20d91430397028cb83296e7a41598414c9a4ef272afba435196d231a8cbd0b67

Analysis

max time kernel
148s
max time network
175s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18-01-2024 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Badlion Client.exe
Size

134.1MB
MD5

bf90ab00ffa52c6e5a9acd7f38bd1313
SHA1

c073d0047b5bc37d16add60da739b28bdcffd7da
SHA256

de989473039d37c45d0fb39d3bfaf15a08833c91bc53918bafafc0b7aef459d6
SHA512

d42d1cd5618b9b06a96d127d48867a9056994cb571acd63f16f1e9904aa9bdabbd53e5c915351d4c65518491918e2b09f428280d796ab9aff850f31fd9bc429c
SSDEEP

1572864:myhU9i4Qmh8AxfjKhRh+10tb8lc6i/R60:xEjV0D/w0

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\Drivers\etc\hosts	Badlion Client.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Control Panel\International\Geo\Nation	Badlion Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Control Panel\International\Geo\Nation	Badlion Client.exe
Key value queried	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Control Panel\International\Geo\Nation	Badlion Client.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\discord-418076578333851669	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\discord-418076578333851669\ = "URL:Run game 418076578333851669 protocol"	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\discord-418076578333851669\shell\open\command	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\discord-418076578333851669\shell\open	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\discord-418076578333851669\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe"	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\discord-418076578333851669\URL Protocol	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\discord-418076578333851669\DefaultIcon	Badlion Client.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\discord-418076578333851669\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Badlion Client.exe"	Badlion Client.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\discord-418076578333851669\shell	Badlion Client.exe

Modifies system certificate store 2 TTPs 11 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Badlion Client.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Badlion Client.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	Badlion Client.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Badlion Client.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec5290f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae474040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Badlion Client.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
2772	Badlion Client.exe
2772	Badlion Client.exe
2772	Badlion Client.exe
2772	Badlion Client.exe
564	Badlion Client.exe
1660	Badlion Client.exe
2024	Badlion Client.exe
988	Badlion Client.exe
1052	Badlion Client.exe
1660	Badlion Client.exe
1660	Badlion Client.exe
2024	Badlion Client.exe
2024	Badlion Client.exe
2772	Badlion Client.exe
2772	Badlion Client.exe
2772	Badlion Client.exe
2772	Badlion Client.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2772	Badlion Client.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2772	Badlion Client.exe
2772	Badlion Client.exe
2772	Badlion Client.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2772	Badlion Client.exe
2772	Badlion Client.exe
2772	Badlion Client.exe

Suspicious use of WriteProcessMemory 56 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 564	2772	Badlion Client.exe	28
PID 2772 wrote to memory of 564	2772	Badlion Client.exe	28
PID 2772 wrote to memory of 564	2772	Badlion Client.exe	28
PID 2772 wrote to memory of 988	2772	Badlion Client.exe	29
PID 2772 wrote to memory of 988	2772	Badlion Client.exe	29
PID 2772 wrote to memory of 988	2772	Badlion Client.exe	29
PID 2772 wrote to memory of 1660	2772	Badlion Client.exe	30
PID 2772 wrote to memory of 1660	2772	Badlion Client.exe	30
PID 2772 wrote to memory of 1660	2772	Badlion Client.exe	30
PID 2772 wrote to memory of 2024	2772	Badlion Client.exe	31
PID 2772 wrote to memory of 2024	2772	Badlion Client.exe	31
PID 2772 wrote to memory of 2024	2772	Badlion Client.exe	31
PID 2772 wrote to memory of 1052	2772	Badlion Client.exe	32
PID 2772 wrote to memory of 1052	2772	Badlion Client.exe	32
PID 2772 wrote to memory of 1052	2772	Badlion Client.exe	32
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33
PID 2772 wrote to memory of 2008	2772	Badlion Client.exe	33

C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
"C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe"
1⤵
- Drops file in Drivers directory
- Checks computer location settings
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
  "C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=gpu-process --field-trial-handle=1752,13874443238187791502,13859393418268414223,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:564
- C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
  "C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1752,13874443238187791502,13859393418268414223,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=2128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:988
- C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
  "C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=1752,13874443238187791502,13859393418268414223,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1660
- C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
  "C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --field-trial-handle=1752,13874443238187791502,13859393418268414223,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2024
- C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
  "C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=gpu-process --field-trial-handle=1752,13874443238187791502,13859393418268414223,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1052
- C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe
  "C:\Users\Admin\AppData\Local\Temp\Badlion Client.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1752,13874443238187791502,13859393418268414223,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\Badlion Client" --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d29b41ef816a87f3fa50219b0b87d582

SHA1
1aa11961474c7598269bc84edf9f94b11112ec05

SHA256
ec9e9b4ca8ff55deccc5e917f8311ef38e332cd3c95e8bc67a74ccb0b1f0ecc2

SHA512
50e147d828425aca512aa4615710bf9c34dfec2432cbfd46cf7046f90ad76ba2cf7d71c784a79802e57fa32e91b758621ab6d0eee80b06644193fc5a51942cbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e614516ff9cade90968ca3511fb16901

SHA1
52baf66f643c5f16782ce48abcd02224ea2cd8c4

SHA256
50ffca405d508b434ca1bc1b054c97d6736f26f4869aaed250060eb3bb871a4b

SHA512
53fc6feb530249257dc1cf3aff77c92eec753075903608e8e042b5da81ad24b5f829ef7cf2d4c921fe7e17592ff30f855896cbb166c83b59b0b091d6704746e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5d99586dbf3f9770f154d855a56e1e7

SHA1
6be17436567e732b9f56afafe5d73229d6a433ad

SHA256
f949c96dc5aa706ea9f6e104e64352ebc3f5516fbe22ac67b0ca43ed118615a0

SHA512
2ddf0fc0b8952091fc202e519bc6e7d8c6c235a61002bf56c20435e5f0ed4a81b39331e08dec64023cdb5941ce77c9413a6e26f49490e6ddef65ecafa9e988d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffa10d0495eecdd07fe1ee87c7fc0031

SHA1
52180ab478fcb3941f0e3355f2c45e01d2bf7130

SHA256
22b0babf020c271b12febb716bc208383a25ec5ebe5d4fcc3ac81372ed6608a8

SHA512
f1aa9cdcc42ded9cdd6b55ec51e72ee6f9d96d83ebd86709e23d57b741fbaeeb0e219866b3666a3833bd5cacaeeef30ef3b15d3ec129599e44aeca8e77b22bec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6575314943a9303e0721f573ac5853c6

SHA1
889d80508e463f825b954ce453733e9e61690e65

SHA256
012370246b0d2b3c0c6d96d6fd2736837ba331b091ba6f95ffdd14ebed20c3da

SHA512
89d550b21d63a542d24b9ee3eda711fbee198361b5024da35894a5683dc82f6685a467b3ae1b4f95c5cce58d8cc367787c41c118c0c125d03daa89adf07b46fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65f4e2e530534149552e1b0b7ff5a3de

SHA1
d904df4f6eb695461792584bff4b506af276ffeb

SHA256
742ae2eb9d1888ceac2d15acddc1e0a693e3d90cd3da477a7e1d42f49eb5c4e6

SHA512
d17538c4618acff3e0704aa8be63ec06a58b0588dce0c7ac3e4cd9d4c269bff2d730e39dee49dbe33c133baccb0c7ad0280075acd11fee0ea53f64f60b2dffa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9C80.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA930.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\43ee09ce-18e1-420f-9f84-5bbdf076fde3.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\conf\security\policy\unlimited\default_US_export.policy

Filesize
146B

MD5
1a08ffdf0bc871296c8d698fb22f542a

SHA1
f3f974d3f6245c50804dcc47173aa29d4d7f0e2c

SHA256
758b930a526fc670ab7537f8c26321527050a31f5f42149a2dda623c56a0a1a9

SHA512
4cfca5b10cd7addcff887c8f3621d2fbec1b5632436326377b0ce5af1ae3e8b68ac5a743ca6082fc79991b8eec703a6e1dfd5b896153407ad72327753222fdb3

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\jdk.crypto.cryptoki\LICENSE

Filesize
32B

MD5
663f71c746cc2002aa53b066b06c88ab

SHA1
12976a6c2b227cbac58969c1455444596c894656

SHA256
d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80

SHA512
507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\jdk.crypto.mscapi\ADDITIONAL_LICENSE_INFO

Filesize
48B

MD5
512f151af02b6bd258428b784b457531

SHA1
84d2102ad171863db04e7ee22a259d1f6c5de4a5

SHA256
d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83

SHA512
1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jdk-17.0.8\legal\jdk.internal.ed\ASSEMBLY_EXCEPTION

Filesize
43B

MD5
bd468da51b15a9f09778545b00265f34

SHA1
c80e4bab46e34d02826eab226a4441d0970f2aba

SHA256
7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b

SHA512
2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\bin\msvcr100.dll

Filesize
809KB

MD5
df3ca8d16bded6a54977b30e66864d33

SHA1
b7b9349b33230c5b80886f5c1f0a42848661c883

SHA256
1d1a1ae540ba132f998d60d3622f0297b6e86ae399332c3b47462d7c0f560a36

SHA512
951b2f67c2f2ef1cfcd4b43bd3ee0e486cdba7d04b4ea7259df0e4b3112e360aefb8dcd058becccacd99aca7f56d4f9bd211075bd16b28c2661d562e50b423f0

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\lib\deploy\messages_zh_HK.properties

Filesize
3KB

MD5
4287d97616f708e0a258be0141504beb

SHA1
5d2110cabbbc0f83a89aec60a6b37f5f5ad3163e

SHA256
479dc754bd7bff2c9c35d2e308b138eef2a1a94cf4f0fc6ccd529df02c877dc7

SHA512
f273f8d501c5d29422257733624b5193234635bd24b444874e38d8d823d728d935b176579d5d1203451c0ce377c57ed7eb3a9ce9adcb3bb591024c3b7ee78dcd

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_202\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\LICENSE

Filesize
41B

MD5
67cb88f6234b6a1f2320a23b197fa3f6

SHA1
877aceba17b28cfff3f5df664e03b319f23767a1

SHA256
263e21f4b43c118a8b4c07f1a8acb11cafc232886834433e34187f5663242360

SHA512
4d43e5edecab92cebd853204c941327dccbfd071a71f066c12f7fb2f1b2def59c37a15ce05c4fe06ec2ea296b8630c4e938254a8a92e149e4a0a82c4307d648f

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\README.txt

Filesize
47B

MD5
4bda1f1b04053dcfe66e87a77b307bb1

SHA1
b8b35584be24be3a8e1160f97b97b2226b38fa7d

SHA256
fd475b1619675b9fb3f5cd11d448b97eddee8d1f6ddcca13ded8bc6e0caa9cf3

SHA512
997cee676018076e9e4e94d61ec94d5b69b148b3152a0148e70d0be959533a13ad0bc1e8b43268f91db08b881bf5050a6d5c157d456597260a2b332a48068980

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\THIRDPARTYLICENSEREADME.txt

Filesize
177KB

MD5
ea05cfe64caab3ac7c6ce79163faf3f1

SHA1
e7798b9f64d07b359e9efd3723c64c0842c3bd69

SHA256
8091d955ed8fcc8c87e83c9d582692662aeb79a5a87b431e92ddb187cb32f835

SHA512
836d99f3109d2a3538c8f94c7c66fc9e8584cb1e15d5a187325663109b6ee8624e0f7b257e54ec6b28d529518a59f5772f3a2b39dd99273862829565a36f5325

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\bin\server\Xusage.txt

Filesize
1KB

MD5
f4188deb5103b6d7015b2106938bfa23

SHA1
8e3781a080cd72fde8702eb6e02a05a23b4160f8

SHA256
bd54e6150ad98b444d5d24cea9ddafe347ed11a1aae749f8e4d59c963e67e763

SHA512
0be9a00a48cf8c7d210126591e61531899502e694a3c3ba7c3235295e80b1733b6f399cae58fb4f7bff2c934da7782d256bdf46793f814a5f25b7a811d0cb2e3

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\accessibility.properties

Filesize
155B

MD5
9e5e954bc0e625a69a0a430e80dcf724

SHA1
c29c1f37a2148b50a343db1a4aa9eb0512f80749

SHA256
a46372b05ce9f40f5d5a775c90d7aa60687cd91aaa7374c499f0221229bf344e

SHA512
18a8277a872fb9e070a1980eee3ddd096ed0bba755db9b57409983c1d5a860e9cbd3b67e66ff47852fe12324b84d4984e2f13859f65fabe2ff175725898f1b67

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\amd64\jvm.cfg

Filesize
672B

MD5
3bc0c7371c924bf144af8516ba8ba720

SHA1
dcd2c34791a1e7c7d0866d00c014f566d983d860

SHA256
875457098a0a5d8639cdf770239a87af904485c978283c2b201ba54ba60da7d1

SHA512
eeadbed0c4c19084e0bde4456c009e8d1666175a4068f2be4416c81e725ecd99a1e7f1961a0f46e56ab1840ec7f0668f4bae044ad740b3ade376c0c6b05b54f9

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\calendars.properties

Filesize
1KB

MD5
92ba2d87915e6f7f58d43344df07e1a6

SHA1
872bc54e53377aac7c7616196bcce1db6a3f0477

SHA256
68f0cf30429a42a6fe78b1de91970e5c78fd03d1599beb080c1c196d5c59e4c0

SHA512
a964e2ceb4d601faf28ecf13fb11777b70708c21cf9ea23721e462b6e911051108b8a42ebf6447fa49cb61d7fa2d79475f50ee791f1121616371e2b02fab71b6

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\CIEXYZ.pf

Filesize
50KB

MD5
10f23396e21454e6bdfb0db2d124db85

SHA1
b7779924c70554647b87c2a86159ca7781e929f8

SHA256
207d748a76c10e5fa10ec7d0494e31ab72f2bacab591371f2e9653961321fe9c

SHA512
f5c5f9fc3c4a940d684297493902fd46f6aa5248d2b74914ca5a688f0bad682831f6060e2264326d2ecb1f3544831eb1fa029499d1500ea4bfe3b97567fe8444

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\GRAY.pf

Filesize
632B

MD5
1002f18fc4916f83e0fc7e33dcc1fa09

SHA1
27f93961d66b8230d0cdb8b166bc8b4153d5bc2d

SHA256
081caac386d968add4c2d722776e259380dcf78a306e14cc790b040ab876d424

SHA512
334d932d395b46dfc619576b391f2adc2617e345aff032b592c25e333e853735da8b286ef7542eb19059cde8215cdcea147a3419ed56bdd6006ca9918d0618e1

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\LINEAR_RGB.pf

Filesize
1KB

MD5
a387b65159c9887265babdef9ca8dae5

SHA1
7913274c2f73bafcf888f09ff60990b100214ede

SHA256
712036aa1951427d42e3e190e714f420ca8c2dd97ef01fcd0675ee54b920db46

SHA512
359d9b57215855f6794e47026c06036b93710998205d0817c6e602b2a24daeb92537c388f129407461fc60180198f02a236aeb349a17430ed7ac85a1e5f71350

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\PYCC.pf

Filesize
268KB

MD5
24b9dee2469f9cc8ec39d5bdb3901500

SHA1
4f7eed05b8f0eea7bcdc8f8f7aaeb1925ce7b144

SHA256
48122294b5c08c69b7fe1db28904969dcb6edc9aa5076e3f8768bf48b76204d0

SHA512
d23ce2623de400216d249602486f21f66398b75196e80e447143d058a07438919a78ae0ed2ddf8e80d20bd70a635d51c9fb300e9f08a4751e00cd21883b88693

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\cmm\sRGB.pf

Filesize
3KB

MD5
1d3fda2edb4a89ab60a23c5f7c7d81dd

SHA1
9eaea0911d89d63e39e95f2e2116eaec7e0bb91e

SHA256
2b3aa1645779a9e634744faf9b01e9102b0c9b88fd6deced7934df86b949af7e

SHA512
16aae81acf757036634b40fb8b638d3eba89a0906c7f95bd915bc3579e3be38c7549ee4cd3f344ef0a17834ff041f875b9370230042d20b377c562952c47509b

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\content-types.properties

Filesize
5KB

MD5
95ae170d90764b3f5e68c72e8c518ddc

SHA1
1939b699d16a5db3e3f905466222099d7c29285a

SHA256
a2b31e9cbceab296a5e1cf056efd953ced23b888cd929b0bbe6eb6b53d2bf861

SHA512
87e970beac8141c757d622fc8b6d84fe173ea4b134afd8e2f979714c1110c3d92f3ce5f2b9dc74804dd37d13ab2a0edf0fca242f61cf8ed065ae81b7331f8816

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages.properties

Filesize
2KB

MD5
2eb9117d147baa0578e4000da9b29e12

SHA1
3d297ecf3d280d4aa3d1423e885994495243f326

SHA256
b8d9c69ff7f4832a9b365d4a43cf66dff9847051752b13eedf024caa9c1ef46b

SHA512
c3f7730767941b3c8f6f53d4686e9f898d1907d978f6d1fa35ba02c3fcd8306335406a5f9abaa844f27f7afd9e548810becb9ec3e6b84888ea5eac57b6ed6fdb

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_de.properties

Filesize
3KB

MD5
ff9cfee1acfcd927253a6e35673f1bb7

SHA1
957e6609a1af6d06a45a6f7b278be7625807b909

SHA256
e130fbd5fa378a380f46f42981f2c97bc152059c27120204ab4da47079d31513

SHA512
f42601092436d7af30ccd81126185232d9d643b195d3d4619aec451e3e2a60e33e6378e770dd1a4cdf7ab20cb749371665a992ca73d2842a7102f3fb34b6b9eb

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_es.properties

Filesize
3KB

MD5
72bdae07c5d619e5849a97acc6a1090f

SHA1
9fc8a7a29658ac23a30ab9d655117bb79d08dc3b

SHA256
821a3452ecb9f29bcec16c0b39fb668c2cc30c7f7283b34bfc5400040723892b

SHA512
67f0d1d60012b5598864b68612aa488af1b5876ff5f347cd98abcf1e3c0d267cf0354d5085bf12b0a09c6ef124fd0117cd16fcc032da2b195d45bab19740bb78

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_fr.properties

Filesize
3KB

MD5
ffe3cc16616314296c3262b0a0e093cd

SHA1
198dd1c6e6707c10ae74a1c42e8a91c429598f3b

SHA256
3941736bef6a8e53d002b6b67ece4793c2f3f34bcc1ecb271684eb3f73fc4103

SHA512
cd3a9329f405ca14e11cdbb74d467b31a31530cbf00537b16fb23aebc6c07eb268e9624fdbc997aa0cf4852dac288e1d011e2fc392d71e25dbdf52e359ba9d4e

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_it.properties

Filesize
3KB

MD5
bf5e5310b2dcf8e8b3697b358ad4446d

SHA1
c746ac1f46f607fa8f971bea2b6853746a4fb28d

SHA256
cc9ad73957535011ee2376c23de2c2597f877aceba9173e822ee79aad3c4e9e6

SHA512
b6c61d38b0acc427b9b2f4c19dabd7eacbe8eea6b973fd31b3555c4c5b3ffaf1ca036b730359346f57223b44cce79e04a6d06bbc13c6f7dd26ed463776bb6dcc

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_ja.properties

Filesize
6KB

MD5
d830fc76bdd1975010ece4c5369dadf8

SHA1
d8cc3f54325142efa740026e2bc623afe6f3acb5

SHA256
11e886336ba51a9044ab1a87c60ceee34c29bb724e06a16968d31531a7001064

SHA512
7b867a50a811fbd7ffdad0b729ca4501e16386ee5c4940a4cf9a805767cc0d10f7e3bdfd6a60204d79292d778d93e3bd915368ac0e9453bbb1010adfd9655f0f

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\messages_zh_CN.properties

Filesize
4KB

MD5
823d1f655440c3912dd1f965a23363fc

SHA1
50b941a38b9c5f565f893e1e0824f7619f51185c

SHA256
86663ded105b77261c0556468a93bc8666a094b918299a61af0a8e30f42019c7

SHA512
1ebf989d2121cf05ffc912b9b228c4d4523763eb1a689ec74568d811c88dcf11032ffc8007bb24daf7d079b580662b77d94b4b8d71a2e891ef27979ff32cd727

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\splash.gif

Filesize
8KB

MD5
249053609eaf5b17ddd42149fc24c469

SHA1
20e7aec75f6d036d504277542e507eb7dc24aae8

SHA256
113b01304ebbf3cc729a5ca3452dda2093bd8b3ddc2ba29e5e1c1605661f90be

SHA512
9c04a20e2fa70e4bcfac729e366a0802f6f5167ea49475c2157c8e2741c4e4b8452d14c75f67906359c12f1514f9fb7e9af8e736392ac8434f0a5811f7dde0cb

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\deploy\[email protected]

Filesize
14KB

MD5
cb81fed291361d1dd745202659857b1b

SHA1
0ae4a5bda2a6d628fac51462390b503c99509fdc

SHA256
9dd5ccd6bdfdaad38f7d05a14661108e629fdd207fc7776268b566f7941e1435

SHA512
4a383107ac2d642f4eb63ee7e7e85a8e2f63c67b41ca55ebae56b52cecfe8a301aaf14e6536553cbc3651519db5c10fc66588c84c9840d496f5ae980ef2ed2b9

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\ext\meta-index

Filesize
1KB

MD5
005faac2118450bfcd46ae414da5f0e5

SHA1
9f5c887e0505e1bb06bd1fc7975a3219709d061d

SHA256
f0bce718f8d2b38247ce0ac814a1470c826602f4251d86369c2359ff60676bd8

SHA512
8b618c74b359ab3c9d3c8a4864f8e48fe4054514a396352a829a84c9b843a2028c6c31eb53e857e03c803294e05f69c5bf586e261312264e7607b2efd14f78a9

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\flavormap.properties

Filesize
3KB

MD5
b0ce9f297d3fec6325c0c784072908f1

SHA1
dd778a0e5417b9b97187215ffc66d4c14f95fef0

SHA256
6da00c1cbe02909dcd6a75da51d25dbf49bfd1d779c0b8e57b12e757229fc4a8

SHA512
4c774bcb9ade996569c86dd46b3bdb046771ad1bcf9aabb9db86854c83e18015cbe5df73da86ee98e26ba0393f548b1cc09de60bda4248eacc4fc833e23b8ab4

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightDemiBold.ttf

Filesize
73KB

MD5
af0c5c24ef340aea5ccac002177e5c09

SHA1
b5c97f985639e19a3b712193ee48b55dda581fd1

SHA256
72cee3e6df72ad577af49c59dca2d0541060f95a881845950595e5614c486244

SHA512
6ce87441e223543394b7242ac0cb63505888b503ec071bbf7db857b5c935b855719b818090305e17c1197de882ccc90612fb1e0a0e5d2731f264c663eb8da3f9

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightDemiItalic.ttf

Filesize
73KB

MD5
793ae1ab32085c8de36541bb6b30da7c

SHA1
1fd1f757febf3e5f5fbb7fbf7a56587a40d57de7

SHA256
895c5262cdb6297c13725515f849ed70609dbd7c49974a382e8bbfe4a3d75f8c

SHA512
a92addd0163f6d81c3aeabd63ff5c293e71a323f4aedfb404f6f1cde7f84c2a995a30dfec84a9caf8ffaf8e274edd0d7822e6aabb2b0608696a360cabfc866c6

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightItalic.ttf

Filesize
78KB

MD5
4d666869c97cdb9e1381a393ffe50a3a

SHA1
aa5c037865c563726ecd63d61ca26443589be425

SHA256
d68819a70b60ff68ca945ef5ad358c31829e43ec25024a99d17174c626575e06

SHA512
1d1f61e371e4a667c90c2ce315024ae6168e47fe8a5c02244dbf3df26e8ac79f2355ac7e36d4a81d82c52149197892daed1b4c19241575256bb4541f8b126ae2

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaBrightRegular.ttf

Filesize
336KB

MD5
630a6fa16c414f3de6110e46717aad53

SHA1
5d7ed564791c900a8786936930ba99385653139c

SHA256
0faaaca3c730857d3e50fba1bbad4ca2330add217b35e22b7e67f02809fac923

SHA512
0b7cde0face982b5867aebfb92918404adac7fb351a9d47dcd9fe86c441caca4dd4ec22e36b61025092220c0a8730d292da31e9cafd7808c56cdbf34ecd05035

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaSansDemiBold.ttf

Filesize
310KB

MD5
5dd099908b722236aa0c0047c56e5af2

SHA1
92b79fefc35e96190250c602a8fed85276b32a95

SHA256
53773357d739f89bc10087ab2a829ba057649784a9acbffee18a488b2dccb9ee

SHA512
440534eb2076004bea66cf9ac2ce2b37c10fbf5cc5e0dd8b8a8edea25e3613ce8a59ffcb2500f60528bbf871ff37f1d0a3c60396bc740ccdb4324177c38be97a

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaSansRegular.ttf

Filesize
681KB

MD5
b75309b925371b38997df1b25c1ea508

SHA1
39cc8bcb8d4a71d4657fc92ef0b9f4e3e9e67add

SHA256
f8d877b0b64600e736dfe436753e8e11acb022e59b5d7723d7d221d81dc2fcde

SHA512
9c792ef3116833c90103f27cfd26a175ab1eb11286959f77062893a2e15de44d79b27e5c47694cbba734cc05a9a5befa72e991c7d60eab1495aac14c5cad901d

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaTypewriterBold.ttf

Filesize
228KB

MD5
a0c96aa334f1aeaa799773db3e6cba9c

SHA1
a5da2eb49448f461470387c939f0e69119310e0b

SHA256
fc908259013b90f1cbc597a510c6dd7855bf9e7830abe3fc3612ab4092edcde2

SHA512
a43cf773a42b4cebf4170a6c94060ea2602d2d7fa7f6500f69758a20dc5cc3ed1793c7ceb9b44ce8640721ca919d2ef7f9568c5af58ba6e3cf88eae19a95e796

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\fonts\LucidaTypewriterRegular.ttf

Filesize
237KB

MD5
c1397e8d6e6abcd727c71fca2132e218

SHA1
c144dcafe4faf2e79cfd74d8134a631f30234db1

SHA256
d9d0aab0354c3856df81afac49bdc586e930a77428cb499007dde99ed31152ff

SHA512
da70826793c7023e61f272d37e2cc2983449f26926746605c550e9d614acbf618f73d03d0c6351b9537703b05007cd822e42e6dc74423cb5cc736b31458d33b1

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\hijrah-config-umalqura.properties

Filesize
13KB

MD5
6e378235fb49f30c9580686ba8a787aa

SHA1
2fc76d9d615a35244133fc01ab7381ba49b0b149

SHA256
b4a0c0a98624c48a801d8ea071ec4a3d582826ac9637478814591bc6ea259d4a

SHA512
58558a1f8d9d3d6f0e21b1269313fd6ac9a80a93cc093a5e8cdec495855fcd2fc95a6b54fe59e714e89d9274654bb9c1cd887b3fb9d4b9d9c50e5c5983c571b8

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\cursors.properties

Filesize
1KB

MD5
01b94c63bd5e6d094e84ff3ad640ffbf

SHA1
5570f355456250b1ec902375b0257584db2360ae

SHA256
52845deb58038b4375c30b75dd2053726872758c96597c7cc5d6cef11f42a2ba

SHA512
816be2271cf3ecf10ee40e24a288ce302b2810010bef76efc0ce5746591955921b70f19005335f485d61a7b216dcce0b06750831720dd426d07709154d5fac7a

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_CopyDrop32x32.gif

Filesize
165B

MD5
89cdf623e11aaf0407328fd3ada32c07

SHA1
ae813939f9a52e7b59927f531ce8757636ff8082

SHA256
13c783acd580df27207dabccb10b3f0c14674560a23943ac7233df7f72d4e49d

SHA512
2a35311d7db5466697d7284de75babee9bd0f0e2b20543332fcb6813f06debf2457a9c0cf569449c37f371bfeb0d81fb0d219e82b9a77acc6bafa07499eac2f7

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_LinkDrop32x32.gif

Filesize
168B

MD5
694a59efde0648f49fa448a46c4d8948

SHA1
4b3843cbd4f112a90d112a37957684c843d68e83

SHA256
485cbe5c5144cfcd13cc6d701cdab96e4a6f8660cbc70a0a58f1b7916be64198

SHA512
cf2dfd500af64b63cc080151bc5b9de59edb99f0e31676056cf1afbc9d6e2e5af18dc40e393e043bbbbcb26f42d425af71cce6d283e838e67e61d826ed6ecd27

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\images\cursors\win32_MoveDrop32x32.gif

Filesize
147B

MD5
cc8dd9ab7ddf6efa2f3b8bcfa31115c0

SHA1
1333f489ac0506d7dc98656a515feeb6e87e27f9

SHA256
12cfce05229dba939ce13375d65ca7d303ce87851ae15539c02f11d1dc824338

SHA512
9857b329acd0db45ea8c16e945b4cfa6df9445a1ef457e4b8b40740720e8c658301fc3ab8bdd242b7697a65ae1436fd444f1968bd29da6a89725cdde1de387b8

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jfr\default.jfc

Filesize
19KB

MD5
23aa3364d2ad1a2fc01fe9632b3b657e

SHA1
aa73c9d419da1237450d85a8c14fe8473fc96a0d

SHA256
dc59d905640c4931f45b14d24a08757a3108597a07eaefc5317c52681797139d

SHA512
d882bcbc7eb8372758467c211c6b1d00ce76ecb3579bd6682ec84d63472b9164a9c9ba27d6b88e779c726d90c8c7bc364ccbe37dfd514c638f24fa79d6478e31

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jfr\profile.jfc

Filesize
19KB

MD5
4350cbf99dca8cfcd1075fbbe2ff6c60

SHA1
37e6c871457dc5691a692c9577877d6846e43c6e

SHA256
9bcd76b6dca5ea258edaddd2cfdd0dd93e66e4d9352eda6752c82e0e87be5408

SHA512
1d397c2881de8aa8e77a503a83b7025010c953c8b56a2d8f7b53cee7b7d68451ce0527ecb775df52ecd1d5cf7912b67dc1186ce6a0990ac2d0fe3519321678e3

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\jvm.hprof.txt

Filesize
4KB

MD5
ad91d69a4129d31d72fbe288ff967943

SHA1
cb510afcdbecea3538c3f841c0440194573dbb65

SHA256
235a50d958faedde808d071705a6d603f97611f568eec40d7444984b984a4b18

SHA512
600bee4676d26e2ce5b9171582540021509a4d7888c9c7badc14f0fad07007e4ce2b4c007a8eb15bd0d977722b8b34442012ea972ffbd72797475a56cdfd86ee

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\logging.properties

Filesize
2KB

MD5
0aa5d5efdb4f2b92bebbeb4160aa808b

SHA1
c6f1b311a4d0790af8c16c1ca9599d043ba99e90

SHA256
a3148336160ea7ef451052d1f435f7c9d96eeb738105ac730358edada5bd45a2

SHA512
a52c2b784cf0b01a2af3066f4bb8e7fd890a86cfd82359a22266341942a25333d4c63ba2c02aa43ade872357fc9c8bbc60d311b2af2ad2634d60377a2294afdd

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\jmxremote.access

Filesize
3KB

MD5
41b36d832be39a3cf0f3d7760e55fdcb

SHA1
e706e9be75604a13dfcc5a96b1720a544d76348b

SHA256
71a930cbe577cbabb4269650c98d227f739e0d4b9c0b44830dd3d52f5015be1f

SHA512
41e6b8639c1ceb3d09d2fdeeeba89ffa17c4ed8b1ad0df1e5ab46c4bf178688d5504dc5a3c854226f7da23dfa0edab0d035d6b56495829f43aaa2a7babec4273

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\jmxremote.password.template

Filesize
2KB

MD5
5dd28aaf5a06c946df7b223f33482fdf

SHA1
d09118d402ca3ba625b165ecace863466d7f4ce9

SHA256
24674176a4c0e5eefb9285691764ea06585d90bbdaf5bf40c4220de7ca3e3175

SHA512
13c6f37e969a5aece2b2f938fa8ebf6a72c0c173678a026e77c35871e4ae89404585fb1a3516ae2ca336fc47eab1f3dd2009123adba9c437cd76ba654401cbdf

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\management.properties

Filesize
14KB

MD5
054e093240388f0322604619ef643f18

SHA1
6e110c2a5d813013e9c57700be8b0d17896e950c

SHA256
bf41d73eab0da8222fe24255e1bbf68327fb02b1a4f1e7a81b9c7b539033ffb2

SHA512
bd60c6271cdeffff4563e6e2cf97c176d86f160092d1ffcbe7eefe714ba75ddc5fb4e848a5fdbe7a1d1510720d92af6a176a76de2cc599f27e4beae8e692c5d3

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\management\snmp.acl.template

Filesize
3KB

MD5
9d9ec1bb9e357bbfb72b077e4af5f63f

SHA1
6484b03dbe9687216429d3a6f916773c060e15ce

SHA256
8b02a29bc61b0f7203df7ca94140f80d2c6a1138064e0441dfd621cf243a0339

SHA512
5fe39bbfca806ce45871a6223d80fa731efaa5d31c3b97ee055ab77eaf3833342945f39e9858335d9dd358b4b7f984ffade741452e19b60b8e510aa74ac02c00

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\meta-index

Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\psfont.properties.ja

Filesize
2KB

MD5
a38587427e422d55b012fa3e5c9436d2

SHA1
7bd1b81b39da78124be045507e0681e860921dbb

SHA256
d2c47de948033ed836b375ccd518cf55333fe11c4ced56bc1ce2ff62114cf546

SHA512
ea6ca975e9308ed2b3bbcce91ee61142dab0067ce8f17cb469929f6136e6b4a968bac838141d8b38866f9ef5e15e156400859cccc84fb114214e19556f0dc636

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\psfontj2d.properties

Filesize
10KB

MD5
66b3e6770c291fe8cd3240ffbb00dc47

SHA1
88ce9d723a2d4a07fd2032a8b4a742fe323eec8f

SHA256
7ea6e05d3b8b51d03c3d6548e709c220541df0f1aee2e69b9101c9f051f7c17a

SHA512
d1b99aa011568affa415758c986b427588ae87fe5eb7fc52d519f7167ad46bbff8b62799f14d8dbc7c55deb6ff7259445d6e8882cc781d61206ed1b79b688745

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\US_export_policy.jar

Filesize
2KB

MD5
ee4ed9c75a1aaa04dfd192382c57900c

SHA1
7d69ea3b385bc067738520f1b5c549e1084be285

SHA256
90012f900cf749a0e52a0775966ef575d390ad46388c49d512838983a554a870

SHA512
eae6a23d2fd7002a55465844e662d7a5e3ed5a6a8baf7317897e59a92a4b806dd26f2a19b7c05984745050b4fe3ffa30646a19c0f08451440e415f958204137c

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\blacklist

Filesize
4KB

MD5
3f5dc1d941e8356ccd04454ac0a7a7d2

SHA1
3698f9afd870c7959e2d8a0da0a97b4475554831

SHA256
c48d57d64ed98f8f174a4f6873f536ae03b41a63f67079d7c2f7140950a1c02e

SHA512
65319a4ef150884f7e67c6f96085a996c9b32dcf9a539c4eb7af77b1b46cdd90f1e83446f33da14467ea37d0628c9411323f5c3d3cefcf03cbdfa186eeb2bd3c

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\java.policy

Filesize
2KB

MD5
ec90fd04c2890584a16eb24664050c2a

SHA1
c7fe062eac95909ec6a5ea93f42dda5e023ad82c

SHA256
ced51e3926e6b0cfec8ecab3b15d296fdcfae4d32046224814aaab5fd0fed9c0

SHA512
8da494925b3b5aae69a30a8b5f9732e64edbae39c968229d112185e349c410a0f5d1b281a4e44718e0120e910820b15ca878b2ed1cf905dfc6595f1ba34b85d3

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\java.security

Filesize
23KB

MD5
b7aba3dfea0468195be1256c959135e6

SHA1
8c30082493935efda5ba54489d8605199c976b29

SHA256
c50c923c2b0dc5a3c598671be2cd980f7f06e7254cce04a1fe498f6e17fce3ec

SHA512
c91e110a3f3fc74596d22ee9f59bfa952be75b1b87fdb0e7ca8f188671c8e1d22bf02bc0c0b9f1321ad4df0c8c8db6f660efbba513888686b5ba9f86d7c30b7d

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\javaws.policy

Filesize
103B

MD5
e0c4ef8b210c0ddfee01126e1aca4280

SHA1
f1cc674f447045d668454996d5c3c188884762cd

SHA256
e5cd7f9fd43084674aa749bc8301f28de85eef6d01bd78828f72fa32377a3368

SHA512
4820074f15520ad099193b27a673499c31544a7279279efcb6131d53fe997438a96e1c5b386c233385004f7a2fbb775d4cde3c0272a196b54c0d8ee6ccef43df

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\security\local_policy.jar

Filesize
3KB

MD5
57aaaa3176dc28fc554ef0906d01041a

SHA1
238b8826e110f58acb2e1959773b0a577cd4d569

SHA256
b8becc3ef2e7ff7d2165dd1a4e13b9c59fd626f20a26af9a32277c1f4b5d5bc7

SHA512
8704b5e3665f28d1a0bc2a063f4bc07ba3c7cd8611e06c0d636a91d5ea55f63e85c6d2ad49e5d8ece267d43ca3800b3cd09cf369841c94d30692eb715bb0098e

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\sound.properties

Filesize
1KB

MD5
bb63293b1207cb8608c5fbe089a1b06d

SHA1
96a0fa723af939c22ae25b164771319d82bc033b

SHA256
633015ad63728dfe7a51bf26e55b766dd3e935f1fcccffa8054bf6e158ea89b2

SHA512
0042debe4a77da997a75a294a0c48d19aed258eeb3cd723fd305037df11f0a5073a92cc54967b8b541e1afc912f36481d0b0f68477b8156e52e15093722b7c32

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Data\jre1.8.0_51\lib\tzmappings

Filesize
8KB

MD5
b8dd8953b143685b5e91abeb13ff24f0

SHA1
b5ceb39061fce39bb9d7a0176049a6e2600c419c

SHA256
3d49b3f2761c70f15057da48abe35a59b43d91fa4922be137c0022851b1ca272

SHA512
c9cd0eb1ba203c170f8196cbab1aaa067bcc86f2e52d0baf979aad370edf9f773e19f430777a5a1c66efe1ec3046f9bc82165acce3e3d1b8ae5879bd92f09c90

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_1

Filesize
264KB

MD5
734c8f0a89108d6e65de6b3f4a4b77d6

SHA1
0f2173f547f454d2a6489bd584a29e7f7210ce29

SHA256
4b26ea57cbc8b80ce5032195b79d932431b5758bcb291aed89fccb15ea847e0f

SHA512
574b095d5d0d1e946f44b0110106cfcce5372f8f97660c6154c8d60234e054fd56a07ba09d49bd7d4db32ded1d941638d742ce766fcb5f38569947208583ca74

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json

Filesize
1KB

MD5
62d5d73ee869a0a2654d8fd554aaf742

SHA1
be1d557c26633ffd5edcb5caf37b2a09f47c6667

SHA256
9ef970b76a91f607002afb164aa7f01d85e20290cf242e4adafb7f6026900b59

SHA512
8706794249e1bd7fcaa3e7e25c0b976a069b02abc877a0fdf9fce408a12b4aa5c151e5e3f75fc81185f8fef84a0b9c5a908b84f60102ac9aa03aec908a094550

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\config.json

Filesize
1KB

MD5
d2da35e826a1e6af049f99048b4fb6ec

SHA1
ad261dccdbf7c44cdcc00a24bcd1bb4fa95da29e

SHA256
21eaa56d4ca1308f21bb534c446d5b0e56410efe28d08fd8780b75a02222d227

SHA512
d85f391144bc05992ab86569e03fe12bedee427e2b1ed7be4eb55a3a428e6bca118b23e9c567fc381b6329f60e67413cb35a06126c268b2063b8fa0d89d95162

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
1KB

MD5
867d3ec5dbf777b230442e8504ca5699

SHA1
9314c2fb8e11ab65a05f53bb21b6f80ba3e78ecb

SHA256
1797ff7269ec954c209d19a7b0ef46c71c5dfab9bb4d0ce298b8787e4f38548c

SHA512
32e1c1266ccad047dedbfa3d340da0270b6d85d93eaadce6bc2163a191b3064481f1570cbb8066dc450bf91c700caf6e12fc51c8de6378c58665e06e3c51bdd6

Download Submit
C:\Users\Admin\AppData\Roaming\Badlion Client\logs\main.log

Filesize
5KB

MD5
c1174a4c68aa8d3e9b32439950a11937

SHA1
87624e4959f611fe16550ae172e3ff8ce1c98636

SHA256
7431dbbf4c20e7aa441427a1b99535fe66c3589ed903a9833fb21ffd0b2a6ffa

SHA512
93f2ce8fee33e17914fab4a294c42613e00db9bbbb75fd2d99c9234e79249cd52f38f168930a47e1fdbf438c393eeb8ce7b66a20b577b088efe6ef81bfeac719

Download Submit
C:\Users\Admin\AppData\Roaming\d877947c-5645-465e-a9b5-22c03f399fe4.tmp

Filesize
363B

MD5
536e95fdb6c365bd265c43c0cc07c421

SHA1
f02d2e78aff83a59b719de84be2a92992799305d

SHA256
c2824e65a107ec503558cd0bc8498c403c484b4f351fadb554d15ad0fb07fca9

SHA512
1a0b117e95c917b92cee3a3975f92c96d7abdd595794d7961aefbce791a88d1df1b56100143bde73929b1e3a7986fda869f3b6658dd2c5d356c3751ba32824e1

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
977B

MD5
53316bc0c42b9d65743709021f1d03c7

SHA1
44cfe377bf7fedee2ce8f888cfacefd283e924e6

SHA256
600d914eb6b9ffb387be5b7300ca138192a4e86c4679c9bff36bcf0364e74b36

SHA512
9b390f6d7955413c8d63d02dff6988442cf78bbfb72e12f7deab56b190c1a7f455c5af3344ee5a1f7477d383c24e567af4fb7639ab6d9f014935418bf1cf00f6

Download Submit
memory/2008-390-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2008-443-0x00000000778A0000-0x00000000778A1000-memory.dmp

Filesize
4KB

Download
memory/2772-125-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/2772-777-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download