30d263ed9e4d4fb72e25b664ebca8e4b2c92878c993be2c48362ca4ba73089e5

Analysis

max time kernel
50s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2023, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Badlion Client Setup 3.15.0.exe
Size

129.2MB
MD5

738356dfa877aefd77c96d84ca7a134a
SHA1

398c3d7cfa411d1c649b52b445594db0aa85105a
SHA256

30d263ed9e4d4fb72e25b664ebca8e4b2c92878c993be2c48362ca4ba73089e5
SHA512

d7eb3532f0f3b38025023f68553f0c8feb9f349623ce0f3280de4eb7c201b0b812fd9c03942e2135573518736914110fa2a7c6c7403fc00a1f390870b8fdbf5c
SSDEEP

3145728:faW75NJgEd/qt0DdEzcDKNiT2roh0SgtY0VpgeZns6H03EeCg3kO:CW75NKE5DYiTwoWS8pfZnsPPCg3kO

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	Badlion Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	Badlion Client.exe

Executes dropped EXE 2 IoCs

pid	Process
2948	Badlion Client.exe
4368	Badlion Client.exe

Loads dropped DLL 17 IoCs

pid	Process
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
2948	Badlion Client.exe
2948	Badlion Client.exe
2948	Badlion Client.exe
4368	Badlion Client.exe
4368	Badlion Client.exe
4368	Badlion Client.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
2948	Badlion Client.exe
2948	Badlion Client.exe
4368	Badlion Client.exe
4368	Badlion Client.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Badlion Client\ffmpeg.dll	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\cursors\invalid.cur	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\LICENSES.chromium.html	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\licenses\openjdk.license.txt	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\locales\ml.pak	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\resources\app-update.yml	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\resources\roots.pem	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\libEGL.dll	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\licenses\caffeine.license.txt	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\licenses\nativefiledialog.license.txt	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\quickplay.license.txt	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\locales\th.pak	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\locales\fr.pak	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\snapshot_blob.bin	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\cursors\zoom_in.png	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\licenses\schematica.license.txt	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\licenses\skyblockaddons.license.txt	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\locales\am.pak	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\licenses\notenoughupdates-repo.license.txt	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\opensans.font.license.txt	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\locales\da.pak	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\locales\pl.pak	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\locales\zh-CN.pak	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\ffmpeg.exe	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\locales\sr.pak	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\vk_swiftshader.dll	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\resources	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\cursors\hand_grabbing.png	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\locales\bn.pak	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\locales\ja.pak	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\ffmpeg.dll	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\licenses\replaystudio.license.txt	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\locales\es-419.pak	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\locales\mr.pak	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\locales\ru.pak	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\grpc.license.txt	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\locales\he.pak	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\resources.pak	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\cursors\move_drop.cur	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\LICENSES.chromium.html	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\flag-icon-css-license.txt	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\licenses.dependencies.txt	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\locales\el.pak	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\locales\lv.pak	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\locales\sw.pak	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\libGLESv2.dll	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\libEGL.dll	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\locales\cs.pak	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\icudtl.dat	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\licenses\rubik.font.license.txt	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\rubik.font.license.txt	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\locales\am.pak	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\native-modules\badlion_electron.dll	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\libs\caffeine-2.8.8.jar	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\licenses\disruptor.txt	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\licenses\notoserifkr.font.license.txt	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\locales\es-419.pak	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\cursors\hand_grabbing.png	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\locales\pl.pak	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\locales\ro.pak	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\d3dcompiler_47.dll	Badlion Client Setup 3.15.0.exe
File opened for modification	C:\Program Files\Badlion Client\vk_swiftshader_icd.json	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\licenses\badlion.licenses.txt	Badlion Client Setup 3.15.0.exe
File created	C:\Program Files\Badlion Client\licenses\notoseriftc.font.license.txt	Badlion Client Setup 3.15.0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
4760	Badlion Client Setup 3.15.0.exe
2948	Badlion Client.exe
2948	Badlion Client.exe
2948	Badlion Client.exe
2948	Badlion Client.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4760	Badlion Client Setup 3.15.0.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2948	Badlion Client.exe
4368	Badlion Client.exe

C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 3.15.0.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client Setup 3.15.0.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4760

C:\Program Files\Badlion Client\Badlion Client.exe
"C:\Program Files\Badlion Client\Badlion Client.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2948
- C:\Program Files\Badlion Client\Badlion Client.exe
  "C:\Program Files\Badlion Client\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Program Files\Badlion Client\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2660,5569548175145493327,1573607978149368809,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Badlion Client\Badlion Client.exe
  "C:\Program Files\Badlion Client\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Program Files\Badlion Client\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=2660,5569548175145493327,1573607978149368809,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Badlion Client\Badlion Client.exe
  "C:\Program Files\Badlion Client\Badlion Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2660,5569548175145493327,1573607978149368809,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=3108 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Badlion Client\Badlion Client.exe
  "C:\Program Files\Badlion Client\Badlion Client.exe" --type=gpu-process --field-trial-handle=2660,5569548175145493327,1573607978149368809,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2668 /prefetch:2
  2⤵
  PID:1444

C:\Program Files\Badlion Client\Badlion Client.exe
"C:\Program Files\Badlion Client\Badlion Client.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:4368

C:\Program Files\Badlion Client\Badlion Client.exe
"C:\Program Files\Badlion Client\Badlion Client.exe"
1⤵
PID:4720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4392

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Badlion Client\Badlion Client.exe

Filesize
134.1MB

MD5
28eade0441ad731d28e2d9f1eae7aecd

SHA1
6df7df36d6bea0c97c1e257fea7aa7c3000210e5

SHA256
ce70520ed25b558a9198907293ebfb4ffc4fd19568cb7943f613d239db33d069

SHA512
8de97a8affcbc1089072246c156098ad05bbfcfeff35df6a44548324c17e5e73de122935395395f4f8e797bf5d30daa7e3a06ae5bcc36ac039594c8b3ead356a

Download Submit
C:\Program Files\Badlion Client\Badlion Client.exe

Filesize
134.1MB

MD5
28eade0441ad731d28e2d9f1eae7aecd

SHA1
6df7df36d6bea0c97c1e257fea7aa7c3000210e5

SHA256
ce70520ed25b558a9198907293ebfb4ffc4fd19568cb7943f613d239db33d069

SHA512
8de97a8affcbc1089072246c156098ad05bbfcfeff35df6a44548324c17e5e73de122935395395f4f8e797bf5d30daa7e3a06ae5bcc36ac039594c8b3ead356a

Download Submit
C:\Program Files\Badlion Client\Badlion Client.exe

Filesize
129.6MB

MD5
2b71cf2409c23ab19cd14c1c6217801d

SHA1
2894be3121e9ca7875caf8e807777acd329a0dd3

SHA256
7f83596a82a0d167be070172bde827518901608323ccb0d60711c78fc41b3016

SHA512
838b0785afee4fc497c544bfa502cf22de0aeeb583c6a53eaf8a3e962ca1425ab829befc5ff2ff41ea6061bd78e73ba44f12e58b1f8f106d70e9984d1f262b67

Download Submit
C:\Program Files\Badlion Client\Badlion Client.exe

Filesize
96.4MB

MD5
5f9da01bfce4b2e409a795bd7109198d

SHA1
7aa3fa4f4c919d3ceb0009ab7b1b6ed6bc5916c0

SHA256
3a6aa1056671281b1c485a9d01b2a09a5d5e627acdfb9d98dcca0f50e3ea70bf

SHA512
f08f5d3fd7bf31bbf58625b5d5f7a02d1fbecc8728a1f5d948de422caa725af4f840ca9370b171ea757e218946d4d25fcf1a616486fa563217e77aef4f349860

Download Submit
C:\Program Files\Badlion Client\Badlion Client.exe

Filesize
64.7MB

MD5
27fdb918171b3e427edd861e89618261

SHA1
a9c2fb4f52bfe3c7af94b4b0c9aebe0be16f7eb6

SHA256
d456e5a800c3a2351f4490a5e436de3846514c30915731f7fd231ddf54ef8ec7

SHA512
a63c41aced1052226e296dd4d0e9e811292ba243f99d2d0f43df0db0d9e9bfa61c857db4a1dd3be7a7f53906bac207b8f1b2fc7080abae031a9ea0728268b3f4

Download Submit
C:\Program Files\Badlion Client\Badlion Client.exe

Filesize
51.7MB

MD5
faee90dc112db0347d6a3b9612001004

SHA1
5c8e1210f4efed4b68e76a5688613d6d741ecaaf

SHA256
c66a9d1ff71eef4baa60353b8b15beb3fad9c1780d298e3df2dd1a655038dc9e

SHA512
c49bf40a939ba1034fed21d6122d4b235d349b0f3d0e31e6d0e94ef5c90e14c0c5ccd428c48c42a32de66b3fba8e1102bf71ce31f391d6854e80bdd3e9ff78d0

Download Submit
C:\Program Files\Badlion Client\Badlion Client.exe

Filesize
50.1MB

MD5
0c60b30374cd4c9e412f96fdac9c51ed

SHA1
467533bbfdaf7508bf2b0af4f8b230305d3af55f

SHA256
23eb7ee59016f10de337deef198bcbfabce413e524e3ac2005b22ac460732223

SHA512
e8a81a3c4baa4531d0fa0b2a10b26d8705a4a22df7d6dc8d450a0623534e4eadf0192737606159ec23c912b6154d4f0c94190ff5b351bd67a7ffe6223b9e8b54

Download Submit
C:\Program Files\Badlion Client\Badlion Client.exe

Filesize
51.3MB

MD5
e621e86433b76f7ed9772445f67447ab

SHA1
b3eddcdd75051fc2dd7de5c1444166569a0b8488

SHA256
1798407ed72c069cf27c44beb8e01d4a3f88671bad920d7778cc034d8e6c1b1c

SHA512
958851f4201d4e17376a8904ca950590c7347b1550d97c81c8a1c523e462b625cc18f44f29394b6c48a5c2be3c465f51b997d022716ba0b055b7d45028095ac8

Download Submit
C:\Program Files\Badlion Client\Badlion Client.exe

Filesize
49.6MB

MD5
31feb8ba842386de98a4d98ebb4cfa97

SHA1
243f589c69e659e980d0ccf6e6b5db2f46ba241b

SHA256
ba9af28b5e927fda36a702fd358e88797851145dfb60596b6ee69e9a95fdf714

SHA512
a57077c0904639c6a85eb8a425adfb7f9b4e5987476ed4ddd41c67eec30a1b6929ea91296b037711cbb03091c2b8e5e30944554ec0ee1b5f75348ac5e7dd1e99

Download Submit
C:\Program Files\Badlion Client\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Program Files\Badlion Client\chrome_100_percent.pak

Filesize
138KB

MD5
0fd0a948532d8c353c7227ae69ed7800

SHA1
c6679bfb70a212b6bc570cbdf3685946f8f9464c

SHA256
69a3916ed3a28cd5467b32474a3da1c639d059abbe78525a3466aa8b24c722bf

SHA512
0ee0d16ed2afd7ebd405dbe372c58fd3a38bb2074abc384f2c534545e62dfe26986b16df1266c5807a373e296fe810554c480b5175218192ffacd6942e3e2b27

Download Submit
C:\Program Files\Badlion Client\chrome_200_percent.pak

Filesize
202KB

MD5
1014a2ee8ee705c5a1a56cda9a8e72ee

SHA1
5492561fb293955f30e95a5f3413a14bca512c30

SHA256
ed8afe63f5fc494fd00727e665f7f281600b09b4f4690fa15053a252754e9d57

SHA512
ac414855c2c1d6f17a898418a76cce49ad025d24c90c30e71ad966e0fd6b7286acf456e9f5a6636fd16368bc1a0e8b90031e9df439b3c7cd5e1e18b24a32c508

Download Submit
C:\Program Files\Badlion Client\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Program Files\Badlion Client\ffmpeg.dll

Filesize
2.6MB

MD5
2fc7f6b0abd1af4988e30e58e8310291

SHA1
9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

SHA256
b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

SHA512
cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

Download Submit
C:\Program Files\Badlion Client\ffmpeg.dll

Filesize
2.6MB

MD5
2fc7f6b0abd1af4988e30e58e8310291

SHA1
9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

SHA256
b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

SHA512
cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

Download Submit
C:\Program Files\Badlion Client\ffmpeg.dll

Filesize
2.6MB

MD5
2fc7f6b0abd1af4988e30e58e8310291

SHA1
9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

SHA256
b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

SHA512
cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

Download Submit
C:\Program Files\Badlion Client\ffmpeg.dll

Filesize
2.6MB

MD5
2fc7f6b0abd1af4988e30e58e8310291

SHA1
9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

SHA256
b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

SHA512
cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

Download Submit
C:\Program Files\Badlion Client\ffmpeg.dll

Filesize
2.6MB

MD5
2fc7f6b0abd1af4988e30e58e8310291

SHA1
9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

SHA256
b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

SHA512
cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

Download Submit
C:\Program Files\Badlion Client\ffmpeg.dll

Filesize
2.6MB

MD5
2fc7f6b0abd1af4988e30e58e8310291

SHA1
9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

SHA256
b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

SHA512
cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

Download Submit
C:\Program Files\Badlion Client\ffmpeg.dll

Filesize
2.6MB

MD5
2fc7f6b0abd1af4988e30e58e8310291

SHA1
9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

SHA256
b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

SHA512
cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

Download Submit
C:\Program Files\Badlion Client\ffmpeg.dll

Filesize
2.6MB

MD5
2fc7f6b0abd1af4988e30e58e8310291

SHA1
9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

SHA256
b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

SHA512
cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

Download Submit
C:\Program Files\Badlion Client\icudtl.dat

Filesize
9.7MB

MD5
224ba45e00bbbb237b34f0facbb550bf

SHA1
1b0f81da88149d9c610a8edf55f8f12a87ca67de

SHA256
8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc

SHA512
c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

Download Submit
C:\Program Files\Badlion Client\libGLESv2.dll

Filesize
7.5MB

MD5
640a515fcd8e5d5a332c1d40c47700b0

SHA1
0128c9d499deb7866f3d7aae0adab69d9a8f768f

SHA256
927c858deb4700d3759fab436d5ba554ff4cf7be505d536ea1c673707d5ca8a1

SHA512
792acebb5ba329e61bc319b415ba01248dcf18c7e46695222682dbf59d179403ced15c19ae03a282dec7e622121c05844d8eae5a04a2aa1f552ebced51644e27

Download Submit
C:\Program Files\Badlion Client\libegl.dll

Filesize
431KB

MD5
1ed91477a02e0e2a64e5e9f26bcea438

SHA1
8058c2bd3342d8d882768188b1e5c45567a8dde9

SHA256
a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03

SHA512
c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5

Download Submit
C:\Program Files\Badlion Client\libglesv2.dll

Filesize
7.5MB

MD5
640a515fcd8e5d5a332c1d40c47700b0

SHA1
0128c9d499deb7866f3d7aae0adab69d9a8f768f

SHA256
927c858deb4700d3759fab436d5ba554ff4cf7be505d536ea1c673707d5ca8a1

SHA512
792acebb5ba329e61bc319b415ba01248dcf18c7e46695222682dbf59d179403ced15c19ae03a282dec7e622121c05844d8eae5a04a2aa1f552ebced51644e27

Download Submit
C:\Program Files\Badlion Client\licenses\lz4-java.license.txt

Filesize
11KB

MD5
0ba5044c64ef53cb0189c9546081e228

SHA1
c8bc7df08db9dd3b39c2c2259a163a36cf2f6808

SHA256
49bbe9114e49214df2ccc324cb3ac8d1d1aa1c3a0947f94c286765e86647b32e

SHA512
a7ce8c7f21c031e4e6d037f4eabe8b200b8f1470731c05ea86028171f2964310dadc5def814d2d65164fbd23d720ecfd4d479ff5e269e519c787b4db96c7724f

Download Submit
C:\Program Files\Badlion Client\licenses\notoseriftc.font.license.txt

Filesize
4KB

MD5
bec6f772ed2e38634da53c388c30437d

SHA1
43513d1f6a1329962106efc212457e1d6ef9e980

SHA256
7f18ec1ebb6b50e3ed0f74b2c61f25b8d7cd69e43f4de66e991bcfd3c419a8bb

SHA512
de6c45f891db9add2d253939f35739f3c246ab93f6bde97232ecf32fadcf0afcadea4aa632e44df4ddc0e3b80e1db669f4769e9d59a04a4e38888b530fb050f6

Download Submit
C:\Program Files\Badlion Client\locales\en-US.pak

Filesize
95KB

MD5
214e2b52108bbde227209a00664d30a5

SHA1
e2ac97090a3935c8aa7aa466e87b67216284b150

SHA256
1673652b703771ef352123869e86130c9cb7c027987753313b4c555a52992bab

SHA512
9029402daea1cbe0790f9d53adc6940c1e483930cf24b3a130a42d6f2682f7c2d6833f2cd52f2417009c3655fed6a648b42659729af3c745eaa6c5e8e2b5bb9e

Download Submit
C:\Program Files\Badlion Client\native-modules\badlion_electron.dll

Filesize
10.6MB

MD5
4e9813cb11319e870dc465ba15e248a3

SHA1
b70b878f35efd0076420dc42d162d775dae2be0a

SHA256
16a75298ca5a8b633e04d9487c1a2d335c085a4fe90169975e5a809d2ca3ac1b

SHA512
b983b7934cc0c69d5aea4e6d8547bb39a3beccfe60e6619d831042d85369dadde40154fcc346e500ffc652dcc6fcc83179a6765614bd88daffbe9c1c3ae27309

Download Submit
C:\Program Files\Badlion Client\native-modules\badlion_js.dll

Filesize
9.5MB

MD5
07bd62c67d11ea14e76bab137b84f79d

SHA1
bcfab85e29718e0d5855d2aca332f526e221c0a0

SHA256
92ed8c47f671a5ee8ffa7dc93438e22d7c4ae4435ac06e17f4e28ed90c08e422

SHA512
0e50d6f8455a4e343d48770bd114a9be0c3b75f22ef67db75fbdf5741ddf4f4ca1aceaba49c0380348bdbe8b485069316937c07cb8d776c3c8c0b24016d61fc9

Download Submit
C:\Program Files\Badlion Client\native-modules\freetype-jni.dll

Filesize
723KB

MD5
2aab96b1860c5c0cf6bbae007b211d6e

SHA1
e1265dd52a13f4077f6b3afe001c0c5551fc2041

SHA256
f10db1151996868c57399501c6e66995d939840b33c9e88ee8b56ce2f302b2b6

SHA512
4d2f41203656abb0c8fd5f573db123cdbbda6920b8ef53274c7dcd1fb50ff0e02323bac4195103ce25c3cb4eea8d9f42199208e09989a90a46808ce7055db3eb

Download Submit
C:\Program Files\Badlion Client\native-modules\launcher.node

Filesize
18.2MB

MD5
a4a135967afe644737900a34b7400bd4

SHA1
bfffeb9a4711da41f6641484f72d009edf94f000

SHA256
b0b718c8059091d33b66121b032b4d3d12d6b89816e0bccc53214ec4052fb9b5

SHA512
9f55d66bc7743538c417a88441ddfed2dbf64137e247f99d5dc0680e8b1c85e6aed9c6175eaa3fdbb00b161e18e1c612bb00de890784376875be0a5cc5a95a95

Download Submit
C:\Program Files\Badlion Client\native-modules\launcher.node

Filesize
18.2MB

MD5
a4a135967afe644737900a34b7400bd4

SHA1
bfffeb9a4711da41f6641484f72d009edf94f000

SHA256
b0b718c8059091d33b66121b032b4d3d12d6b89816e0bccc53214ec4052fb9b5

SHA512
9f55d66bc7743538c417a88441ddfed2dbf64137e247f99d5dc0680e8b1c85e6aed9c6175eaa3fdbb00b161e18e1c612bb00de890784376875be0a5cc5a95a95

Download Submit
C:\Program Files\Badlion Client\native-modules\launcher.node

Filesize
18.2MB

MD5
a4a135967afe644737900a34b7400bd4

SHA1
bfffeb9a4711da41f6641484f72d009edf94f000

SHA256
b0b718c8059091d33b66121b032b4d3d12d6b89816e0bccc53214ec4052fb9b5

SHA512
9f55d66bc7743538c417a88441ddfed2dbf64137e247f99d5dc0680e8b1c85e6aed9c6175eaa3fdbb00b161e18e1c612bb00de890784376875be0a5cc5a95a95

Download Submit
C:\Program Files\Badlion Client\native-modules\launcher.node

Filesize
18.2MB

MD5
a4a135967afe644737900a34b7400bd4

SHA1
bfffeb9a4711da41f6641484f72d009edf94f000

SHA256
b0b718c8059091d33b66121b032b4d3d12d6b89816e0bccc53214ec4052fb9b5

SHA512
9f55d66bc7743538c417a88441ddfed2dbf64137e247f99d5dc0680e8b1c85e6aed9c6175eaa3fdbb00b161e18e1c612bb00de890784376875be0a5cc5a95a95

Download Submit
C:\Program Files\Badlion Client\native-modules\launcher.node

Filesize
18.2MB

MD5
a4a135967afe644737900a34b7400bd4

SHA1
bfffeb9a4711da41f6641484f72d009edf94f000

SHA256
b0b718c8059091d33b66121b032b4d3d12d6b89816e0bccc53214ec4052fb9b5

SHA512
9f55d66bc7743538c417a88441ddfed2dbf64137e247f99d5dc0680e8b1c85e6aed9c6175eaa3fdbb00b161e18e1c612bb00de890784376875be0a5cc5a95a95

Download Submit
C:\Program Files\Badlion Client\native-modules\launcher.node

Filesize
18.2MB

MD5
a4a135967afe644737900a34b7400bd4

SHA1
bfffeb9a4711da41f6641484f72d009edf94f000

SHA256
b0b718c8059091d33b66121b032b4d3d12d6b89816e0bccc53214ec4052fb9b5

SHA512
9f55d66bc7743538c417a88441ddfed2dbf64137e247f99d5dc0680e8b1c85e6aed9c6175eaa3fdbb00b161e18e1c612bb00de890784376875be0a5cc5a95a95

Download Submit
C:\Program Files\Badlion Client\native-modules\launcher.node

Filesize
18.2MB

MD5
a4a135967afe644737900a34b7400bd4

SHA1
bfffeb9a4711da41f6641484f72d009edf94f000

SHA256
b0b718c8059091d33b66121b032b4d3d12d6b89816e0bccc53214ec4052fb9b5

SHA512
9f55d66bc7743538c417a88441ddfed2dbf64137e247f99d5dc0680e8b1c85e6aed9c6175eaa3fdbb00b161e18e1c612bb00de890784376875be0a5cc5a95a95

Download Submit
C:\Program Files\Badlion Client\resources.pak

Filesize
5.6MB

MD5
f616d69f6e582582930d06c5c18f0f70

SHA1
fde8e2653f2a5317492105bcabeb3565faaf74de

SHA256
bba807d7822c4317fd097da4a442b4206cb940d077cc127c42c1e29cf72fa855

SHA512
492e678860f240a62094f696a5e50f408f881c903fce655e18ac6450e3b88befde56778c7ffd20f22561fef07671f6c2f7463ffdd8a17fa2c82e072aee736016

Download Submit
C:\Program Files\Badlion Client\resources\app.asar

Filesize
34.9MB

MD5
3622a2810dbd1fc932562cf19f1a82a8

SHA1
545f013e7694facb6e8789840ca4a3e1df7a557a

SHA256
35db4614e8c5840e6866aaa8fd1d1bbb1c9c708776d5b1513089f31d87caa97e

SHA512
b65b0f50d2561a17d157d02b77724f41e938261cdc66fdff147a8691ab61c1e1892bbdeaa7763b2f1b6a98756f57845b2badea144cd2b598c3ca7394e5013a5c

Download Submit
C:\Program Files\Badlion Client\resources\roots.pem

Filesize
279KB

MD5
bec29e7471bdfd13632a88a0e1177a4e

SHA1
f06003491572f8c18b6c18f1857562562eb48032

SHA256
00598bc1f737f7cc56eb82e58137a3e65c6f5a840011db174b5b65076311270e

SHA512
629862482f92323a07ea5f514b36271b4d4b3b8a46f1f2d3b654c8b1113eea1cb05dd1689599c076425e4ee88c461b245d2d06eea9711b95ecb7758340bf692f

Download Submit
C:\Program Files\Badlion Client\v8_context_snapshot.bin

Filesize
160KB

MD5
89f5b9dc2c1eccfce7c3681b8066125f

SHA1
273175d93ae554da7f63a6475426a6515d0c8cd1

SHA256
7f148fb442066d6904f774ec588e667d82f237523cf62c10fbb4240d30d2de91

SHA512
469a87f53b5815c5d091cc87e3845e56fe45115efba4c48efc28064283e966f9e106103038f1c13650da43e64fa6b89fd0535338ae5b4f102e75160998fd1d61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_83FD583D6198B7A2A57B44D0AE1797F8

Filesize
727B

MD5
7346e55d83908d2cf7596dfc47acc262

SHA1
b5a918df4a1340bdaa8daa97cce8b39ecab1a109

SHA256
45bdea35b8fc691a9081fca08444c6a94c2b58b27dce1aa54fa5a400bafdc28a

SHA512
3cca5b37fd6303a9e29e70c5864e47b3d22981aff0c8145ca4aa0bf10bc513b954bceaef901106543825d85f024d897a2ba69579941328c606c80f7ad6b885ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
53106df82b7fa0b8091eb0721e485005

SHA1
c8927a1cb2ece38dc3fc81b18dd14eb00d5213c9

SHA256
bd531694754772f36d284f3d2da562b6533d821f16bb0ce0c6250a60b73d71f2

SHA512
c09f4d882d90da0aef75c0ff7a35e3076ea96b87f4cf14ad7275d931ce332b9befd3047d63ecac901aabecd0bbc68bc3b644899fd47a46467b7016d0d9085771

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_83FD583D6198B7A2A57B44D0AE1797F8

Filesize
434B

MD5
d84140c7aa7a6500b81f90d7571047bc

SHA1
615cae36b32b20dad83e05b06b1c7ee110e09ca8

SHA256
63ca6102dfe188543f93d31845be10114d3162cbfe9b01715ce576cf0468ff41

SHA512
67f60d751e0043d1c5055a47f79c7f23db55fed5d2aa6bf8120fcb7f9c1393da402f9309728644e5b2e0283dea86309f75f4fa31f7746ee4fcc912f71073b4fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
442B

MD5
47011a4e83a8482afff0a202bdfb1751

SHA1
cfc0f5f559c48b77c2b717fcff1d6df74c3223be

SHA256
5f032713a57c2b2ef3f04a194767b6b7e35fbdb02a78b0c0eb2245ea05bf8b5a

SHA512
7353ce09ab2f46df40e4c42a6ed25a78ddcdd809e9516bcb42f13b3671d9cd74b01a8d1d379165680b67d6215a2666583b61f813e1c388cbf047f00541ca7ee0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsa8979.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json

Filesize
953B

MD5
7fce7182f3bdd6f80883d3e1333a6d06

SHA1
e3064406a8c4f540e048c37a8581cde1eb4df9b3

SHA256
3d62ca1541f343020a0b78fa0ecd38825708f189c6e257d7bc0135689e786745

SHA512
9e8e1daaec157ec5c2b382a82747bc77e17c545647fddf7a985a4eba6c890c8ec9a2fbc78033304e30721f5bceadd7a0d2f6da585a1b0f22e0fd03308b45b16b

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json.tmp-1585259985eaaa28

Filesize
954B

MD5
f05eacb87ca4aa1aea4b307e15e477c3

SHA1
9345b0157b2d777f560fffc314983e84811cf622

SHA256
6dcb9969ea06b96758019abb16219e1c3eeb6bfa689bf488494581143b540bf5

SHA512
69a15ec3e24f9b1dbfb0db4bf08925a0c5ef41b91a3fa53502778a1e9dfee9949f09cbb23b8da0ce25a51aef72176b88e1c45a4845a29c4dc8c7c757b6e4868d

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json.tmp-1585283334a97957

Filesize
953B

MD5
7fce7182f3bdd6f80883d3e1333a6d06

SHA1
e3064406a8c4f540e048c37a8581cde1eb4df9b3

SHA256
3d62ca1541f343020a0b78fa0ecd38825708f189c6e257d7bc0135689e786745

SHA512
9e8e1daaec157ec5c2b382a82747bc77e17c545647fddf7a985a4eba6c890c8ec9a2fbc78033304e30721f5bceadd7a0d2f6da585a1b0f22e0fd03308b45b16b

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json.tmp-1585289420b10295

Filesize
954B

MD5
f07284f4d9ba723c4724f0bb403cf298

SHA1
9dac48fbc8435cf7f4af3f9546ccdce714b7c4ba

SHA256
b2a0b191afd087b33186e26233788fbc6ef795e3c83ba0d42ac397eca8fddfa6

SHA512
0f48f4a91f180d1aa082080e9e3e0816f137cd983ea881b68e227e8eeb20b544bd8be133690c0c632f6ea454469d4c6ee9ba045118e2925efa95d2a19a16e550

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json.tmp-1585290207e9b58d

Filesize
954B

MD5
2242955f6d6dd3c88c20cea0cbed9e6f

SHA1
c480b4b24b158352b613e6814939266da870e476

SHA256
f49af69cd1da6aa1e62436136a653dcbe4eb67cbdc9c857ea713638ad8afade9

SHA512
193bd5cacdf89e5c55323502e17fbac023e79f8f47f9f0dd562d629bf894e4fb8186cec32b704977a8bd5108096903a5426d97e26013f77ab201a6c24230b643

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
5KB

MD5
10eb94916c514ac0fa4f466560ffcbd3

SHA1
61dd5d4853324f054d2dffe2f6a04e85ee32214f

SHA256
1c7d5988c3f0d50bf0ea9b28d3d8aa2b5dbfd785c378edaa71984fee3d336402

SHA512
83343ca78d68d40e2f49069cccb8370203b857778f433f0788cecd5851cff07c48e14b153fa80623faa5eeacbfbd163643152164d4f03340c529c160b66e248e

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
540B

MD5
0173059e34ed7825510715fbdfcf37d3

SHA1
1a96d5e31bdc73ae49ca086860d77275ab5fc773

SHA256
a4f0addd946c5412bcc9f49fee4a2d823fdd90c154e27aa2a920ca87cc64621a

SHA512
5717bb53ef20f8c3fde1ea29f41a441768861fcc41dcf00dc784d339c03fecfa408d86edb0f56edc4c020bcbfc0aa6dbd4ae7c392fcb96325c63e609965c34b9

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
810B

MD5
e32bf55f2801ffaf0f87ec10c30293dc

SHA1
ed5d809f96b93e9d0fc933b9ded93879dfba7acc

SHA256
633085de7623056a87270626f83ec9c3a5057fe18b12faa0ec2a77d1d5fb2233

SHA512
c43581e86b617a658f20f9f7eb1009aa0359c42eb2dac2405e94a691ebb4eb7d089d12910b260c82f85b39dd2a264ece7d1b8e4920ead61d8866c5ccaf7fbbac

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
2KB

MD5
713280a90f0ee7ce906db3e2e43251a1

SHA1
cd5de5e76155a0798fb4077cfd605674e9c31f62

SHA256
4a3467eb714f1cb7712085a815cb4916775f745f18dd812b930c68978d0c2116

SHA512
9f8a9328339eed6dfcfe7062fb2b240ed8bad120291b975e2d8cae43d4fdcd8b0d11f8a5434b87c909163d35e31bcb64b9036ff5607f3a67ab3bae91d075ed69

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
1KB

MD5
39d1e901d38947c20709f44cdbb49955

SHA1
ee36bc2f3e347b1ddc49d97bc7cf41cac91a7e78

SHA256
09205cd58a5687f7e5e3f2c4dc547bd7f3a4668b981fa0102d920f2a05c5339c

SHA512
1d35c2c442b4a00e5f383c429faa35e7ade440134c0dc8d51dfaa9da440bb268f8179723bc6e92a4dc2613952f18ea85ba1f84f42c5f624f03b128e016ceb3bf

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
2KB

MD5
713280a90f0ee7ce906db3e2e43251a1

SHA1
cd5de5e76155a0798fb4077cfd605674e9c31f62

SHA256
4a3467eb714f1cb7712085a815cb4916775f745f18dd812b930c68978d0c2116

SHA512
9f8a9328339eed6dfcfe7062fb2b240ed8bad120291b975e2d8cae43d4fdcd8b0d11f8a5434b87c909163d35e31bcb64b9036ff5607f3a67ab3bae91d075ed69

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
2KB

MD5
713280a90f0ee7ce906db3e2e43251a1

SHA1
cd5de5e76155a0798fb4077cfd605674e9c31f62

SHA256
4a3467eb714f1cb7712085a815cb4916775f745f18dd812b930c68978d0c2116

SHA512
9f8a9328339eed6dfcfe7062fb2b240ed8bad120291b975e2d8cae43d4fdcd8b0d11f8a5434b87c909163d35e31bcb64b9036ff5607f3a67ab3bae91d075ed69

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
2KB

MD5
713280a90f0ee7ce906db3e2e43251a1

SHA1
cd5de5e76155a0798fb4077cfd605674e9c31f62

SHA256
4a3467eb714f1cb7712085a815cb4916775f745f18dd812b930c68978d0c2116

SHA512
9f8a9328339eed6dfcfe7062fb2b240ed8bad120291b975e2d8cae43d4fdcd8b0d11f8a5434b87c909163d35e31bcb64b9036ff5607f3a67ab3bae91d075ed69

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
2KB

MD5
713280a90f0ee7ce906db3e2e43251a1

SHA1
cd5de5e76155a0798fb4077cfd605674e9c31f62

SHA256
4a3467eb714f1cb7712085a815cb4916775f745f18dd812b930c68978d0c2116

SHA512
9f8a9328339eed6dfcfe7062fb2b240ed8bad120291b975e2d8cae43d4fdcd8b0d11f8a5434b87c909163d35e31bcb64b9036ff5607f3a67ab3bae91d075ed69

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\versions.dat

Filesize
65KB

MD5
d0018d85cc2e9895ed0e6b24e3639838

SHA1
3d2908f7c16ccaf3e490efc83ce6d68492f924b1

SHA256
1d038be88c9ed1719828dfdb1d270551bb2c4aea825f75af867260bf49b3e819

SHA512
96b2dec45b50148491ff4dcfb34f530b35cc720ab49db6e98135fabb614015998867d903ceda1dbd7e579380f6c5232f3f30b1dc502f2b9b77a80038c69a6340

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\System32\Drivers\etc\hosts

Filesize
1KB

MD5
008fba141529811128b8cd5f52300f6e

SHA1
1a350b35d82cb4bd7a924b6840c36a678105f793

SHA256
ab0e454a786ef19a3ae1337f10f47354ffa9521ea5026e9e11174eca22d86e84

SHA512
80189560b6cf180a9c1ecafc90018b48541687f52f5d49b54ca25e040b3264da053e3d4dbb0cd38caaf496e23e516de18f500b333e3cda1fd1b25c6e9632defc

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
1KB

MD5
008fba141529811128b8cd5f52300f6e

SHA1
1a350b35d82cb4bd7a924b6840c36a678105f793

SHA256
ab0e454a786ef19a3ae1337f10f47354ffa9521ea5026e9e11174eca22d86e84

SHA512
80189560b6cf180a9c1ecafc90018b48541687f52f5d49b54ca25e040b3264da053e3d4dbb0cd38caaf496e23e516de18f500b333e3cda1fd1b25c6e9632defc

Download Submit
memory/1444-1334-0x00000296F0460000-0x00000296F11FA000-memory.dmp

Filesize
13.6MB

Download
memory/1444-3767-0x00000296F0460000-0x00000296F11FA000-memory.dmp

Filesize
13.6MB

Download
memory/1444-604-0x00007FFABD740000-0x00007FFABD741000-memory.dmp

Filesize
4KB

Download
memory/2948-526-0x0000017FDD200000-0x0000017FDFAC4000-memory.dmp

Filesize
40.8MB

Download
memory/2948-625-0x0000017FDD200000-0x0000017FDFAC4000-memory.dmp

Filesize
40.8MB

Download
memory/2948-523-0x0000017FDD200000-0x0000017FDFAC4000-memory.dmp

Filesize
40.8MB

Download
memory/2948-522-0x00007FFABF1D0000-0x00007FFABF1D2000-memory.dmp

Filesize
8KB

Download
memory/2948-3760-0x0000017FDD200000-0x0000017FDFAC4000-memory.dmp

Filesize
40.8MB

Download
memory/2948-2112-0x0000017FDD200000-0x0000017FDFAC4000-memory.dmp

Filesize
40.8MB

Download
memory/2948-540-0x0000017FDD200000-0x0000017FDFAC4000-memory.dmp

Filesize
40.8MB

Download
memory/2948-1025-0x0000017FDD200000-0x0000017FDFAC4000-memory.dmp

Filesize
40.8MB

Download
memory/2948-508-0x0000017FDD200000-0x0000017FDFAC4000-memory.dmp

Filesize
40.8MB

Download
memory/4368-660-0x0000028080000000-0x00000280828C4000-memory.dmp

Filesize
40.8MB

Download
memory/4368-528-0x0000028080000000-0x00000280828C4000-memory.dmp

Filesize
40.8MB

Download
memory/4368-664-0x0000028080000000-0x00000280828C4000-memory.dmp

Filesize
40.8MB

Download
memory/4368-527-0x00007FFABF1D0000-0x00007FFABF1D2000-memory.dmp

Filesize
8KB

Download
memory/4368-543-0x0000028080000000-0x00000280828C4000-memory.dmp

Filesize
40.8MB

Download
memory/4720-1024-0x00007FFABF1D0000-0x00007FFABF1D2000-memory.dmp

Filesize
8KB

Download
memory/4720-2982-0x000001B8DD1C0000-0x000001B8DFA84000-memory.dmp

Filesize
40.8MB

Download
memory/4720-566-0x000001B8DD1C0000-0x000001B8DFA84000-memory.dmp

Filesize
40.8MB

Download
memory/4720-3766-0x000001B8DD1C0000-0x000001B8DFA84000-memory.dmp

Filesize
40.8MB

Download
memory/4720-1026-0x000001B8DD1C0000-0x000001B8DFA84000-memory.dmp

Filesize
40.8MB

Download
memory/4720-3768-0x000001B8DD1C0000-0x000001B8DFA84000-memory.dmp

Filesize
40.8MB

Download