d4b51d78d2015d2de5dfefc79549f0246a7

SHA512
c2634619b401687a5d61b4675c454855d66f895a8434e8e75951c0f941bcf2188fdadc535d614a0b60e63c76fd2623232103fd2fac6f370f447ee447e8eba5a2

Download Submit
C:\Users\Admin\AppData\Roaming\tof_launcher\29093\intl_service\log\INTL_20230331204037237.log
Filesize
4KB

MD5
e0e5bb4758c213e1f54011ad8cb91d87

SHA1
14d0a7ffa0e734ba9084e5c274e0dd8602722654

SHA256
9b61ddd1e423c3bb0c0305a58c2bc67b06fca7eabc8ac4a8b52c583a8cc34fa0

SHA512
ef65e72d7637f36af09b24cf8ea0412393f321bf511bc123b156db3702b209ab6953d4079d6181e885efe1f10dd50b14f91b1ffd63f92e9459e5944e52f4b79f

Download Submit
C:\Users\Admin\AppData\Roaming\tof_launcher\29093\intl_service\log\INTL_20230331204037237.log
Filesize
8KB

MD5
0f54dfce89445298c69d2f92c63fd8cb

SHA1
7eab5679684f30735a90b34c7693e33516b0d913

SHA256
91435236e3c63c43217d4d9b0ff17d1de83228f9aa98b91d5f0d289b4a71b946

SHA512
6716190277c41abc8a1d0c0f5076158aeec8c3a31299776eadaeb221551484116c9a23b3471f2b6a84efe6313b12432642c4fc134bfd053ffcfa462d01b268d6

Download Submit
C:\Users\Admin\AppData\Roaming\tof_launcher\tbs_cache\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\tof_launcher\tbs_cache\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
8247b292099f197808bde37cd69fc055

SHA1
13aa33cc738812b752abf67a1ad80f38d750f07f

SHA256
525fc2776ed40a5621b983f7206b269341f918efca73d991adeae63e7d1e439f

SHA512
ace32c95d2f337fa59d3ea0bafbd5a30748f6d7f0c7479a894c4df8e954d63084850741481283e893c2aa66dac3114faf5b25118f9c29d43d948411a05d2a95b

Download Submit
C:\Users\Admin\AppData\Roaming\tof_launcher\tbs_cache\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
e11df1f1485bd2fd191003b5b9e05c99

SHA1
c6ad84b3cc2eec999a380f789568cb1440254c48

SHA256
a6a2fee2ff2e565e8d8f2676225fa249217f06bd2e404d3c9ed7d7ba9af26a8d

SHA512
42521cacdb4df55714f17ab154e8423f7da2e9e7b5a9a763f790fd4322566a22498b2f9a5d660d9cfc1916be1b97d1fd92aadc2b8a69f6e192e2014e01e5ffc2

Download Submit
C:\Users\Admin\AppData\Roaming\tof_launcher\tbs_cache\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\tof_launcher\tbs_cache\LocalPrefs.json
Filesize
633B

MD5
d64ff8b0f2d8db95eee2172028a82cc4

SHA1
1484d3670d7492fd9af30ea760458796f3a10471

SHA256
fc5e995596f8ed1f88c66183f1a4ddfb450b04fb6d13e845417add14b3ea0ea0

SHA512
2b85a1397bb52c86d8ce2bba0f51169fca127a9ad95549f859f5da881756b898ebd407a845a993b5d412dc932edc2e8a6f9cc61466945519fd2ebf4d4f5ed90e

Download Submit
C:\Users\Admin\AppData\Roaming\tof_launcher\tbs_cache\LocalPrefs.json~RFe5bd08b.TMP
Filesize
479B

MD5
7d938223d09fc9f95b95c6fff841990f

SHA1
2fd4ab746c6222854ff4c563e96133590d24e774

SHA256
f400748581b5aef3d3e5e9d9b43d6fb382090f17f5561855e37c4c13ff672588

SHA512
f5a36a5a05f26f45dcd0efed4ed854d402c65ec726e4fbf83cf04ddb05e017f781735bcca180ce4d3cfa5bb413b14637b9f4ee8217e80046ff276718d6dbd534

Download Submit
C:\Users\Admin\AppData\Roaming\tof_launcher\tbs_cache\Network Persistent State
Filesize
491B

MD5
d61f8ecf92dc40ad71180b2e72d82dfb

SHA1
7cbb5245bed1315542e6f688ffb1d7c52525979f

SHA256
bd76ddd509a7ffab1e01e57ac63857f6d128e4dbf225cb9de1cfb9ec3319116c

SHA512
54ba9d99205ff58565412f2f1a39d0e045bea65ac9e022b6d799dc7dfde417420d68e87b3ab4e4815b1a392f2ce2a4c4f15422eb4361e1929eab068367873f2f

Download Submit
C:\Users\Admin\AppData\Roaming\tof_launcher\tbs_cache\Network Persistent State~RFe5bd6c5.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\tof_launcher\tbs_cache\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
memory/1680-1954-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-2185-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-2063-0x0000000061C40000-0x0000000061C6B000-memory.dmp

Filesize
172KB

Download
memory/1680-1956-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-1957-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-1955-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-1750-0x00000000770B0000-0x00000000770C0000-memory.dmp

Filesize
64KB

Download
memory/1680-1953-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-1952-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-1958-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-2186-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-2188-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-2187-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-2189-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-2190-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-2191-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-2192-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-1945-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/1680-1951-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download