e403e94b43a16fed936c5869728ee337c565f4bd80582374cfee51a7d10949e9

Analysis

max time kernel
90s
max time network
98s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
31-01-2023 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Badlion Client Setup 3.12.2.exe
Size

130.2MB
MD5

8a2c0126d77da21e6dd849e99cc55f7f
SHA1

cc8559df3b55887e4da205fdcaac5dd273740d8d
SHA256

e403e94b43a16fed936c5869728ee337c565f4bd80582374cfee51a7d10949e9
SHA512

f04d9d3815ae6f4b9ebc19c372a11bdd19f055a34a4a269c5e5cbff71379b9c4c4901a51fa156e115a17948603e94eead2eaa9863d2f88e1f8932803510778e3
SSDEEP

3145728:VAW7XW1mma/U9kGEqR5easiT2roh0SgtY0MuZns6eIMjFnfZC:OW7G1K4kgEwTwoWS7uZnsvjFnfZC

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\Drivers\etc\hosts	Badlion Client.exe

Executes dropped EXE 2 IoCs

pid	Process
4308	Badlion Client.exe
1064	Badlion Client.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Control Panel\International\Geo\Nation	Badlion Client.exe

Loads dropped DLL 14 IoCs

pid	Process
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
4308	Badlion Client.exe
4308	Badlion Client.exe
1064	Badlion Client.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
4308	Badlion Client.exe
4308	Badlion Client.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Badlion Client\locales\cs.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\locales\ru.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\resources\roots.pem	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\Badlion Client.exe	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\swiftshader\libGLESv2.dll	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\licenses.dependencies.txt	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\licenses\nativefiledialog.license.txt	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\replaystudio.license.txt	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\locales\ta.pak	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\locales\en-GB.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\locales\th.pak	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\locales\th.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\ffmpeg.exe	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\native-modules\badlion_js.dll	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\lunatriuscore.license.txt	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\licenses\lz4-java.license.txt	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\locales\el.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\locales\sw.pak	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\locales\sw.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\v8_context_snapshot.bin	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\v8_context_snapshot.bin	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\cursors\hand_grabbing.cur	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\notoserifkr.font.license.txt	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\locales\am.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\locales\hu.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\cursors\zoom_in.png	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\licenses\badlion.licenses.txt	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\locales\ms.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\resources\debug-log4j2.xml	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\vk_swiftshader.dll	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\libs\joml-jdk8-1.9.25.jar	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\licenses\xxhash.license.txt	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\locales\nb.pak	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\LICENSES.chromium.html	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\aperature.license.txt	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\licenses\freetype-jni.license.txt	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\locales\uk.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\libs\optifineinstallwrapper.jar	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\locales\bn.pak	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\native-modules	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\cursors\hand_grab.png	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\licenses.txt	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\locales\pt-PT.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\locales\zh-TW.pak	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\resources\app-update.yml	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\ffmpeg.dll	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\resources\elevate.exe	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\libs\disruptor-3.4.2.jar	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\LICENSE.electron.txt	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\licenses\opensans.font.license.txt	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\licenses\quickplay.license.txt	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\locales\ja.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\locales\nl.pak	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\locales	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\chrome_200_percent.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\libs\caffeine-2.8.8.jar	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\notosansjp.font.license.txt	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\locales\el.pak	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\locales\tr.pak	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\cursors\row_resize.cur	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\licenses\caffeine.license.txt	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\locales\bn.pak	Badlion Client Setup 3.12.2.exe
File created	C:\Program Files\Badlion Client\locales\es-419.pak	Badlion Client Setup 3.12.2.exe
File opened for modification	C:\Program Files\Badlion Client\locales\te.pak	Badlion Client Setup 3.12.2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-418076578333851669\ = "URL:Run game 418076578333851669 protocol"	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-418076578333851669\URL Protocol	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-418076578333851669\DefaultIcon	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-418076578333851669\DefaultIcon\ = "C:\\Program Files\\Badlion Client\\Badlion Client.exe"	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-418076578333851669\shell\open\command\ = "C:\\Program Files\\Badlion Client\\Badlion Client.exe"	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-418076578333851669	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-418076578333851669\shell\open\command	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-418076578333851669\shell	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\discord-418076578333851669\shell\open	Badlion Client.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	Badlion Client.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	Badlion Client.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
2916	Badlion Client Setup 3.12.2.exe
4308	Badlion Client.exe
4308	Badlion Client.exe
4308	Badlion Client.exe
4308	Badlion Client.exe
4308	Badlion Client.exe
4308	Badlion Client.exe
4308	Badlion Client.exe
4308	Badlion Client.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2916	Badlion Client Setup 3.12.2.exe
Token: SeShutdownPrivilege	4308	Badlion Client.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4308	Badlion Client.exe

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73
PID 4308 wrote to memory of 1064	4308	Badlion Client.exe	73

C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 3.12.2.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 3.12.2.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2916

C:\Program Files\Badlion Client\Badlion Client.exe
"C:\Program Files\Badlion Client\Badlion Client.exe"
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4308
- C:\Program Files\Badlion Client\Badlion Client.exe
  "C:\Program Files\Badlion Client\Badlion Client.exe" --type=gpu-process --field-trial-handle=2464,6921093321761516882,7929508216205276235,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2476 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1064
- C:\Program Files\Badlion Client\Badlion Client.exe
  "C:\Program Files\Badlion Client\Badlion Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2464,6921093321761516882,7929508216205276235,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:340
- C:\Program Files\Badlion Client\Badlion Client.exe
  "C:\Program Files\Badlion Client\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Program Files\Badlion Client\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2464,6921093321761516882,7929508216205276235,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:3396

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Badlion Client\Badlion Client.exe

Filesize
134.1MB

MD5
5f8946681a31e505ae08bb52c759adb5

SHA1
332fcdeffda7aa2927f59438d84038f3d4096f8f

SHA256
743d87d7e8a40825d33706385b1c2adf7cb484d6b5c26ed85e8ab58a3af6e935

SHA512
ccb25202d72638e79a5382d997589b507310eecf7836d57ddad7cb178ddd0b0f723ce561db303de8dcda9f32baaa39f22e034f3a743cb061ab76da99b7648e46

Download Submit
C:\Program Files\Badlion Client\Badlion Client.exe

Filesize
134.1MB

MD5
5f8946681a31e505ae08bb52c759adb5

SHA1
332fcdeffda7aa2927f59438d84038f3d4096f8f

SHA256
743d87d7e8a40825d33706385b1c2adf7cb484d6b5c26ed85e8ab58a3af6e935

SHA512
ccb25202d72638e79a5382d997589b507310eecf7836d57ddad7cb178ddd0b0f723ce561db303de8dcda9f32baaa39f22e034f3a743cb061ab76da99b7648e46

Download Submit
C:\Program Files\Badlion Client\Badlion Client.exe

Filesize
5.3MB

MD5
fe9bd33accff54fe13860728baa539f7

SHA1
7abbb4ee978fdbe03811cfdb72a4f33ec27bba2d

SHA256
5d2c37f960ecde99c887dcf288098f16d7e67eeb9341b20d166a83b26f6f31eb

SHA512
66a21e7ff04c4215e26ecc5615d8811363afbd02dd52f5122c0b335f68ffefa82a21bb077b68077779245a8c386507b824d2e562cf674a08e3c52f6abc5f9ed6

Download Submit
C:\Program Files\Badlion Client\Badlion Client.exe

Filesize
4.8MB

MD5
8095f5beb6d3d9278c1cf46817b20688

SHA1
79286574ac3e4d24a7a233c46ffa6326d2750c94

SHA256
d6354f4fdc93d6aba1a4359d08ce6c8868d379d8b54259c33673e13c2a43fc10

SHA512
9e2ddffd69c22106dc3ffb027c638696574f1e657e9190eabb6dc4e8c7299657e37d273cc3de26cb024ce08a9565fc03ec840b5ff7406dd58a0ac4a28dd0e860

Download Submit
C:\Program Files\Badlion Client\chrome_100_percent.pak

Filesize
138KB

MD5
0fd0a948532d8c353c7227ae69ed7800

SHA1
c6679bfb70a212b6bc570cbdf3685946f8f9464c

SHA256
69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf

SHA512
0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

Download Submit
C:\Program Files\Badlion Client\chrome_200_percent.pak

Filesize
202KB

MD5
1014a2ee8ee705c5a1a56cda9a8e72ee

SHA1
5492561fb293955f30e95a5f3413a14bca512c30

SHA256
ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57

SHA512
ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

Download Submit
C:\Program Files\Badlion Client\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Program Files\Badlion Client\ffmpeg.dll

Filesize
2.6MB

MD5
2fc7f6b0abd1af4988e30e58e8310291

SHA1
9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

SHA256
b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

SHA512
cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

Download Submit
C:\Program Files\Badlion Client\icudtl.dat

Filesize
9.7MB

MD5
224ba45e00bbbb237b34f0facbb550bf

SHA1
1b0f81da88149d9c610a8edf55f8f12a87ca67de

SHA256
8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc

SHA512
c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

Download Submit
C:\Program Files\Badlion Client\libEGL.dll

Filesize
431KB

MD5
1ed91477a02e0e2a64e5e9f26bcea438

SHA1
8058c2bd3342d8d882768188b1e5c45567a8dde9

SHA256
a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03

SHA512
c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5

Download Submit
C:\Program Files\Badlion Client\libGLESv2.dll

Filesize
7.5MB

MD5
640a515fcd8e5d5a332c1d40c47700b0

SHA1
0128c9d499deb7866f3d7aae0adab69d9a8f768f

SHA256
927c858deb4700d3759fab436d5ba554ff4cf7be505d536ea1c673707d5ca8a1

SHA512
792acebb5ba329e61bc319b415ba01248dcf18c7e46695222682dbf59d179403ced15c19ae03a282dec7e622121c05844d8eae5a04a2aa1f552ebced51644e27

Download Submit
C:\Program Files\Badlion Client\locales\en-US.pak

Filesize
95KB

MD5
214e2b52108bbde227209a00664d30a5

SHA1
e2ac97090a3935c8aa7aa466e87b67216284b150

SHA256
1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab

SHA512
9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

Download Submit
C:\Program Files\Badlion Client\native-modules\badlion_electron.dll

Filesize
10.6MB

MD5
ea7a46b5fe481b34601c746a326705d8

SHA1
a56ba80dff0ad01bdd929f01f363549e2855be5a

SHA256
c11ea3a712e6c39509ea95d9c4beb2d2fc6441541cb995e48d89499f180500dd

SHA512
572bde06f4bf8d6db4ccd1d924284f80db2faffb6ce1d9aefbd35d0e27dad2e5832934b99072a471bc6f6a25422525ec6563442dc06d124d6ef398cf63c18203

Download Submit
C:\Program Files\Badlion Client\native-modules\badlion_js.dll

Filesize
9.4MB

MD5
a8ba7a7c7bca606f8f8477153dcee146

SHA1
978e21d384550ef29d158028a934d4d10aa9832f

SHA256
549cdc92a73d940c1c4dce8d61d9cf5898aa420d74db51fa7afb67da55671f49

SHA512
a9c566d4001a678b8b4978bfb3b785c2f38e4b9d29ba8263bb9cfe8f1194d92121aa08fc2a96781cc50d3476ee1191c9ac27f89d390a046a51432c8d98ec28db

Download Submit
C:\Program Files\Badlion Client\native-modules\freetype-jni.dll

Filesize
723KB

MD5
bfca95ddc59c5ebb517ff1870952161f

SHA1
7c8a033e02ff80619450eef3dc33a3aee7e00ec3

SHA256
6accdf6a3f153b1aa0b84706aab2a363312b0c1534465d79b278ba745ad7ae69

SHA512
a35546981267ad637bc304060c2b7c09406f7337f4b71583b5ff8a1c0ab5af5199d39eceb7d3c9ce8aa98febd26eb7ee81a2dcc2f7765492ee7953f50a2a2ff9

Download Submit
C:\Program Files\Badlion Client\native-modules\launcher.node

Filesize
18.1MB

MD5
b5d2b95881b1958848ce0a9ad97ece79

SHA1
857cd63dfb86024511dfea525abace6408876bc4

SHA256
4c3fe2990cdd248c358280932a979e2ccc6e3f7b82dd94ae9b4bd715ff80ce95

SHA512
3b98e882ac9045885059823b8b8734d62bb060db32cb8f7360d6f0615727a0fee5abc07ae72a3c5ebbe5597ff21a46ce92531859d284f2491679e09c981c65ea

Download Submit
C:\Program Files\Badlion Client\resources.pak

Filesize
5.6MB

MD5
f616d69f6e582582930d06c5c18f0f70

SHA1
fde8e2653f2a5317492105bcabeb3565faaf74de

SHA256
bba807d7822c4317fd097da4a442b4206cb940d077cc127c42c1e29cf72fa855

SHA512
492e678860f240a62094f696a5e50f408f881c903fce655e18ac6450e3b88befde56778c7ffd20f22561fef07671f6c2f7463ffdd8a17fa2c82e072aee736016

Download Submit
C:\Program Files\Badlion Client\resources\app.asar

Filesize
40.3MB

MD5
f30208e6e4f1a6c849007faac40b85f6

SHA1
0251be80ac4cb24c62877652c89bc6feeee8328b

SHA256
3610ac58ff4edde90ab7a1108ed1a277978943d3f3f9c11ec99108c89bd04c80

SHA512
a3fe7911fed5b4ad185585ad47cd61ba26aeeadd586e17a70aab71f4a7ec860901b5cf6b56db0267007e406b22839e66bf9f2f09bfa613948ff49da5ba758f45

Download Submit
C:\Program Files\Badlion Client\resources\roots.pem

Filesize
279KB

MD5
bec29e7471bdfd13632a88a0e1177a4e

SHA1
f06003491572f8c18b6c18f1857562562eb48032

SHA256
00598bc1f737f7cc56eb82e58137a3e65c6f5a840011db174b5b65076311270e

SHA512
629862482f92323a07ea5f514b36271b4d4b3b8a46f1f2d3b654c8b1113eea1cb05dd1689599c076425e4ee88c461b245d2d06eea9711b95ecb7758340bf692f

Download Submit
C:\Program Files\Badlion Client\swiftshader\libEGL.dll

Filesize
445KB

MD5
e7c8cd0bc5305a7c3c2a2c1f689744e2

SHA1
de20c6420bd838e13867bb37256e1b25bf365942

SHA256
48bfd2776bc58f386acddcdcad5161b1d7e3dc71a077cda5232b989da9081ae9

SHA512
2d4436470c0c4c8127717fbfd863cf61af5be4575dad8241d8062dbf7fb84e2ae517eaa11c2a59f1ad2bad49dbc05b15acea62765379643ca51acf96f48b79c0

Download Submit
C:\Program Files\Badlion Client\swiftshader\libGLESv2.dll

Filesize
3.0MB

MD5
d9a5609d8da5bd558facf2617619ad2b

SHA1
9debb66a376549ee795e9c049b3a685245e0a4b8

SHA256
da9fc78eea721b8e51599a72053c569a6ba1cce64808544c428bd295f3ef3216

SHA512
b461fa396bf58ac4989c61057502bd00493e920bfbc1c092a763699d660aef2b5e1aa9659000cc4fd0af0831043c18e01489c94733af06659d49fcfaac82e42d

Download Submit
C:\Program Files\Badlion Client\v8_context_snapshot.bin

Filesize
160KB

MD5
89f5b9dc2c1eccfce7c3681b8066125f

SHA1
273175d93ae554da7f63a6475426a6515d0c8cd1

SHA256
7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91

SHA512
469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61

Download Submit
C:\Program Files\Badlion Client\vk_swiftshader.dll

Filesize
4.3MB

MD5
76d3589242fca16d76aff52910e72d7e

SHA1
a88a7495f71b718e127bdfe09e7a279bf05bfceb

SHA256
f1e92727d2c2ac4c3878d39ab29679f06e65594121dbd8845a86338dac06e61a

SHA512
95fc89f165b3235a524da6f2bd47c0086baa0f239d6c0fe8ee30a098bd72e09fc37027e0442dfbcdafa2a2ad6c1275a0a9cc4088f9d2feb41ca0d3a720e0d857

Download Submit
C:\Program Files\Badlion Client\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Program Files\Badlion Client\vulkan-1.dll

Filesize
715KB

MD5
9663210f63cbf7a8d6b36a95d93dd119

SHA1
0fc5c50984b2c9677b8ebce4d4518c1322ce4145

SHA256
de7d4c0e859be24c5ae60b5dad2bbac62cb3b3812ab747ee73f4483c7a10dc88

SHA512
a161dfbb6e40aebec9f33bda4c81f52f456731d76bd48edc1425a2593c75591d969d3a3394a105eae386902ec822de3f9099cd07964f96d4e204f3f0ff48e631

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
824B

MD5
3688374325b992def12793500307566d

SHA1
4bed0823746a2a8577ab08ac8711b79770e48274

SHA256
2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085

SHA512
59119e66f5945029f8652c5981589d95cace534adc6780ccea736b7e776615caa0b567c14d161271d6066f57d9bab0d4055850162f5a046c0456264b7b9e7508

Download Submit
\Program Files\Badlion Client\d3dcompiler_47.dll

Filesize
4.1MB

MD5
4608348d857711d39df01a0e91d2ae44

SHA1
c2a2126e6a8686953b643eeb9feb4707fe7150df

SHA256
1115d5cf7bb46bbf990d7333c5fe84b8653a7c880e4c7fbd886522bc44358561

SHA512
f90e17f1584fae2851909490b63b614bc20f967a11eec99c02c6aab90a30d6d3cb6b40b70e79a4010921e951ae5b1f6058633e10549c19d298097cc5adfa2003

Download Submit
\Program Files\Badlion Client\ffmpeg.dll

Filesize
2.6MB

MD5
2fc7f6b0abd1af4988e30e58e8310291

SHA1
9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

SHA256
b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

SHA512
cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

Download Submit
\Program Files\Badlion Client\ffmpeg.dll

Filesize
2.6MB

MD5
2fc7f6b0abd1af4988e30e58e8310291

SHA1
9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

SHA256
b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

SHA512
cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

Download Submit
\Program Files\Badlion Client\ffmpeg.dll

Filesize
2.6MB

MD5
2fc7f6b0abd1af4988e30e58e8310291

SHA1
9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

SHA256
b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

SHA512
cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

Download Submit
\Program Files\Badlion Client\libEGL.dll

Filesize
431KB

MD5
1ed91477a02e0e2a64e5e9f26bcea438

SHA1
8058c2bd3342d8d882768188b1e5c45567a8dde9

SHA256
a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03

SHA512
c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5

Download Submit
\Program Files\Badlion Client\libGLESv2.dll

Filesize
4.0MB

MD5
09eb7f905c8330996a57c6aa0e9a6571

SHA1
abe661cab9e32cf41587960256eca7cf4c8b9d5f

SHA256
ac36e2824eeb5fe9e34d05d44234548c0062cca0d6c794449b9420b55296b62a

SHA512
0e919eeeb4c8ebfcc3b414b567e7680bb20188418efa05d11e39d17a0fff748354ccf623fa471883619f1b5fb7703f7c1e4c295f7a39c18a5449fc11bf07e3c9

Download Submit
\Program Files\Badlion Client\native-modules\launcher.node

Filesize
18.1MB

MD5
b5d2b95881b1958848ce0a9ad97ece79

SHA1
857cd63dfb86024511dfea525abace6408876bc4

SHA256
4c3fe2990cdd248c358280932a979e2ccc6e3f7b82dd94ae9b4bd715ff80ce95

SHA512
3b98e882ac9045885059823b8b8734d62bb060db32cb8f7360d6f0615727a0fee5abc07ae72a3c5ebbe5597ff21a46ce92531859d284f2491679e09c981c65ea

Download Submit
\Program Files\Badlion Client\vk_swiftshader.dll

Filesize
4.3MB

MD5
76d3589242fca16d76aff52910e72d7e

SHA1
a88a7495f71b718e127bdfe09e7a279bf05bfceb

SHA256
f1e92727d2c2ac4c3878d39ab29679f06e65594121dbd8845a86338dac06e61a

SHA512
95fc89f165b3235a524da6f2bd47c0086baa0f239d6c0fe8ee30a098bd72e09fc37027e0442dfbcdafa2a2ad6c1275a0a9cc4088f9d2feb41ca0d3a720e0d857

Download Submit
\Program Files\Badlion Client\vulkan-1.dll

Filesize
715KB

MD5
9663210f63cbf7a8d6b36a95d93dd119

SHA1
0fc5c50984b2c9677b8ebce4d4518c1322ce4145

SHA256
de7d4c0e859be24c5ae60b5dad2bbac62cb3b3812ab747ee73f4483c7a10dc88

SHA512
a161dfbb6e40aebec9f33bda4c81f52f456731d76bd48edc1425a2593c75591d969d3a3394a105eae386902ec822de3f9099cd07964f96d4e204f3f0ff48e631

Download Submit
\Users\Admin\AppData\Local\Temp\nszA156.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nszA156.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nszA156.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
\Users\Admin\AppData\Local\Temp\nszA156.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nszA156.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nszA156.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nszA156.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nszA156.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
\Users\Admin\AppData\Local\Temp\nszA156.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nszA156.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nszA156.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/2916-143-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-146-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-163-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-166-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-167-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-168-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-170-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-169-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-171-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-173-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-174-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-172-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-175-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-176-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-177-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-162-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-161-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-180-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-159-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-182-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-183-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-184-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-157-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-156-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-155-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-154-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-153-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-152-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-151-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-150-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-149-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-148-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-147-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-165-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-145-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-144-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-116-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-115-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-142-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-141-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-140-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-139-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-138-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-137-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-136-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-135-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-134-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-133-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-132-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-131-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-130-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-129-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-128-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-127-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-126-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-125-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-124-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-123-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-122-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-121-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-120-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-119-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-118-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/2916-117-0x0000000077960000-0x0000000077AEE000-memory.dmp

Filesize
1.6MB

Download
memory/4308-230-0x00007FF994B30000-0x00007FF9973E6000-memory.dmp

Filesize
40.7MB

Download